-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Google Cloud Platform: Workload Identity service account binding #4765
Comments
Hello, Here is a suggestion for the binding :
This actually fit for the need. Am I right ? @tisc0 ;) |
You could also take a look at this module which handles things: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/workload-identity |
…or (hashicorp#4765) * add transform error function for security policy assocaition read error * beta only * move package line out Signed-off-by: Modular Magician <magic-modules@google.com>
Based on https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/workload-identity?rgh-link-date=2020-05-12T20%3A21%3A05Z it looks like there aren't any provider-level changes required to support this. Closing. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
Hi,
Actually, Terraform propose already (thanks #3790 I guess) :
https://www.terraform.io/docs/providers/google/r/container_cluster.html#workload_identity_config
What's missing is bilateral binding between Kube's Service Accounts and GCP IAM Service Accounts.
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
This would give a complete and industrialized use of Workload Identity, which provides a secure and elegant implementation for Service Accounts to:
In other words, Terraform's module could permit [in a single block ?] to:
New or Affected Resource(s)
Could be:
Potential Terraform Configuration
References
Thanks !
The text was updated successfully, but these errors were encountered: