Harold L. Brown
Harold L. Brown

Reputation: 9986

How to specify Google service account in Kubernetes pod

I am deploying a Spring Boot application inside a Kubernetes pod on Google Cloud Platform.

I don't want to use the Compute Engine default service account in our pod.

How and where can we specify a Google service account for our pod?

Upvotes: 0

Views: 1617

Answers (3)

A_Suh
A_Suh

Reputation: 3956

Assuming that you already have a Role and RoleBinding referring to your service account, all you need to do is to create a context with apropriate service account as described here

And then you just switch to this context

kubectl config use-context default-context

For more details on how to manage contexts check the documentation

Upvotes: 0

Patrick W
Patrick W

Reputation: 4909

Harold's suggestion to configure service account credentials in the pod as a secret is good and has been the recommended method for quite a while now. However, Google recently introduced Workload Identity which allows you to link a k8s service account with a GCP IAM service account, you can then have your pod run with said k8s service account and use the IAM permissions that go with it

Upvotes: 1

Related Questions