From 1167815a8edc964c5229905dc64b64e7b84ea608 Mon Sep 17 00:00:00 2001 From: Rover van der Noort Date: Thu, 19 Sep 2024 10:47:30 +0200 Subject: [PATCH] update README GKE Workload Identity instructions to be more accurate and include the last step of annotating the k8s sa Signed-off-by: Rover van der Noort --- README.md | 12 ++++++++++-- changelogs/unreleased/195-rvandernoort | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/195-rvandernoort diff --git a/README.md b/README.md index f505bd6..7ccba55 100644 --- a/README.md +++ b/README.md @@ -199,8 +199,16 @@ Namespace is already created in step 1 above. ```bash gcloud iam service-accounts add-iam-policy-binding \ --role roles/iam.workloadIdentityUser \ - --member "serviceAccount:[$PROJECT_ID].svc.id.goog[$NAMESPACE/$KSA_NAME]" \ - [$GSA_NAME]@[$PROJECT_ID].iam.gserviceaccount.com + --member "serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$KSA_NAME]" \ + $GSA_NAME@$PROJECT_ID.iam.gserviceaccount.com + ``` + +4. Add annotation to Kubernetes Service Account + + ```bash + kubectl annotate serviceaccount $KSA_NAME \ + --namespace $NAMESPACE \ + iam.gke.io/gcp-service-account=$GSA_NAME@$PROJECT_ID.iam.gserviceaccount.com ``` In this case: diff --git a/changelogs/unreleased/195-rvandernoort b/changelogs/unreleased/195-rvandernoort new file mode 100644 index 0000000..d93ff64 --- /dev/null +++ b/changelogs/unreleased/195-rvandernoort @@ -0,0 +1 @@ +update README GKE Workload Identity instructions \ No newline at end of file