How to specify Google service account in Kubernetes pod

Question

I am deploying a Spring Boot application inside a Kubernetes pod on Google Cloud Platform.

I don't want to use the Compute Engine default service account in our pod.

How and where can we specify a Google service account for our pod?

score 1 · Answer 1 · answered Jun 28 '19 at 02:20

Harold's suggestion to configure service account credentials in the pod as a secret is good and has been the recommended method for quite a while now. However, Google recently introduced Workload Identity which allows you to link a k8s service account with a GCP IAM service account, you can then have your pod run with said k8s service account and use the IAM permissions that go with it

score 0 · Answer 2 · edited Jul 02 '19 at 07:42

0

Assuming that you already have a Role and RoleBinding referring to your service account, all you need to do is to create a context with apropriate service account as described here

And then you just switch to this context

kubectl config use-context default-context

For more details on how to manage contexts check the documentation

edited Jul 02 '19 at 07:42

marc_s

732,580
175
1,330
1,459

answered Jun 26 '19 at 13:24

A_Suh

3,727
6
22

score 0 · Accepted Answer · answered Jun 26 '19 at 15:52

0

This guide https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#step_5_configure_the_application_with_the_secret helped me in setting the service account.

answered Jun 26 '19 at 15:52

Harold L. Brown

8,423
11
57
109

How to specify Google service account in Kubernetes pod

3 Answers3