How to specify Google service account in Kubernetes pod

6/26/2019

I am deploying a Spring Boot application inside a Kubernetes pod on Google Cloud Platform.

I don't want to use the Compute Engine default service account in our pod.

How and where can we specify a Google service account for our pod?

-- Harold L. Brown
google-cloud-platform
google-kubernetes-engine
kubernetes
kubernetes-pod

3 Answers

6/26/2019

Assuming that you already have a Role and RoleBinding referring to your service account, all you need to do is to create a context with apropriate service account as described here

And then you just switch to this context

kubectl config use-context default-context

For more details on how to manage contexts check the documentation

-- A_Suh
Source: StackOverflow

6/26/2019
-- Harold L. Brown
Source: StackOverflow

6/28/2019

Harold's suggestion to configure service account credentials in the pod as a secret is good and has been the recommended method for quite a while now. However, Google recently introduced Workload Identity which allows you to link a k8s service account with a GCP IAM service account, you can then have your pod run with said k8s service account and use the IAM permissions that go with it

-- Patrick W
Source: StackOverflow