How do I annotate the service accounts for workload id?
red8888 opened this issue · 1 comments
red8888 commented
In order to use workload id I need to annotate the k8s service account like this:
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: workload-identity@{project}.iam.gserviceaccount.com
I don't generate json keys for my workloads I use workload id.
How can I annotate the right ServiceAccount to hook them up to a google service account?
I also see lots of service accounts: https://github.com/search?q=repo%3Aacryldata%2Fdatahub-helm%20kind%3A%20serviceaccount&type=code
Which one do I annotate to give the big query connector access?
red8888 commented
The chart does let me do this:
I'll close this issue, the real question is if they hard coded the app to demand json keys.