What is workload identity in GKE?
GKE access control consists of two separate identity pieces - Cloud Identity (Cloud IAM) and Native Kubernetes IAM (Kube Identity)
Each of these (Cloud IAM and Kube RBAC) - have the notion of a service account. These are used for different purposes .
What is workload Identity?
To tie these two distinct service accounts together, we need yet another identity. This is the Workload Identity.
Appendix- Cloud IAM Roles for GKE -> GKE Viewer, GKE admin, GKE developer , GKE cluster admin - no access to nodes within the clusters
Leave a Reply