Workload Identity function #3521
Labels
area/porch
enhancement
New feature or request
triaged
Issue has been triaged by adding an `area/` label
Comments
|
Actually it seems this is not what the operator does; rather it handles only the GCP side of the binding. So this raises the priority of this issue. |
mortent
added
triaged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We now have an operator for annotating a KSA for Workload Identity (#3456). This is helpful when the KSA lives in the Porch cluster. But it's not helpful for KSAs that are in the workload clusters that do not have Porch running.
Some examples:
I think we just need a function to do this. At least, that is true in the case of a 1:1 relationship between the deployment repository and the workload cluster. Or maybe more accurately, it is true if the project-id of all clusters reading from a given deployment repository is the same. See #3456 (comment) for a little more context.
The text was updated successfully, but these errors were encountered: