chore: Update README to prevent KSA misconfiguration (#1143)

* Update README to prevent KSA misconfiguration

Update the documentation of the workload identity module to address issue #1065

* Update workload identity variables definition

modules/workload-identity/README.md

@@ -100,7 +100,7 @@ already bear the `"iam.gke.io/gcp-service-account"` annotation.
 | cluster\_name | Cluster name. Required if using existing KSA. | `string` | `""` | no |
 | gcp\_sa\_name | Name for the Google service account; overrides `var.name`. | `string` | `null` | no |
 | impersonate\_service\_account | An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials. | `string` | `""` | no |
-| k8s\_sa\_name | Name for the Kubernetes service account; overrides `var.name`. | `string` | `null` | no |
+| k8s\_sa\_name | Name for the Kubernetes service account; overrides `var.name`. `cluster_name` and `location` must be set when this input is specified. | `string` | `null` | no |
 | location | Cluster location (region if regional cluster, zone if zonal cluster). Required if using existing KSA. | `string` | `""` | no |
 | name | Name for both service accounts. The GCP SA will be truncated to the first 30 chars if necessary. | `string` | n/a | yes |
 | namespace | Namespace for the Kubernetes service account | `string` | `"default"` | no |

modules/workload-identity/variables.tf

@@ -49,7 +49,7 @@ variable "location" {
 }
 
 variable "k8s_sa_name" {
-  description = "Name for the Kubernetes service account; overrides `var.name`."
+  description = "Name for the Kubernetes service account; overrides `var.name`. `cluster_name` and `location` must be set when this input is specified."
   type        = string
   default     = null
 }