Authenticate as Google Service Account #31
Comments
|
I think dexter will not help you in this situation as OIDC is not involved here. I'm not really an expert on GCP so I will need to do more research to help you. Are you trying to access the API (with kubectl) from a pod running in kubernetes or from a VM? If you run in k8s you could just use a k8s serviceaccount and it should work our of the box if RBAC is setup correctly. |
|
Anything else I can help you with? |
|
Thanks for getting back to me! I couldn't see anything in the docs about it so I assumed it wasn't supported. I was just wondering as when I run the following commands, I get an OpenID connect token so I wasn't sure if it was possible to implement somehow? |
|
Thank you for the update. From the top of my head I don't think this is a use-case for dexter. The classic OpenID flow doesn't really match the GCP service account usecase. There's no login from a real user, no callback, ... Sorry |
|
Cool, thanks for letting me know! |
I've created a service account in the Google cloud console and am struggling to find out how to authenticate as that service account via kubectl. The idea is that our deployment server should be able to execute
kubectl set image deployment ...against the cluster but to do that, it needs to authenticate. It makes more sense to use a service account as opposed to a normal IAM user account in this situation.Is this possible using
dexter? If not, does anyone know of an example I can look at for how to achieve this?The text was updated successfully, but these errors were encountered: