Using Workload Identity to access Google Cloud Pub/Sub from Google Kubernetes Engine

https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity
https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity
  • Pub/Sub
  • Kubernetes Engine
  • IAM
kubectl create serviceaccount pub-sub-publisher-k8s
gcloud iam service-accounts add-iam-policy-binding pub-sub-publisher@rational-terra-336303.iam.gserviceaccount.com \
--role roles/iam.workloadIdentityUser \
--member "serviceAccount:rational-terra-336303.svc.id.goog[default/pub-sub-publisher-k8s]"
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
kubectl annotate serviceaccount pub-sub-publisher-k8s \
--namespace default \
iam.gke.io/gcp-service-account=pub-sub-publisher@rational-terra-336303.iam.gserviceaccount.com
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
kubectl apply -f deployment.yaml
curl http://34.87.245.6:5050/publishResult:
Message 3902383287545125 published

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to import existing AWS resources into CDK stack

Solution to OST2 Binary Bomb Lab.

Ever since I was a little boy, I have only ever wanted to be a Doctor.

Ok Covid, now do time.

Build and configure AKS on Azure using Terraform

A programming language without pointers!!! Is that even possible??

Python Program to Check Leap Year

How to use Twilio for video calling in swift.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Karthik Guttapudi

Karthik Guttapudi

More from Medium

Brand Logo Detection in Images : GCS + Cloud Run (Docker image) + gcloud (Part-3)

Connecting Rapid Miner Studio to GCP Dataproc on GCE

CI/CD with Cloud Build for deploying applications in Cloud Run

Workflows to notify developers by email when there is an update to Cloud Run services. — Part 2