Workload Identity in GKE to fetch data from Google Cloud Storage.
Vložit
- čas přidán 14. 05. 2023
- How to use Workload Identity in GKE to fetch data from Google Cloud Storage.
In this video, I will show you how to use Workload Identity in GKE to fetch data from Google Cloud Storage. Workload Identity allows your Kubernetes workloads to impersonate Google service accounts, which gives them access to Google Cloud APIs.
To get started, you will need to create a Kubernetes service account and a Google service account. You will also need to grant the Google service account permission to access the Google Cloud Storage bucket that you want to fetch data from.
Once you have created the service accounts and granted permissions, you can use the gcloud command-line tool to bind the Kubernetes service account to the Google service account. You can then use the kubectl command-line tool to deploy the modified workload workload.
In the deployment, you will need to specify the Kubernetes service account that you want to use and the name of the Google Cloud Storage bucket that you want to fetch data from.
Once you have deployed your workload, you can access the data from Google Cloud Storage using the NGINX container.
I hope this video was helpful. Please let me know if you have any questions in the comments below.
WHO AM I:
Hey friends, welcome to my CZcams channel @outofdevops . If you're new my name is Anto, here I talk about software engineering and software engineers. Don't forget to comment like and subscribe 👍🏻.
CZcams GEAR:
🎥 My CZcams Camera Gear - kit.co/outofdevops
MY SOCIAL LINKs:
🐦 Twitter - / outofdevops
📘 Facebook - / outofdevops
📰 My blog - amasucci.com
📸 Instagram - / outofdevops
GET IN TOUCH:
If you’d like to talk, I’d love to hear from you. Tweeting @OutOfDevOps directly will be the quickest way to get a response, but if your question is very long, feel free to email me at hi@OutOfDevOps.com.
PS: Some of the links in this description are affiliate links that I get a kickback from 😜
Thank you for the explanation!
I was a bit scared of your hand in the end haha :)
Very clear. Thanks
You are very welcome 😎
neat and clean, thank!
Thank you
great tutorial
Thanks with Love from India 🇮🇳
Thank you for the kind comment
@@OutOfDevOps
I am shifting from Java Spring Microsercice to DevOps
About to face interviews and Just came across your GCP, Kubernetes and Docker.
Hope with the help of your videos 📷 I can win a match
nice explanation
Thanks and welcome
i have create firewall but still can't access. And if we use workload identity, which SA will GKE use (SA of nodepool or SA of workload identity) to pull container image from image registry like GAR or GCR?
If you haven't explicitly provided the workload identity SA name in the pod manifest then Default GKE node pool/machine's SA is used to the pull the images from GCR. That's my understanding. And if you provide the workload identity SA name then its permission is used for required interaction with other gcp resources.
I have followed the same but I am unable to put to delete files from bucket
For deleting objects in a bucket, you need a role with bucket write permission. Video showed the object viewer role only which can only fetch/read the bucket objects