cloud-provider-gcp icon indicating copy to clipboard operation
cloud-provider-gcp copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

auth-provider-gcp: support using alternate credentials

Open theobarberbany opened this issue 6 months ago • 2 comments

Currently, as far as I can tell,auth-provider-gcp only supports using the default gcp service account attached to the GCE VM. (https://github.com/kubernetes/cloud-provider-gcp/blob/master/pkg/gcpcredential/gcpcredential.go#L171-L226).

It would be great to additional authentication methods when making credentials requests, e.g support service account impersonation, or passing GOOGLE_APPLICATION_CREDENTIALS. This is because we have a use case where we don't want to provide credentials via roles attached to the default service account.

It looks like the CredentialProviderConfig allows for either passing args, or env vars: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/

If this is something the project would be open to, I'd be happy to work on it!

theobarberbany avatar Sep 05 '24 13:09 theobarberbany