Crossplane provider-family-gcp with workload identity using GitOps

[Amit DSouza]

Hey Folks,

I am new to Crossplane and was performing a POC for GCP infrastructure using workload identity using GitOps. I noticed as per documentation that there are a couple of manual steps after installing the provider(eg: provider-gcp-cloudplatform). (I have created the GCP Service Account, IAM Role and IAM Role Binding) 

Injecting the Providers Kubernetes Service Account with the email address of GCP Service Account is required to enable workload identity but there seems to be no straightforward way for this (eg: annotations of the provider get propagated to SA)

I was referring to the below documentation. 

https://github.com/upbound/provider-gcp/blob/main/docs/Configuration.md#authenticating-with-workload-identity

Since I am new to Crossplane and this provider I was wondering if I am missing something or if there is an open ticket for this to which i can contribute.

Cheers,

Amit D.

[Jean du Plessis]

Amid, you might want to have a look at the latest authentication documentation for upbound/provider-gcp here: https://docs.upbound.io/providers/provider-gcp/authentication/ 

I'm not saying it will solve your challenge, but just in case.

Cheers

Jean du Plessis

Engineering Manager | Upbound.io

--
You received this message because you are subscribed to the Google Groups "crossplane-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crossplane-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/crossplane-dev/c1330c89-8993-412d-a81b-a492843d1bf2n%40googlegroups.com.

[Amit DSouza]

Thanks Jean,

That worked perfectly. :) appreciate the quick response