【发布时间】:2021-11-14 03:42:33
【问题描述】:
我想使用工作负载身份访问服务帐户。
cat serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
name: rao-sa
namespace: test
我的 yaml 文件是 policy.yaml
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: iampolicy-workload-identity-sample
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:PROJECT_ID.svc.id.goog[test/rao-sa]
kubectl apply -f policy.yaml
error: unable to recognize "policy.yaml": no matches for kind "IAMPolicy" in version "iam.cnrm.cloud.google.com/v1beta1"
YAML 文件出现错误:版本“iam.cnrm.cloud.google.com/v1beta1”中的种类“IAMPolicy”没有匹配项
【问题讨论】:
-
您可能需要安装config connector first
标签: google-kubernetes-engine google-iam workload-identity