Iam4 workload identity federation with keycloak workload identity federation with keycloak -> Authenticate without gcp service account json key by linking keycloak with oidc provider workload identity federation https://cloud.google.com/iam/docs/workload-identity-federation Integrate Cloud Run and workload identity federation https://cloud.google.com/iam/docs/tutorial-cloud-run-workload-id-federation Configure workload identity federation wit.. 2023. 7. 9. workload identity federation with k8s cluster This post covers how to use Kubernetes as an OIDC provider role to use GCP's workload identity federation service by delegating an IAM role without a json key for your GCP service account. It can be used when an application running on a Kubernetes cluster in a non-GCP environment wants to access GCP's services, or when an application running on a server in a non-GCP environment wants to access G.. 2023. 7. 2. GKE workload identity # Grant gcp permissions to pods using workload identity -> Rather than granting a gcp service account to individual nodes or the entire cluster, a k8s service account is created, and the k8s service account is set to assume the gcp service account role, thereby granting gcp specific service permissions only to the pod. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity?hl=k.. 2023. 7. 1. GCP CloudSQL IAM 인증 GCP CloudSQL IAM 인증 IAM 인증으로 사용자 관리 https://cloud.google.com/sql/docs/mysql/add-manage-iam-users?hl=ko IAM 데이터베이스 인증을 사용하여 로그인 https://cloud.google.com/sql/docs/mysql/iam-logins?hl=ko # cloudsql 인스턴스 및 iam 계정 권한 확인 -> cloudsql 인스턴스에 cloudsql_iam_authentication 플래그 on 으로 설정(iam 인증 타입의 사용자 생성 시 자동으로 세팅됨) -> iam 계정에 roles/cloudsql.instanceUser 역할 필요 # cloudsql 사용자(iam 사용자 인증 타입) 생성 gcloud sql users.. 2023. 4. 30. 이전 1 다음 반응형
