We can now bind Google Cloud IAM roles directly to Kubernetes ServiceAccount — instead of using Google Service Accounts as a link between the roles and Kubernetes ServiceAccount.
This impacts everything that uses Workload Identity — the AlloyDB Kustomize component, the Google Cloud Observability Kustomize component, the Spanner Kustomize component, etc.
Describe request or inquiry
What purpose/environment will this feature serve?