We have the use case of using google-cas-issuer outside of GKE but want to lean on GCP's Workload Identity instead of static Service Account credentials.
We can achieve this by using a ConfigMap/Secret mounting the Workload Identity Pool credential configuration JSON and referencing it via the GOOGLE_APPLICATION_CREDENTIALS environment variable.
This PR enables this with the generic solution of supporting arbitrary env, ConfigMap, Secret and volumes/volumeMounts support.
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
We have the use case of using
google-cas-issuer
outside of GKE but want to lean on GCP's Workload Identity instead of static Service Account credentials.We can achieve this by using a ConfigMap/Secret mounting the Workload Identity Pool credential configuration JSON and referencing it via the
GOOGLE_APPLICATION_CREDENTIALS
environment variable.This PR enables this with the generic solution of supporting arbitrary
env
, ConfigMap, Secret andvolumes
/volumeMounts
support.