I am using Google Kubernetes Engine to deploy my application and s3proxy. Workload Identity ties together a Google Service Account and a Kubernetes Service Account allowing pods running under that service account to make authenticated calls to the Google APIs. I want to use this to authenticate s3proxy rather than using explicit identity and credential fields.
I am trying to figure out exactly how this works and how I can integrate it with s3proxy. I am not quite sure if Workload Identity just places a credential on the pod when it spins up and I could feed that to JClouds or it may intercept requests and authenticate them automatically, in which case I would just have to get JClouds to try and make the requests without supplying credentials. Any thoughts? Has anyone tried this before?
Hello,
I am using Google Kubernetes Engine to deploy my application and s3proxy. Workload Identity ties together a Google Service Account and a Kubernetes Service Account allowing pods running under that service account to make authenticated calls to the Google APIs. I want to use this to authenticate s3proxy rather than using explicit identity and credential fields.
I am trying to figure out exactly how this works and how I can integrate it with s3proxy. I am not quite sure if Workload Identity just places a credential on the pod when it spins up and I could feed that to JClouds or it may intercept requests and authenticate them automatically, in which case I would just have to get JClouds to try and make the requests without supplying credentials. Any thoughts? Has anyone tried this before?