robinbryce / iona

development cluster. gcp with managed k8s, multi-region
1 stars 0 forks source link

github action image publish via workload identity federation #34

Open robinbryce opened 2 years ago

robinbryce commented 2 years ago

CD via github actions requires a way to publish images to iona's internal container registry from github. Using oauth & workload identity federation is the current best practice.

Use this https://cloud.google.com/iam/docs/configuring-workload-identity-federation#github-actions so that images can be built and pushed to iona's container registry from github actions.

robinbryce commented 2 years ago

Does the workload pool need any relationship to the existing workload identity pool already created for the cluster ? Try using a separate pool first. So that the principals for gha's are completely isolated from the in cluster workload principals

Seems it can & should be seperate