Open robinbryce opened 2 years ago
Does the workload pool need any relationship to the existing workload identity pool already created for the cluster ? Try using a separate pool first. So that the principals for gha's are completely isolated from the in cluster workload principals
Seems it can & should be seperate
CD via github actions requires a way to publish images to iona's internal container registry from github. Using oauth & workload identity federation is the current best practice.
Use this https://cloud.google.com/iam/docs/configuring-workload-identity-federation#github-actions so that images can be built and pushed to iona's container registry from github actions.