Workload Identity test pod

Why

Sometimes you need to run a simple pod on the cluster to check things, call a service or run commands

Things to note

You will need to have the compute metadata api service running in the cluster

How

KSAGKE Workload nodes

apiVersion: v1
kind: Pod
metadata:
  name: workload-identity-test
spec:
  containers:
    - image: google/cloud-sdk:slim
      name: workload-identity-test
      command: ["sleep","infinity"]
  serviceAccountName: <>

Note

Sometimes your may have nodes in a pool that don't have the metadata server enabled.

apiVersion: v1
kind: Pod
metadata:
  name: workload-identity-test
spec:
  containers:
    - image: google/cloud-sdk:slim
      name: workload-identity-test
      command: ["sleep","infinity"]
  serviceAccountName: <>
  nodeSelector:
    iam.gke.io/gke-metadata-server-enabled: "true"

What to read next

• Get project using compute engine API
• Get GCP Service account using compute engine API

---

Want to make this site better? Open a PR or help fund hosting costs