'How to Run kubectl command to gke from github without service account

I have to run kubectl apploy -f pod1.yml (as a example) from my github action. So to provide GKE credentials to github one way is by configuring service account key as a gihub repo secret. But I dont have permission to create service key also I will not getting permission to create. So I tried to create a user by createing certificates like username.key, username.csr. After that when I am going to sign the username.csr with ca.crt and ca.key then I am unable to find ca.crt and ca.key in my gke cluster. ( nothing inside here - /etc/kubernetes/pki/ ).

  1. So now my question is how to sign username.csr with ca.crt and ca.key inside GKE?
  2. If I cant sign then what is other options to run kubectl command from github action to GKE? (except service account).
google-kubernetes-engineconfiggithub-actionscredentialsclient-certificateslaravelbootstrap-4laravel-livewire


Solution 1:[1]

You can now use Workload Identity Federation which removes the need for storing Service Account JSON keys. This is a GitHub action for using Workload Identity Federation: https://github.com/google-github-actions/auth

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Sam Stoelinga

Related Questions