Skip to content

Add support for projected service account tokens in auth-provider-gcp #864

New issue
New issue
Open
Open
Add support for projected service account tokens in auth-provider-gcp#864
Labels
lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.
@theobarberbany

Description

@theobarberbany
theobarberbany
opened on May 21, 2025

From kubernetes 1.33 (in alpha) kubelet will support passing service accounts to kubelet credential providers.

This will allow workloads to pull images based on their own runtime identity without long lived / persisted secrets, and avoid needing a kubelet/node based identity to pull images.

The relevant enhancement is kubernetes/enhancements#4412.
KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/4412-projected-service-account-tokens-for-kubelet-image-credential-providers/README.md

This issue is intended to track implementation progress for auth-provider-gcp.

This addresses #760

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions