Contents x
Workload Identity (GKE)
  • Dark
    Light
Contents

Workload Identity (GKE)

  • Dark
    Light

Overview

This article shows you how to enable Workload Identity on your Google Kubernetes Engine (GKE) clusters.

Make sure you have completed the following tasks before beginning:

  1. Enable the Google Kubernetes Engine API.
  2. Ensure that you have enabled the IAM Service Account Credentials API.
  3. Ensure that you have the following IAM roles:
  • roles/container.admin
  • roles/iam.serviceAccountAdmin

You can enable Workload Identity on clusters using the Google Cloud CLI or the Google Cloud console.

Create a new cluster

To enable Workload Identity on a new cluster, do the following:

  1. Go to the Google Kubernetes Engine page in the Google Cloud console.
  2. In the Create cluster dialog, for GKE Standard, click Configure.
  3. From the navigation pane, under Cluster, click Security.
  4. Select the Enable Workload Identity checkbox.
  5. Configure your cluster as needed.
  6. Click Create.

Update an existing cluster

To enable Workload Identity on an existing cluster, do the following:

  1. Go to the Google Kubernetes Engine page in the Google Cloud console.
  2. In the cluster list on the Google Kubernetes Engine page, click the name of the cluster you want to modify.
  3. On the Details tab, locate the Security section.
  4. For the Workload Identity field, click edit Edit Workload Identity.
  5. In the Edit Workload Identity dialog, select the Enable Workload Identity checkbox.
  6. Click Save Changes.
What's Next

Cookie consent

We use our own and third-party cookies to understand how you interact with our knowledge base. This helps us show you more relevant content based on your browsing and navigation history.