[GCP] Pipelines backward compatibility when Kubeflow switches to workload identity #1962
Assignees
Labels
area/pipelines
platform/gcp
priority/p2
status/triaged
Whether the issue has been explicitly triaged
Comments
|
@james-jwu, can you pls assess? |
|
With 0.7 we have continued to provision user-gcp-sa secrets but we will stop doing that in subsequent releases so pipelines will need to update to work with workload identity. |
|
I think we can close this issue and use #1691 to track migrating pipelines to workload identity and removing the secrets. |
magdalenakuhn17
pushed a commit
to magdalenakuhn17/pipelines
that referenced
this issue
Oct 22, 2023
Signed-off-by: Hao Xin <haoxinst@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In 0.7 Kubeflow on GCP would like to switch to using workload identity by default #1691 .
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#enable_workload_identity_on_a_new_cluster
This means that applications should be deployed with an appropriate Kubernetes Service Account Mapped to a Google Service Account in order to get GCP credentials.
The purpose of this bug is to ascertain whether for backwards compatibility we should continue to provision service account keys in the kubeflow namespace to support existing pipelines which are using
@IronPan WDYT?
The text was updated successfully, but these errors were encountered: