From kubernetes 1.33 (in alpha) kubelet will support passing service accounts to kubelet credential providers.
This will allow workloads to pull images based on their own runtime identity without long lived / persisted secrets, and avoid needing a kubelet/node based identity to pull images.
The relevant enhancement is kubernetes/enhancements#4412.
KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/4412-projected-service-account-tokens-for-kubelet-image-credential-providers/README.md
This issue is intended to track implementation progress for auth-provider-gcp.
This addresses #760
From kubernetes 1.33 (in alpha) kubelet will support passing service accounts to kubelet credential providers.
This will allow workloads to pull images based on their own runtime identity without long lived / persisted secrets, and avoid needing a kubelet/node based identity to pull images.
The relevant enhancement is kubernetes/enhancements#4412.
KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/4412-projected-service-account-tokens-for-kubelet-image-credential-providers/README.md
This issue is intended to track implementation progress for
auth-provider-gcp.This addresses #760