Question
As documented in the official documentation, Workload Identity identities like serviceAccount:PROJECT_ID.svc.id.goog[NAMESPACE/KUBERNETES_SERVICE_ACCOUNT] are considered legacy.
It is recommend to use Principals or PrincipalSets. Is there any way the CloudSQL Proxy can support IAM authentication based on IAM Principals ?
In best case I would prefer to deploy my service applications with IAM Principals and stripping away all the individual GSAs of applications. Then have the App Principals act as one central IAM GSA to authenticate based on impersonation.
Code
Additional Details
No response
Question
As documented in the official documentation, Workload Identity identities like
serviceAccount:PROJECT_ID.svc.id.goog[NAMESPACE/KUBERNETES_SERVICE_ACCOUNT]are considered legacy.It is recommend to use Principals or PrincipalSets. Is there any way the CloudSQL Proxy can support IAM authentication based on IAM Principals ?
In best case I would prefer to deploy my service applications with IAM Principals and stripping away all the individual GSAs of applications. Then have the App Principals act as one central IAM GSA to authenticate based on impersonation.
Code
Additional Details
No response