💼 5.2.2 Prefer using dedicated GCP Service Accounts and Workload Identity (Manual)
- ID:
/frameworks/cis-gke-v1.8.0/05/02/02
Description​
Kubernetes workloads should not use cluster node service accounts to authenticate to Google Cloud APIs. Each Kubernetes Workload that needs to authenticate to other Google services using Cloud IAM should be provisioned a dedicated Service account. Enabling Workload Identity manages the distribution and rotation of Service account keys for the workloads to use.
Similar​
- Sections
/frameworks/cis-gke-v1.0.0/06/02/02
Similar Sections (Take Policies From)​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|