Terraform-provider-google: Support for GKE Workload Identity

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Add support for GKE Workload Identity. This would involve a new field/configuration block on google_container_cluster to enable the workload identity feature, as well as updating the list of allowed values in the workload_metadata_config block which is part of node_config.

New or Affected Resource(s)

• google_container_cluster
• google_container_node_pool

Potential Terraform Configuration

resource "google_container_cluster" "my-cluster" {
  ...
  enable_workload_identity = "true"
  ...
}

resource "google_container_node_pool" "my-node-pool" {
  ...
  node_config{
    workload_metadata_config {
      node_metadata = "GKE_METADATA_SERVER"
    }
  }
  ...

References

https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

• #0000