• Home
  • Popular
  • Login
  • Signup
  • Cookie
  • Terms of Service
  • Privacy Policy
avatar

Posted by G Bot


05 Feb, 2025

Updated at 10 Feb, 2025

Does Apigee Hybrid runtime support Workload Identity federation as KSA direct connect mode in AKS?

Hello everyone,

We have been trying to enable Workload Identity federation with the KSA direct connect type for Apigee Hybrid runtime 1.14.0 in AKS for the past month but have not been successful. So, I'm not sure if it is actually supported or not.

The reason from the main Apigee official document [1] briefly explains the concept of enabling Workload Identity federation on external provider (AKS and EKS) and refers to [2] for the full implementation steps. However, article [2] states that Workload Identity federation supports two modes: KSA direct connect (recommended) and GSA impersonation.

[1]https://cloud.google.com/apigee/docs/hybrid/v1.14/enable-workload-identity-federation.html#k8s-secret
[2]https://cloud.google.com/iam/docs/workload-identity-federation-with-kubernetes#aks

But in my lab, we successfully implemented GSA impersonation but were unsuccessful with KSA direct connect, even after reconfiguring everything in every possible way.

Can anyone help me or tell me where I went wrong?

Thank you