Provide reference documentation about GKE feature

Workload Identity (the same link repeated from cron-job-image-auth.md) Signed-off-by: Kingdon Barrett <kingdon@weave.works>
fluxcd · Jan 14, 2022 · 1f9240b · 1f9240b
1 parent 9bd9053
commit 1f9240b
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/content/en/docs/guides/image-update.md b/content/en/docs/guides/image-update.md
@@ -690,18 +690,20 @@ patches:
       path: /spec/template/spec/containers/0/args/-
       value: --gcp-autologin-for-gcr
  ### add this patch to annotate service account if you are using Workload identity
-- target:
-    version: v1
-    group: ""
-    kind: ServiceAccount
+patchesStrategicMerge:
+- |-
+  apiVersion: v1
+  kind: ServiceAccount
+  metadata:
     name: image-reflector-controller
     namespace: flux-system
-  patch: |-
-    - op: add
-      path: /metadata/annotations/spec/
-      value: <gcp-service-account-name>.<PROJECT_ID>.iam.gserviceaccount.com
+    annotations:
+      iam.gke.io/gcp-service-account: <gcp-service-account-name>@<PROJECT_ID>.iam.gserviceaccount.com
 ```
 
+Take a look at [this guide](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) for more
+information about setting up GKE Workload Identity.
+
 #### Using Native Azure ACR Auto-Login
 
 There is native support for the Azure Container Registry] available since