|
|
|
|
|
|
by raffraffraff
1343 days ago
|
|
|
It may be easier, but still take a lot of work to migrate. Perhaps k8s + object store + LB is easier for the developer, who has a few AWS APIs to replace, but is otherwise not affected. But talk to the person who has to rewrite 5k+ lines of terraform, figure out users, roles & policies in a new IAM, aunderstands the differences between EKS and GKE (what's the Google equivalent for IRSA?). None of it is rocket science, but it's time consuming. And while Google can migrate data from external databases (including AWS Aurora) it's still a big squeaky-bum moment. |
|
|
The GKE equivalent of EKS IRSA is GKE Workload Identity.
It's pretty much the same user experience:
* Enable Workload Identity on your cluster
* Create a GCP service account
* Grant your Kubernetes service account permission to act as the GCP service account.
It's a bit more seamless because you don't need to upgrade your client libraries. Instead there is an on-node metadata server that provides access tokens to workloads.
Disclosure: I work on this