You can read about it over on the Google Cloud Blog, too!
No more exporting Google service account keys or lumping permissions onto one account. Kubernetes now provides a way for Kubernetes workloads to prove their identity outside of their cluster. We’ve built on this to deliver a simpler, more secure way to authenticate to Google services whether you’re running Kubernetes on GKE, GCP, on-premises, or a hybrid mix. This talk will explain and demonstrate how to use this exciting new capability to easily access Google Cloud services without any changes to your application code.