{"id":"gke-node-sa-still-used-for-image-pulls","text":"The node pool's IAM service account is still used for container image pulls even with Workload Identity Federation enabled.","truth_value":"IN","source":"entries/2026/03/10/gke-workload-identity.md","source_url":"","source_hash":"2557090fceb5fc9e","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"gke-node-sa-still-used-for-image-pulls","truth_value":"IN","reason":"premise"}]}}