Configuration for issuance of mTLS keys and certificates to
Kubernetes pods.
Attribute
Name
Description
enable_certificates
google.protobuf.wrappers_pb2.BoolValue
enable_certificates controls issuance of workload mTLS
certificates.
If set, the GKE Workload Identity Certificates controller
and node agent will be deployed in the cluster, which can
then be configured by creating a WorkloadCertificateConfig
Custom Resource.
Requires Workload Identity
(workload_pool][google.container.v1alpha1.WorkloadIdentityConfig.workload_pool]
must be non-empty).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-06-03 UTC."],[],[]]