Text file src/edge-infra.dev/config/pallets/edge/clusterctl/gcpinfra/manifests.yaml

Documentation: edge-infra.dev/config/pallets/edge/clusterctl/gcpinfra

     1apiVersion: iam.cnrm.cloud.google.com/v1beta1
     2kind: IAMServiceAccount
     3metadata:
     4  name: cctl
     5  labels:
     6    platform.edge.ncr.com/component: clusterctl
     7spec:
     8  displayName: cctl
     9  resourceID: cctl-${cluster_hash}
    10---
    11apiVersion: iam.cnrm.cloud.google.com/v1beta1
    12kind: IAMPolicyMember
    13metadata:
    14  name: cctl-banners-secretadmin
    15  labels:
    16    platform.edge.ncr.com/component: clusterctl
    17spec:
    18  member: serviceAccount:cctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    19  resourceRef:
    20    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    21    kind: Project
    22    external: ${gcp_project_id}
    23  role: roles/secretmanager.admin
    24---
    25apiVersion: iam.cnrm.cloud.google.com/v1beta1
    26kind: IAMPolicyMember
    27metadata:
    28  name: cctl-gke-admin
    29  labels:
    30    platform.edge.ncr.com/component: clusterctl
    31spec:
    32  member: serviceAccount:cctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    33  resourceRef:
    34    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    35    kind: Project
    36    external: ${gcp_project_id}
    37  role: roles/container.admin
    38---
    39apiVersion: iam.cnrm.cloud.google.com/v1beta1
    40kind: IAMPolicyMember
    41metadata:
    42  name: okta-creds-cctl-secret-reader
    43  labels:
    44    platform.edge.ncr.com/component: clusterctl
    45spec:
    46  member: serviceAccount:cctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    47  resourceRef:
    48    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    49    kind: SecretManagerSecret
    50    external: projects/${foreman_gcp_project_id}/secrets/id-okta-creds
    51  role: roles/secretmanager.secretAccessor
    52---
    53apiVersion: iam.cnrm.cloud.google.com/v1beta1
    54kind: IAMPolicyMember
    55metadata:
    56  name: edge-bsl-prod-admin-secret-reader
    57  labels:
    58    platform.edge.ncr.com/component: clusterctl
    59spec:
    60  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    61  resourceRef:
    62    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    63    kind: SecretManagerSecret
    64    external: projects/${foreman_gcp_project_id}/secrets/edge-bsl-prod-admin
    65  role: roles/secretmanager.secretAccessor

View as plain text