1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: service-account.${cluster_uuid}.edge-agent
5spec:
6 description: "Edge Agent Service Account. (${cluster_uuid})"
7 resourceID: edge-agt-${cluster_hash}
8---
9apiVersion: iam.cnrm.cloud.google.com/v1beta1
10kind: IAMPartialPolicy
11metadata:
12 name: subscription-policy.${cluster_uuid}.edge-agent
13spec:
14 bindings:
15 - members:
16 - memberFrom:
17 serviceAccountRef:
18 name: service-account.${cluster_uuid}.edge-agent
19 role: roles/pubsub.subscriber
20 - members:
21 - memberFrom:
22 serviceAccountRef:
23 name: service-account.${cluster_uuid}.edge-agent
24 role: roles/pubsub.viewer
25 resourceRef:
26 name: sub.${cluster_uuid}.edge-agent
27 apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
28 kind: PubSubSubscription
29---
30apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
31kind: PubSubSubscription
32metadata:
33 name: sub.${cluster_uuid}.edge-agent
34spec:
35 ackDeadlineSeconds: 60
36 expirationPolicy:
37 ttl: "" # never expire.
38 filter: attributes.cluster_edge_id="${cluster_uuid}"
39 resourceID: sub.${cluster_uuid}.edge-agent
40 retainAckedMessages: false
41 topicRef:
42 external: projects/${gcp_project_id}/topics/edge-agent
View as plain text