Text file src/edge-infra.dev/config/pallets/edge/edge-issuer/gke/gcpinfra/workload-identity-policy.yaml

Documentation: edge-infra.dev/config/pallets/edge/edge-issuer/gke/gcpinfra

     1apiVersion: iam.cnrm.cloud.google.com/v1beta1
     2kind: IAMPolicyMember
     3metadata:
     4  name: issuer-${cluster_hash}-workload-id
     5  annotations:
     6    description: |
     7      Binds the K8s SA used by edge-issuer to the GCP IAM
     8      service account defined in the base.
     9spec:
    10  member: serviceAccount:${gcp_project_id}.svc.id.goog[edge-issuer/edge-issuer]
    11  resourceRef:
    12    name: issuer-${cluster_hash}
    13    apiVersion: iam.cnrm.cloud.google.com/v1beta1
    14    kind: IAMServiceAccount
    15  role: roles/iam.workloadIdentityUser

View as plain text