Text file src/edge-infra.dev/config/pallets/f8n/dev-infra/argo/workflows/workload-id.yaml

Documentation: edge-infra.dev/config/pallets/f8n/dev-infra/argo/workflows

     1apiVersion: iam.cnrm.cloud.google.com/v1beta1
     2kind: IAMServiceAccount
     3metadata:
     4  name: argo-server
     5  annotations:
     6    cnrm.cloud.google.com/project-id: ${gcp_project_id}
     7spec:
     8  displayName: General purpose Argo Server service account
     9---
    10apiVersion: iam.cnrm.cloud.google.com/v1beta1
    11kind: IAMPolicyMember
    12metadata:
    13  name: argo-server-workload-identity-user
    14  annotations:
    15    description: |
    16      Binds the K8s SA used by argo-server to the GCP IAM
    17      service account.
    18spec:
    19  member: serviceAccount:${gcp_project_id}.svc.id.goog[argo/argo-server]
    20  resourceRef:
    21    name: argo-server
    22    apiVersion: iam.cnrm.cloud.google.com/v1beta1
    23    kind: IAMServiceAccount
    24  role: roles/iam.workloadIdentityUser

View as plain text