...

Text file src/edge-infra.dev/config/pallets/f8n/dev-infra/jack-bot/gcpinfra/manifests.yaml

Documentation: edge-infra.dev/config/pallets/f8n/dev-infra/jack-bot/gcpinfra 

     1apiVersion: compute.cnrm.cloud.google.com/v1beta1
     2kind: ComputeAddress
     3metadata:
     4  name: jack-bot-ip
     5  annotations:
     6    dns.edge.ncr.com/dns-project-id: ${gcp_project_id}
     7    dns.edge.ncr.com/managed-zone: infra/dev-infra
     8    dns.edge.ncr.com/name: jack-bot.${domain}.
     9spec:
    10  location: global
    11---
    12apiVersion: iam.cnrm.cloud.google.com/v1beta1
    13kind: IAMServiceAccount
    14metadata:
    15  name: jack-bot
    16spec:
    17  displayName: jack-bot
    18  resourceID: jack-bot-${cluster_hash}
    19---
    20apiVersion: iam.cnrm.cloud.google.com/v1beta1
    21kind: IAMPolicyMember
    22metadata:
    23  name: jack-cloudsql-editor
    24spec:
    25  member: serviceAccount:jack-bot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    26  resourceRef:
    27    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    28    kind: Project
    29    external: projects/ret-edge-pltf-infra
    30  role: roles/cloudsql.editor
    31---
    32apiVersion: iam.cnrm.cloud.google.com/v1beta1
    33kind: IAMPolicyMember
    34metadata:
    35  name: jack-instance-access
    36spec:
    37  member: serviceAccount:jack-bot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    38  resourceRef:
    39    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    40    kind: Project
    41    external: projects/ret-edge-pltf-infra
    42  role: roles/cloudsql.instanceUser
    43---
    44# apiVersion: iam.cnrm.cloud.google.com/v1beta1
    45# kind: IAMPolicyMember
    46# metadata:
    47#   name: overlook-publisher
    48# spec:
    49#   member: serviceAccount:jack-bot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    50#   resourceRef:
    51#     name: overlook-topic
    52#     apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    53#     kind: PubSubTopic
    54#   role: roles/pubsub.publisher
    55# ---
    56apiVersion: iam.cnrm.cloud.google.com/v1beta1
    57kind: IAMPolicyMember
    58metadata:
    59  name: jack-storage-binding
    60spec:
    61  member: serviceAccount:jack-bot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    62  resourceRef:
    63    apiVersion: storage.cnrm.cloud.google.com/v1beta1
    64    kind: StorageBucket
    65    external: edge-test-jobs
    66  # because we are scoping this to a specific bucket, this role is safe to give
    67  role: roles/storage.admin

View as plain text