Text file src/edge-infra.dev/config/pallets/f8n/dev-infra/jack-bot/gke/gcpinfra/workload-identity-policy.yaml

Documentation: edge-infra.dev/config/pallets/f8n/dev-infra/jack-bot/gke/gcpinfra

     1apiVersion: iam.cnrm.cloud.google.com/v1beta1
     2kind: IAMPolicyMember
     3metadata:
     4  name: jack-bot-foreman-workload-identity-user
     5  annotations:
     6    description: |
     7      Binds the K8s SA used by jack-bot to the GCP IAM
     8      service account defined in the base.
     9spec:
    10  member: serviceAccount:${gcp_project_id}.svc.id.goog[jack-bot/jack-bot]
    11  resourceRef:
    12    name: jack-bot
    13    apiVersion: iam.cnrm.cloud.google.com/v1beta1
    14    kind: IAMServiceAccount
    15  role: roles/iam.workloadIdentityUser

View as plain text