1apiVersion: iam.cnrm.cloud.google.com/v1beta1 2kind: IAMPolicyMember 3metadata: 4 name: gridbug-workload-id 5 annotations: 6 description: | 7 Binds the K8s SA used by gridbug to the GCP IAM 8 service account defined in the base. 9spec: 10 member: serviceAccount:${gcp_project_id}.svc.id.goog[gridbug/gridbug] 11 resourceRef: 12 name: gridbug 13 apiVersion: iam.cnrm.cloud.google.com/v1beta1 14 kind: IAMServiceAccount 15 role: roles/iam.workloadIdentityUser