1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMPolicyMember
3metadata:
4 name: postgrest-workload-identity-user
5spec:
6 member: serviceAccount:${gcp_project_id}.svc.id.goog[postgrest/postgrest]
7 resourceRef:
8 name: postgrest
9 apiVersion: iam.cnrm.cloud.google.com/v1beta1
10 kind: IAMServiceAccount
11 role: roles/iam.workloadIdentityUser
12---
13apiVersion: iam.cnrm.cloud.google.com/v1beta1
14kind: IAMPolicyMember
15metadata:
16 name: postgrest-alloydb-client
17spec:
18 member: serviceAccount:postgrest-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
19 resourceRef:
20 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
21 kind: Project
22 external: projects/${gcp_project_id}
23 role: roles/alloydb.client
24---
25apiVersion: iam.cnrm.cloud.google.com/v1beta1
26kind: IAMServiceAccount
27metadata:
28 name: postgrest
29spec:
30 resourceID: postgrest-${cluster_hash}
31---
32apiVersion: compute.cnrm.cloud.google.com/v1beta1
33kind: ComputeAddress
34metadata:
35 name: postgrest
36 annotations:
37 dns.edge.ncr.com/dns-project-id: ${gcp_project_id}
38 dns.edge.ncr.com/managed-zone: infra/dev-infra
39 dns.edge.ncr.com/name: sovereign.${domain}.
40spec:
41 location: global
42 resourceID: postgrest-ip
View as plain text