1apiVersion: iam.cnrm.cloud.google.com/v1beta1 2kind: IAMCustomRole 3metadata: 4 name: fluxread 5 namespace: flux-system 6 annotations: 7 cnrm.cloud.google.com/deletion-policy: abandon 8 description: | 9 Provides only the required permissions for reading manifests from GCS buckets 10 using Flux. 11spec: 12 permissions: 13 - storage.objects.list 14 - storage.buckets.get 15 - storage.objects.get 16 title: fluxread