1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: flux-source-controller
5 annotations:
6 description: Used by Flux source controller
7spec:
8 resourceID: flux-${cluster_hash}
9---
10apiVersion: iam.cnrm.cloud.google.com/v1beta1
11kind: IAMPartialPolicy
12metadata:
13 name: flux-source-controller-storage-access
14 annotations:
15 description: |
16 Grants storage permissions for reading from GCS to Flux source controller
17spec:
18 bindings:
19 - members:
20 - member: serviceAccount:flux-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
21 role: projects/${gcp_project_id}/roles/fluxread
22 resourceRef:
23 apiVersion: storage.cnrm.cloud.google.com/v1beta1
24 kind: StorageBucket
25 external: ${gcp_project_id}
View as plain text