1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMPolicyMember
3metadata:
4 name: grafana-sa-k8s-logging-folder-viewer
5spec:
6 member: serviceAccount:grafana-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
7 resourceRef:
8 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
9 kind: Folder
10 external: ${tenants_gcp_folder_id}
11 role: roles/logging.viewer
12---
13apiVersion: iam.cnrm.cloud.google.com/v1beta1
14kind: IAMPolicyMember
15metadata:
16 name: grafana-sa-k8s-logging-folder-view-accesor
17spec:
18 member: serviceAccount:grafana-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
19 resourceRef:
20 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
21 kind: Folder
22 external: ${tenants_gcp_folder_id}
23 role: roles/logging.viewAccessor
24---
25apiVersion: iam.cnrm.cloud.google.com/v1beta1
26kind: IAMPolicyMember
27metadata:
28 name: grafana-sa-k8s-logging-viewer
29spec:
30 member: serviceAccount:grafana-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
31 resourceRef:
32 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
33 kind: Project
34 external: projects/${gcp_project_id}
35 role: roles/logging.viewer
36---
37apiVersion: iam.cnrm.cloud.google.com/v1beta1
38kind: IAMPolicyMember
39metadata:
40 name: grafana-sa-k8s-logging-view-accesor
41spec:
42 member: serviceAccount:grafana-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
43 resourceRef:
44 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
45 kind: Project
46 external: projects/${gcp_project_id}
47 role: roles/logging.viewAccessor
View as plain text