Text file src/edge-infra.dev/config/pallets/o11y/otel/gke/workload-identity-policy.yaml

Documentation: edge-infra.dev/config/pallets/o11y/otel/gke

     1apiVersion: iam.cnrm.cloud.google.com/v1beta1 # bind service account to GKE workload identity SA
     2kind: IAMPolicyMember
     3metadata:
     4  name: otel-collector-sa-workload-id
     5spec:
     6  member: serviceAccount:${gcp_project_id}.svc.id.goog[otel/opentelemetry-targetallocator-sa]
     7  resourceRef:
     8    apiVersion: iam.cnrm.cloud.google.com/v1beta1
     9    kind: IAMServiceAccount
    10    external: projects/${gcp_project_id}/serviceAccounts/o11y-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    11  role: roles/iam.workloadIdentityUser

View as plain text