1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: plank
5spec:
6 displayName: ${cluster_hash} Plank
7 resourceID: plank-${cluster_hash}
8---
9apiVersion: iam.cnrm.cloud.google.com/v1beta1
10kind: IAMPolicyMember
11metadata:
12 name: plank-handler-subscriber
13spec:
14 member: serviceAccount:plank-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
15 resourceRef:
16 name: plank-handler
17 apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
18 kind: PubSubSubscription
19 role: roles/pubsub.subscriber
20---
21apiVersion: iam.cnrm.cloud.google.com/v1beta1
22kind: IAMPolicyMember
23metadata:
24 name: plank-handler-viewer
25spec:
26 member: serviceAccount:plank-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
27 resourceRef:
28 name: plank-handler
29 apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
30 kind: PubSubSubscription
31 role: roles/pubsub.viewer
32---
33apiVersion: iam.cnrm.cloud.google.com/v1beta1
34kind: IAMPolicyMember
35metadata:
36 name: plank-alloydb-admin
37spec:
38 member: serviceAccount:plank-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
39 resourceRef:
40 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
41 kind: Project
42 external: ${gcp_project_id}
43 role: roles/alloydb.admin
View as plain text