1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: authserver
5 annotations:
6 cnrm.cloud.google.com/project-id: ${gcp_project_id}
7spec:
8 displayName: authserver
9---
10apiVersion: iam.cnrm.cloud.google.com/v1beta1
11kind: IAMPolicyMember
12metadata:
13 name: es-auth-proxy-secret-accessor
14 annotations:
15 cnrm.cloud.google.com/project-id: ${foreman_gcp_project_id}
16spec:
17 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
18 resourceRef:
19 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
20 kind: SecretManagerSecret
21 external: projects/${foreman_gcp_project_id}/secrets/edge-auth-proxy-session-secret
22 role: roles/secretmanager.secretAccessor
View as plain text