1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMPolicyMember
3metadata:
4 name: shoot-publisher
5 namespace: data-sync-connector
6 labels:
7 platform.edge.ncr.com/component: data-sync-connector
8 cluster_hash: ${cluster_hash}
9 cluster_uuid: ${cluster_uuid}
10 annotations:
11 cnrm.cloud.google.com/project-id: ${gcp_project_id}
12 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
13 pallet.edge.ncr.com/name: shoot
14 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
15 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
16 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
17 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
18spec:
19 member: serviceAccount:shoot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
20 resourceRef:
21 apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
22 kind: PubSubTopic
23 external: "projects/${foreman_gcp_project_id}/topics/data-sync-e2c"
24 role: roles/pubsub.publisher
25---
26apiVersion: iam.cnrm.cloud.google.com/v1beta1
27kind: IAMPolicyMember
28metadata:
29 name: shoot-publisher-legacy
30 namespace: data-sync-connector
31 labels:
32 platform.edge.ncr.com/component: data-sync-connector
33 cluster_hash: ${cluster_hash}
34 cluster_uuid: ${cluster_uuid}
35 annotations:
36 cnrm.cloud.google.com/project-id: ${gcp_project_id}
37 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
38 pallet.edge.ncr.com/name: shoot
39 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
40 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
41 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
42 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
43spec:
44 member: serviceAccount:shoot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
45 resourceRef:
46 apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
47 kind: PubSubTopic
48 external: "projects/${foreman_gcp_project_id}/topics/public"
49 role: roles/pubsub.publisher
50---
51apiVersion: iam.cnrm.cloud.google.com/v1beta1
52kind: IAMPolicyMember
53metadata:
54 name: shoot-workload-id
55 namespace: data-sync-connector
56 labels:
57 platform.edge.ncr.com/component: data-sync-connector
58 cluster_hash: ${cluster_hash}
59 cluster_uuid: ${cluster_uuid}
60 annotations:
61 cnrm.cloud.google.com/project-id: ${gcp_project_id}
62 description: |
63 Binds the K8s SA used by shoot to the GCP IAM
64 service account defined in the base.
65 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
66 pallet.edge.ncr.com/name: shoot
67 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
68 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
69 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
70 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
71spec:
72 member: serviceAccount:${gcp_project_id}.svc.id.goog[data-sync-connector/data-sync-connector]
73 resourceRef:
74 name: shoot
75 apiVersion: iam.cnrm.cloud.google.com/v1beta1
76 kind: IAMServiceAccount
77 role: roles/iam.workloadIdentityUser
78---
79apiVersion: iam.cnrm.cloud.google.com/v1beta1
80kind: IAMServiceAccount
81metadata:
82 name: shoot
83 namespace: data-sync-connector
84 labels:
85 platform.edge.ncr.com/component: data-sync-connector
86 cluster_hash: ${cluster_hash}
87 cluster_uuid: ${cluster_uuid}
88 annotations:
89 cnrm.cloud.google.com/project-id: ${gcp_project_id}
90 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
91 pallet.edge.ncr.com/name: shoot
92 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
93 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
94 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
95 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
96spec:
97 displayName: ${cluster_uuid} Data Sync Shoot
98 resourceID: shoot-${cluster_hash}
View as plain text