1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMPolicyMember
3metadata:
4 name: bsl-sql-client-role
5 labels:
6 platform.edge.ncr.com/component: edge-bsl
7 cluster_hash: ${cluster_hash}
8 cluster_uuid: ${cluster_uuid}
9 namespace: edge-bsl
10 annotations:
11 cnrm.cloud.google.com/project-id: ${gcp_project_id}
12 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
13 pallet.edge.ncr.com/name: edge-bsl
14 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
15 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
16 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
17 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
18spec:
19 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
20 resourceRef:
21 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
22 kind: Project
23 external: "projects/${gcp_project_id}"
24 role: roles/cloudsql.client
25---
26apiVersion: iam.cnrm.cloud.google.com/v1beta1
27kind: IAMPolicyMember
28metadata:
29 name: bsl-sql-user-role
30 labels:
31 platform.edge.ncr.com/component: edge-bsl
32 cluster_hash: ${cluster_hash}
33 cluster_uuid: ${cluster_uuid}
34 namespace: edge-bsl
35 annotations:
36 cnrm.cloud.google.com/project-id: ${gcp_project_id}
37 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
38 pallet.edge.ncr.com/name: edge-bsl
39 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
40 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
41 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
42 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
43spec:
44 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
45 resourceRef:
46 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
47 kind: Project
48 external: "projects/${gcp_project_id}"
49 role: roles/cloudsql.instanceUser
50---
51apiVersion: iam.cnrm.cloud.google.com/v1beta1
52kind: IAMPolicyMember
53metadata:
54 name: edge-bsl-banners-secretadmin
55 labels:
56 platform.edge.ncr.com/component: edge-bsl
57 cluster_hash: ${cluster_hash}
58 cluster_uuid: ${cluster_uuid}
59 namespace: edge-bsl
60 annotations:
61 cnrm.cloud.google.com/project-id: ${gcp_project_id}
62 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
63 pallet.edge.ncr.com/name: edge-bsl
64 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
65 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
66 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
67 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
68spec:
69 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
70 resourceRef:
71 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
72 kind: Project
73 external: "projects/${gcp_project_id}"
74 role: roles/secretmanager.admin
75---
76apiVersion: iam.cnrm.cloud.google.com/v1beta1
77kind: IAMServiceAccount
78metadata:
79 name: edge-bsl
80 labels:
81 platform.edge.ncr.com/component: edge-bsl
82 cluster_hash: ${cluster_hash}
83 cluster_uuid: ${cluster_uuid}
84 namespace: edge-bsl
85 annotations:
86 cnrm.cloud.google.com/project-id: ${gcp_project_id}
87 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
88 pallet.edge.ncr.com/name: edge-bsl
89 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
90 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
91 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
92 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
93spec:
94 displayName: ${cluster_hash} Edge BSL
95 resourceID: edge-bsl
96---
97apiVersion: iam.cnrm.cloud.google.com/v1beta1
98kind: IAMServiceAccountKey
99metadata:
100 name: edge-bsl-gcp-api-key
101 labels:
102 platform.edge.ncr.com/component: edge-bsl
103 cluster_hash: ${cluster_hash}
104 cluster_uuid: ${cluster_uuid}
105 namespace: edge-bsl
106 annotations:
107 cnrm.cloud.google.com/project-id: ${gcp_project_id}
108 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
109 pallet.edge.ncr.com/name: edge-bsl
110 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
111 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
112 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
113 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
114spec:
115 serviceAccountRef:
116 name: edge-bsl
117---
118apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
119kind: SecretManagerSecret
120metadata:
121 name: edge-bsl-${cluster_uuid}-gcp-api-key
122 labels:
123 platform.edge.ncr.com/component: edge-bsl
124 cluster_hash: ${cluster_hash}
125 cluster_uuid: ${cluster_uuid}
126 namespace: edge-bsl
127 annotations:
128 cnrm.cloud.google.com/project-id: ${gcp_project_id}
129 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
130 pallet.edge.ncr.com/name: edge-bsl
131 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
132 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
133 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
134 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
135spec:
136 replication:
137 automatic: true
138---
139apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
140kind: SecretManagerSecretVersion
141metadata:
142 name: edge-bsl-${cluster_uuid}-gcp-api-key
143 labels:
144 platform.edge.ncr.com/component: edge-bsl
145 cluster_hash: ${cluster_hash}
146 cluster_uuid: ${cluster_uuid}
147 namespace: edge-bsl
148 annotations:
149 cnrm.cloud.google.com/project-id: ${gcp_project_id}
150 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
151 pallet.edge.ncr.com/name: edge-bsl
152 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
153 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
154 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
155 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
156spec:
157 secretRef:
158 name: edge-bsl-${cluster_uuid}-gcp-api-key
159 enabled: true
160 secretData:
161 valueFrom:
162 secretKeyRef:
163 name: edge-bsl-gcp-api-key
164 key: key.json
165---
166apiVersion: sql.cnrm.cloud.google.com/v1beta1
167kind: SQLUser
168metadata:
169 name: edge-bsl-sql-user
170 labels:
171 platform.edge.ncr.com/component: edge-bsl
172 cluster_hash: ${cluster_hash}
173 cluster_uuid: ${cluster_uuid}
174 namespace: edge-bsl
175 annotations:
176 cnrm.cloud.google.com/deletion-policy: abandon
177 cnrm.cloud.google.com/project-id: ${gcp_project_id}
178 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
179 pallet.edge.ncr.com/name: edge-bsl
180 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
181 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
182 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
183 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
184spec:
185 type: CLOUD_IAM_SERVICE_ACCOUNT
186 instanceRef:
187 name: ${gcp_project_id}
188 namespace: edge-system
189 resourceID: edge-bsl@${gcp_project_id}.iam
View as plain text