Skip to content

Commit

Permalink
Use IAMMember for database access
Browse files Browse the repository at this point in the history
  • Loading branch information
@simenandre
simenandre committed Jun 3, 2024
1 parent a11bf43 commit b2eb973
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions stacks/unleash/Pulumi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,12 @@ resources:
namespace: ${namespace.metadata.name}
annotations:
"iam.gke.io/gcp-service-account": ${database:serviceAccountEmail}
serviceAccountIamBinding:
type: gcp:serviceaccount:IAMBinding
serviceAccountIamMember:
type: gcp:serviceaccount:IAMMember
properties:
serviceAccountId: ${database:serviceAccountId}
role: roles/iam.workloadIdentityUser
members:
- serviceAccount:${gcp:project}.svc.id.goog[${namespace.metadata.name}/${serviceAccount.metadata.name}]
member: serviceAccount:${gcp:project}.svc.id.goog[${namespace.metadata.name}/${serviceAccount.metadata.name}]
deployment:
type: kubernetes:apps/v1:Deployment
properties:
Expand Down

0 comments on commit b2eb973

Please sign in to comment.