Skip to content

Commit 5ca5d21

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #7399 from borg-land/infra-reconcile
reconcile infra changes
2 parents 0140227 + 4bb61eb commit 5ca5d21

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

infra/gcp/terraform/k8s-infra-prow/buckets.tf

+5
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,11 @@ module "prow_bucket" {
112112
role = "roles/storage.objectAdmin"
113113
member = "serviceAccount:${google_service_account.prow.email}"
114114
},
115+
{
116+
// prow pod-utils service account in gke trusted build cluster
117+
role = "roles/storage.objectAdmin"
118+
member = "serviceAccount:prow-build-trusted@k8s-infra-prow-build-trusted.iam.gserviceaccount.com"
119+
},
115120
{
116121
role = "roles/storage.objectViewer"
117122
member = "allUsers"

infra/gcp/terraform/kubernetes-public/iam.tf

+6
Original file line numberDiff line numberDiff line change
@@ -27,5 +27,11 @@ module "iam" {
2727
"serviceAccount:kubernetes-external-secrets@kubernetes-public.iam.gserviceaccount.com",
2828
"principal://iam.googleapis.com/projects/16065310909/locations/global/workloadIdentityPools/k8s-infra-prow.svc.id.goog/subject/ns/external-secrets/sa/external-secrets",
2929
]
30+
"roles/dns.admin" = [
31+
"group:[email protected]",
32+
"principal://iam.googleapis.com/projects/16065310909/locations/global/workloadIdentityPools/k8s-infra-prow.svc.id.goog/subject/ns/cert-manager/sa/cert-manager",
33+
"serviceAccount:[email protected]",
34+
"serviceAccount:[email protected]"
35+
]
3036
}
3137
}

0 commit comments

Comments
 (0)