kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support GKE specific network roles in stages 01 and 02

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2022-07-31 14:54:14 +02:00
parent 24f3545de7
commit 9b371a3d2c
9 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fast/stages/02-networking-nva/main.tf
View File

@@ -31,7 +31,9 @@ locals {
stage3_sas_delegated_grants = [
"roles/composer.sharedVpcAgent",
"roles/compute.networkUser",
"roles/compute.networkViewer",
"roles/container.hostServiceAgentUser",
"roles/multiclusterservicediscovery.serviceAgent",
"roles/vpcaccess.user",
]
}

3
fast/stages/02-networking-nva/spoke-dev.tf
View File

@@ -41,7 +41,8 @@ module "dev-spoke-project" {
metric_scopes = [module.landing-project.project_id]
iam = {
"roles/dns.admin" = compact([
try(local.service_accounts.project-factory-dev, null)
try(local.service_accounts.gke-dev, null),
try(local.service_accounts.project-factory-dev, null),
])
}
}

3
fast/stages/02-networking-nva/spoke-prod.tf
View File

@@ -41,7 +41,8 @@ module "prod-spoke-project" {
metric_scopes = [module.landing-project.project_id]
iam = {
"roles/dns.admin" = compact([
try(local.service_accounts.project-factory-prod, null)
try(local.service_accounts.gke-prod, null),
try(local.service_accounts.project-factory-prod, null),
])
}
}

2
fast/stages/02-networking-peering/main.tf
View File

@@ -32,7 +32,9 @@ locals {
stage3_sas_delegated_grants = [
"roles/composer.sharedVpcAgent",
"roles/compute.networkUser",
"roles/compute.networkViewer",
"roles/container.hostServiceAgentUser",
"roles/multiclusterservicediscovery.serviceAgent",
"roles/vpcaccess.user",
]
service_accounts = {

3
fast/stages/02-networking-peering/spoke-dev.tf
View File

@@ -42,7 +42,8 @@ module "dev-spoke-project" {
metric_scopes = [module.landing-project.project_id]
iam = {
"roles/dns.admin" = compact([
try(local.service_accounts.project-factory-dev, null)
try(local.service_accounts.gke-dev, null),
try(local.service_accounts.project-factory-dev, null),
])
}
}

3
fast/stages/02-networking-peering/spoke-prod.tf
View File

@@ -42,7 +42,8 @@ module "prod-spoke-project" {
metric_scopes = [module.landing-project.project_id]
iam = {
"roles/dns.admin" = compact([
try(local.service_accounts.project-factory-prod, null)
try(local.service_accounts.gke-prod, null),
try(local.service_accounts.project-factory-prod, null),
])
}
}

2
fast/stages/02-networking-vpn/main.tf
View File

@@ -32,7 +32,9 @@ locals {
stage3_sas_delegated_grants = [
"roles/composer.sharedVpcAgent",
"roles/compute.networkUser",
"roles/compute.networkViewer",
"roles/container.hostServiceAgentUser",
"roles/multiclusterservicediscovery.serviceAgent",
"roles/vpcaccess.user",
]
service_accounts = {

1
fast/stages/02-networking-vpn/spoke-dev.tf
View File

@@ -42,6 +42,7 @@ module "dev-spoke-project" {
metric_scopes = [module.landing-project.project_id]
iam = {
"roles/dns.admin" = compact([
try(local.service_accounts.gke-dev, null),
try(local.service_accounts.project-factory-dev, null)
])
}

1
fast/stages/02-networking-vpn/spoke-prod.tf
View File

@@ -42,6 +42,7 @@ module "prod-spoke-project" {
metric_scopes = [module.landing-project.project_id]
iam = {
"roles/dns.admin" = compact([
try(local.service_accounts.gke-prod, null),
try(local.service_accounts.project-factory-prod, null)
])
}