-
Notifications
You must be signed in to change notification settings - Fork 106
Expand file tree
/
Copy pathservice_account.tf
More file actions
33 lines (27 loc) · 1.21 KB
/
service_account.tf
File metadata and controls
33 lines (27 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
resource "google_service_account" "kubernetes_kafka_connect" {
account_id = "${local.name}-k8s-kafka-connect"
display_name = "${local.name}-k8s-kafka-connect-SA"
}
resource "google_project_iam_member" "kubernetes_kafka_connect_permissions" {
for_each = toset([
"roles/managedkafka.admin",
])
project = local.project
role = each.key
member = "serviceAccount:${google_service_account.kubernetes_kafka_connect.email}"
}
resource "google_service_account_key" "kubernetes_kafka_connect_key" {
service_account_id = google_service_account.kubernetes_kafka_connect.name
}
# https://cloud.google.com/kubernetes-engine/docs/troubleshooting/dashboards#write_permissions
resource "google_project_iam_member" "gke_monitoring" {
for_each = toset(["roles/monitoring.metricWriter", "roles/monitoring.editor", "roles/logging.logWriter", "roles/stackdriver.resourceMetadata.writer"])
project = local.project
role = each.value
member = "serviceAccount:${google_service_account.kubernetes.email}"
}
resource "google_project_iam_member" "kafka_connect_registry" {
project = local.project
role = "roles/artifactregistry.reader"
member = "serviceAccount:${google_service_account.kubernetes.email}"
}