scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-29 17:42:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb0c6d7c69d674c2c17c6e0e75ce4ea26c631fa1
terraform-talos/gcp-zonal/instances-sa.tf
Serge Logvinov f8327cb3cf autoscaller fixes
2022-12-26 20:19:00 +02:00

64 lines
2.1 KiB
HCL
Raw Blame History

resource "google_service_account" "controlplane" {
account_id = "controlplane"
display_name = "A service account for controlplane instances"
}
resource "google_project_iam_member" "controlplane_ccm" {
project = local.project
role = "projects/${local.project}/roles/KubeCCM"
member = "serviceAccount:${google_service_account.controlplane.email}"
}
resource "google_project_iam_member" "controlplane_autoscaler" {
project = local.project
role = "projects/${local.project}/roles/KubeClusterAutoscaler"
member = "serviceAccount:${google_service_account.controlplane.email}"
}
# resource "google_service_account" "csi" {
# account_id = "csi-driver"
# display_name = "A service account for csi-driver"
# }
# resource "google_project_iam_member" "csi" {
# project = local.project
# role = "projects/${local.project}/roles/KubeCsiDriver"
# member = "serviceAccount:${google_service_account.csi.email}"
# }
# resource "google_project_iam_member" "csi_storageAdmin" {
# project = local.project
# role = "roles/compute.storageAdmin"
# member = "serviceAccount:${google_service_account.csi.email}"
# }
# resource "google_project_iam_member" "csi_serviceAccountUser" {
# project = local.project
# role = "roles/iam.serviceAccountUser"
# member = "serviceAccount:${google_service_account.csi.email}"
# }
resource "google_service_account" "autoscaler" {
account_id = "cluster-autoscale"
display_name = "A service account for cluster-autoscale"
}
resource "google_project_iam_member" "autoscaler" {
project = local.project
role = "projects/${local.project}/roles/KubeClusterAutoscaler"
member = "serviceAccount:${google_service_account.autoscaler.email}"
}
# resource "google_project_iam_member" "autoscaler_admin" {
# project = local.project
# role = "roles/compute.admin"
# member = "serviceAccount:${google_service_account.autoscaler.email}"
# }
# resource "google_project_iam_member" "autoscaler_roles" {
# project = local.project
# role = "roles/viewer"
# member = "serviceAccount:${google_service_account.autoscaler.email}"
# }
Reference in New Issue View Git Blame Copy Permalink