You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Instead of the member field being a regex-enforced string, we should also be able to reference an IAMServiceAccount CRD, similar in fashion to the Specifying resource references documentation.
This would be especially helpful because it would remove the need to provide the Google Project ID whenever the service account is created within the same project as the cluster. For us, this would mean one less template parameter being passed around through configs in order to render the Helm template.
Hi @dmacthedestroyer, thank you for your feedback. We've also received the same request from another customer. We are currently looking into this feature. Will let you know when we have any updates.
Hi all, it is now possible in KCC v1.34.0 to reference an IAMServiceAccount as the member in an IAMPolicyMember using the spec.memberFrom.serviceAccountRef field. We will be updating the docs for IAMPolicyMember in a bit to include descriptions and sample usage of the new spec.memberFrom field.
Closing this issue now. Feel free to follow-up with comments if you have any further questions.
Instead of the
member
field being a regex-enforced string, we should also be able to reference anIAMServiceAccount
CRD, similar in fashion to the Specifying resource references documentation.This would be especially helpful because it would remove the need to provide the Google Project ID whenever the service account is created within the same project as the cluster. For us, this would mean one less template parameter being passed around through configs in order to render the Helm template.
An example:
currently, from the repo's example:
proposed:
The text was updated successfully, but these errors were encountered: