Skip to content

Commit

Permalink
Give KF_USER_NAME service account roles/cloudbuild.builds.editor role (
Browse files Browse the repository at this point in the history 
…#1163)

This allows us to submit docker builds to google cloud container builder

/cc @jlewi
  • Loading branch information
@k8s-ci-robot
Ankush Agarwal authored and k8s-ci-robot committed Jul 11, 2018
1 parent 59f3af0 commit e7e16c4
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions scripts/gke/deployment_manager_configs/cluster.jinja
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,10 @@ resources:
members:
{# Deployment manager uses cloudservices account. #}
- {{ 'serviceAccount:' + env['project_number'] + '@cloudservices.gserviceaccount.com' }}
{# Grant permissions needed to submit builds to Google Cloud Container Builder #}
- role: roles/cloudbuild.builds.editor
members:
- {{ 'serviceAccount:' + KF_USER_NAME + '@' + env['project'] + '.iam.gserviceaccount.com' }}

{# Grant permissions needed to push the app to a cloud repository. #}
- role: roles/source.admin
Expand Down Expand Up @@ -253,6 +257,11 @@ resources:
policy: $(ref.get-iam-policy-delete)
gcpIamPolicyPatch:
remove:
{# Grant permissions needed to submit builds to Google Cloud Container Builder #}
- role: roles/cloudbuild.builds.editor
members:
- {{ 'serviceAccount:' + KF_USER_NAME + '@' + env['project'] + '.iam.gserviceaccount.com' }}

{# Grant permissions needed to push the app to a cloud repository. #}
- role: roles/source.admin
members:
Expand Down

0 comments on commit e7e16c4

Please sign in to comment.