Create the google service account.

3 years ago · e17e2f24a7
parent 06b787ef97
commit e17e2f24a7
2 changed files with 19 additions and 2 deletions
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@ -108,8 +108,9 @@ module "cloudsql" {
 # Create a workload identity service account for IAM authentication to
 # cloudsql
 module "cloudsql_test_sa" {
-  source  = "../modules/workload_identity_account"
-  project = var.project
+  source              = "../modules/workload_identity_account"
+  project             = var.project
+  k8s_service_account = "test-sa"
 }

 #################### Redis ################################
--- a/terraform/modules/workload_identity_account/workload_identity_account.tf
+++ b/terraform/modules/workload_identity_account/workload_identity_account.tf
@ -6,3 +6,19 @@ variable "project" {
  description = "Project ID."
  type        = string
 }
+
+variable "k8s_namespace" {
+  description = "Name of the kubernetes namespace containing the service account."
+  type        = string
+  default     = "default"
+}
+
+variable "k8s_service_account" {
+  description = "Service account name from kubernetes."
+  type        = string
+}
+
+resource "google_service_account" "service_account" {
+  account_id   = "wi-${var.k8s_namespace}-${var.k8s_service_account}"
+  display_name = "Workload identity account for GKE [${var.k8s_namespace}/${var.k8s_service_account}]"
+}