Create the google service account.

terraform/basic_gke/main.tf

@@ -108,8 +108,9 @@ module "cloudsql" {
 # Create a workload identity service account for IAM authentication to
 # cloudsql
 module "cloudsql_test_sa" {
-  source  = "../modules/workload_identity_account"
+  source              = "../modules/workload_identity_account"
-  project = var.project
+  project             = var.project
+  k8s_service_account = "test-sa"
 }
 
 #################### Redis ################################

terraform/modules/workload_identity_account/workload_identity_account.tf

@@ -6,3 +6,19 @@ variable "project" {
   description = "Project ID."
   type        = string
 }
+
+variable "k8s_namespace" {
+  description = "Name of the kubernetes namespace containing the service account."
+  type        = string
+  default     = "default"
+}
+
+variable "k8s_service_account" {
+  description = "Service account name from kubernetes."
+  type        = string
+}
+
+resource "google_service_account" "service_account" {
+  account_id   = "wi-${var.k8s_namespace}-${var.k8s_service_account}"
+  display_name = "Workload identity account for GKE [${var.k8s_namespace}/${var.k8s_service_account}]"
+}