Create the google service account.

2021-07-18 17:03:14 -04:00 · 2021-07-18 17:03:14 -04:00 · e17e2f24a7
commit e17e2f24a7
parent 06b787ef97
2 changed files with 19 additions and 2 deletions
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@ -110,6 +110,7 @@ module "cloudsql" {
 module "cloudsql_test_sa" {
  source              = "../modules/workload_identity_account"
  project             = var.project
+  k8s_service_account = "test-sa"
 }

 #################### Redis ################################
--- a/terraform/modules/workload_identity_account/workload_identity_account.tf
+++ b/terraform/modules/workload_identity_account/workload_identity_account.tf
@ -6,3 +6,19 @@ variable "project" {
  description = "Project ID."
  type        = string
 }
+
+variable "k8s_namespace" {
+  description = "Name of the kubernetes namespace containing the service account."
+  type        = string
+  default     = "default"
+}
+
+variable "k8s_service_account" {
+  description = "Service account name from kubernetes."
+  type        = string
+}
+
+resource "google_service_account" "service_account" {
+  account_id   = "wi-${var.k8s_namespace}-${var.k8s_service_account}"
+  display_name = "Workload identity account for GKE [${var.k8s_namespace}/${var.k8s_service_account}]"
+}