# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ######### # Give KCC for this project's namespace permission to read KCC resources in the projects namespace. # This allows IAMMemberPolicy in this project's namespace to reference the project in the projects namespace. apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: # kpt-merge: projects/cnrm-project-viewer-project-id name: cnrm-project-viewer-MY_AWESOME_PROJECT_0000 # kpt-set: cnrm-project-viewer-${project-id} namespace: config-control roleRef: name: cnrm-viewer kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: cnrm-controller-manager-MY_AWESOME_PROJECT_0000 # kpt-set: cnrm-controller-manager-${project-id} namespace: cnrm-system kind: ServiceAccount