Denis Arslanbekov arslanbekov

## actions.yml
name: "Example Workload Identity"

on:
  push:
    branches:
      - "master"

jobs:
  run:
    name: "Workload Identity Job"

## output.tf
output "pool_name" {
  description = "Pool name"
  value       = google_iam_workload_identity_pool.github_actions.name
}
output "provider_name" {
  description = "Provider name"
  value       = google_iam_workload_identity_pool_provider.github_actions.name
}

## main.tf
resource "google_service_account_iam_member" "wif-sa" {
  service_account_id = "projects/my-gcp-project/serviceAccounts/example-sa@my-gcp-project.iam.gserviceaccount.com"
  role               = "roles/iam.workloadIdentityUser"
  member             = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions.name}/*"
}

## main.tf
resource "google_iam_workload_identity_pool_provider" "github_actions" {
  provider                           = google-beta
  project                            = "my-gcp-project"
  workload_identity_pool_id          = google_iam_workload_identity_pool.github_actions.workload_identity_pool_id
  workload_identity_pool_provider_id = "github-actions"
  display_name                       = "GitHub Actions provider"
  description                        = "Workload Identity Pool Provider managed by Terraform"
  attribute_condition                = "attribute.repository_owner==\"arslanbekov\""
  attribute_mapping                  = {
    "google.subject"             = "assertion.sub"

## main.tf
resource "google_iam_workload_identity_pool" "github_actions" {
  provider                  = google-beta
  project                   = "my-gcp-project"
  workload_identity_pool_id = "github-actions"
  display_name              = "GitHub Actions pool"
  description               = "Workload Identity Pool managed by Terraform"
  disabled                  = false
}

## openvpn-cloud.tf
terraform {
  backend "local" {}
  required_providers {
    openvpncloud = {
      source  = "OpenVPN/openvpn-cloud"
      version = "0.0.7"
    }
  }
}

## google-workspace.tf
terraform {
  backend "remote" {
    hostname     = "app.terraform.io"
    organization = "EXAMPLE"

    workspaces {
      name = "google-workspace"
    }
  }
}

## top-brew-packages.txt
node: Platform built on V8 to build network applications
git: Distributed revision control system
wget: Internet file retriever
yarn: JavaScript package manager
python3: Interpreted, interactive, object-oriented programming language
python: Interpreted, interactive, object-oriented programming language
mysql: Open source relational database management system
coreutils: GNU File, Shell, and Text utilities
openssl: SSL/TLS cryptography library
postgresql: Object-relational database system

## custom-priorityclass.yaml
apiVersion: scheduling.k8s.io/v1beta1
description: "This priority class should be used for critical-pods only."
kind: PriorityClass
metadata:
  name: custom-high-priority
value: 100000000

## daemonsets-with-priorityclassname.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
	name: "Example Workload Identity"

	on:
	push:
	branches:
	- "master"

	jobs:
	run:
	name: "Workload Identity Job"
	output "pool_name" {
	description = "Pool name"
	value = google_iam_workload_identity_pool.github_actions.name
	}
	output "provider_name" {
	description = "Provider name"
	value = google_iam_workload_identity_pool_provider.github_actions.name
	}
	resource "google_service_account_iam_member" "wif-sa" {
	service_account_id = "projects/my-gcp-project/serviceAccounts/example-sa@my-gcp-project.iam.gserviceaccount.com"
	role = "roles/iam.workloadIdentityUser"
	member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github_actions.name}/*"
	}
	resource "google_iam_workload_identity_pool_provider" "github_actions" {
	provider = google-beta
	project = "my-gcp-project"
	workload_identity_pool_id = google_iam_workload_identity_pool.github_actions.workload_identity_pool_id
	workload_identity_pool_provider_id = "github-actions"
	display_name = "GitHub Actions provider"
	description = "Workload Identity Pool Provider managed by Terraform"
	attribute_condition = "attribute.repository_owner==\"arslanbekov\""
	attribute_mapping = {
	"google.subject" = "assertion.sub"
	terraform {
	backend "local" {}
	required_providers {
	openvpncloud = {
	source = "OpenVPN/openvpn-cloud"
	version = "0.0.7"
	}
	}
	}
	terraform {
	backend "remote" {
	hostname = "app.terraform.io"
	organization = "EXAMPLE"

	workspaces {
	name = "google-workspace"
	}
	}
	}
	node: Platform built on V8 to build network applications
	git: Distributed revision control system
	wget: Internet file retriever
	yarn: JavaScript package manager
	python3: Interpreted, interactive, object-oriented programming language
	python: Interpreted, interactive, object-oriented programming language
	mysql: Open source relational database management system
	coreutils: GNU File, Shell, and Text utilities
	openssl: SSL/TLS cryptography library
	postgresql: Object-relational database system
	apiVersion: scheduling.k8s.io/v1beta1
	description: "This priority class should be used for critical-pods only."
	kind: PriorityClass
	metadata:
	name: custom-high-priority
	value: 100000000
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: fluentd-elasticsearch
	namespace: kube-system
	labels:
	k8s-app: fluentd-logging
	spec:
	selector:
	matchLabels: