Last active
December 5, 2019 16:42
-
-
Save gadiener/37d9a4a57bc182d2f045108c7657e004 to your computer and use it in GitHub Desktop.
Create GKE deployer IAM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
if [ -n "${DEBUG}" ]; then | |
set -x | |
fi | |
for var in "NAME" "PROJECT"; do | |
if [ -z "${!var}" ]; then | |
echo "Missing '${var}' variable!" | |
exit 1 | |
fi | |
done | |
echo | |
echo "-> Generating IAM account '${NAME}@${PROJECT}.iam.gserviceaccount.com':" | |
echo | |
gcloud iam service-accounts create --display-name "${NAME} deploy access" "${NAME}" --project "${PROJECT}" | |
echo | |
echo "-> IAM account generated!" | |
echo | |
echo | |
echo "-> Generating json key:" | |
echo | |
gcloud iam service-accounts keys create /tmp/key.json --iam-account="${NAME}"@"${PROJECT}".iam.gserviceaccount.com --project "${PROJECT}" | |
cat /tmp/key.json && rm /tmp/key.json | |
echo | |
echo "-> Json key generated!" | |
echo | |
echo | |
echo "-> Binding IAM account to role 'container.viewer':" | |
echo | |
gcloud projects add-iam-policy-binding "${PROJECT}" --role=roles/container.viewer --member=serviceAccount:"${NAME}"@"${PROJECT}".iam.gserviceaccount.com --project "${PROJECT}" | |
echo | |
echo "-> IAM account bound!" | |
echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment