Skip to content

Commit 1781260

Browse files
walkosswalkoss
authored
fix(airbyte): fix workload identity (#796)
* fix(airbyte): fix workload identity * chore: bump vsn
1 parent ed0dc0d commit 1781260

File tree

5 files changed

+18
-19
lines changed

5 files changed

+18
-19
lines changed

airbyte/helm/airbyte/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: airbyte
33
description: Unified data integration platform
44
type: application
5-
version: 0.4.23
5+
version: 0.4.24
66
appVersion: 0.50.8
77
dependencies:
88
- name: airbyte

airbyte/helm/airbyte/values.yaml.tpl

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,3 +118,8 @@ airbyte:
118118
rootUser: {{ importValue "Terraform" "access_key_id" }}
119119
rootPassword: {{ importValue "Terraform" "secret_access_key" }}
120120
{{- end }}
121+
serviceAccount:
122+
{{ if $isGcp }}
123+
annotations:
124+
iam.gke.io/gcp-service-account: {{ importValue "Terraform" "gcp_sa_email" }}
125+
{{ end }}

airbyte/terraform/gcp/deps.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: plural.sh/v1alpha1
22
kind: Dependencies
33
metadata:
44
description: airbyte gcp setup
5-
version: 0.1.4
5+
version: 0.1.5
66
spec:
77
dependencies:
88
- name: gcp-bootstrap
@@ -15,3 +15,4 @@ spec:
1515
access_key_id: access_key_id
1616
secret_access_key: secret_access_key
1717
credentials_json: credentials_json
18+
gcp_sa_email: gcp_sa_email

airbyte/terraform/gcp/main.tf

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -64,29 +64,18 @@ resource "kubernetes_secret" "google-application-credentials" {
6464

6565
module "airbyte-workload-identity" {
6666
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
67-
name = "${var.cluster_name}-airbyte-wi"
67+
name = "${var.cluster_name}-airbyte"
6868
namespace = var.namespace
6969
project_id = var.project_id
7070
use_existing_k8s_sa = true
7171
annotate_k8s_sa = false
72-
k8s_sa_name = "default"
72+
k8s_sa_name = "airbyte-admin"
7373
roles = var.roles
74+
gcp_sa_name = google_service_account.airbyte.name
75+
use_existing_gcp_sa = true
7476

7577
depends_on = [
76-
kubernetes_namespace.airbyte
77-
]
78-
}
79-
80-
resource "kubernetes_default_service_account" "default" {
81-
metadata {
82-
name = "default"
83-
namespace = var.namespace
84-
annotations = {
85-
"iam.gke.io/gcp-service-account" = module.airbyte-workload-identity.gcp_service_account_email
86-
}
87-
}
88-
89-
depends_on = [
90-
kubernetes_namespace.airbyte
78+
kubernetes_namespace.airbyte,
79+
google_service_account.airbyte
9180
]
9281
}

airbyte/terraform/gcp/outputs.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,7 @@ output "secret_access_key" {
99
output "credentials_json" {
1010
value = google_service_account_key.airbyte_key.private_key
1111
}
12+
13+
output "gcp_sa_email" {
14+
value = google_service_account.airbyte.email
15+
}

0 commit comments

Comments
 (0)