Reference
ClientIntents example (YAML)
apiVersion: k8s.otterize.com/v2beta1
kind: ClientIntents
metadata:
name: server
spec:
workload:
# The name of the pod that will be granted access
name: server
kind: Deployment
targets:
# The GCP resource name as defined in the linked documentation below
# Wildcards can be used in the end of the resource name to match multiple and nested resources
- gcp:
resource: projects/_/buckets/otterize-demo-bucket*
# one or more GCP Roles that will be provided to the specified resources
permissions:
- "storage.admin"
# Multiple call definitions can be defined for a single service.
- gcp:
resource: projects/_/buckets/otterize-read-only-bucket*
permissions:
- "storage.objectViewer"
GCP documentation references
- For GCP resource names, refer to the Resource Name Format documentation.
- For GCP roles and permissions, refer to the Predefined roles and permissions documentation.
Annotations
| Key | Description | Default |
|---|---|---|
credentials-operator.otterize.com/create-gcp-sa | When set to true, the credential operator will create a unique GCP service account for the K8S ServiceAccount of the associated pod | false |
Helm Chart options
| Key | Description | Default |
|---|---|---|
global.gcp.enabled | Enable or disable GCP integration | false |
View the Helm chart reference for all other options