k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/trusted_serviceaccounts.yaml

k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/trusted_serviceaccounts.yaml (about)

     1  ---
     2  kind: ServiceAccount
     3  apiVersion: v1
     4  metadata:
     5    annotations:
     6      iam.gke.io/gcp-service-account: pusher@k8s-prow.iam.gserviceaccount.com
     7    name: pusher
     8    namespace: test-pods
     9  ---
    10  kind: ServiceAccount
    11  apiVersion: v1
    12  metadata:
    13    annotations:
    14      iam.gke.io/gcp-service-account: testgrid-config-updater@k8s-testgrid.iam.gserviceaccount.com
    15    name: testgrid-config-updater
    16    namespace: test-pods
    17  ---
    18  kind: ServiceAccount
    19  apiVersion: v1
    20  metadata:
    21    annotations:
    22      iam.gke.io/gcp-service-account: deployer@k8s-prow.iam.gserviceaccount.com
    23    name: deployer
    24    namespace: test-pods
    25  ---
    26  kind: ServiceAccount
    27  apiVersion: v1
    28  metadata:
    29    annotations:
    30      iam.gke.io/gcp-service-account: gencred-refresher@k8s-prow.iam.gserviceaccount.com
    31    name: gencred-refresher
    32    namespace: test-pods
    33  ---
    34  kind: ServiceAccount
    35  apiVersion: v1
    36  metadata:
    37    annotations:
    38      iam.gke.io/gcp-service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
    39    name: k8s-infra-gcr-promoter
    40    namespace: test-pods
    41  ---
    42  kind: ServiceAccount
    43  apiVersion: v1
    44  metadata:
    45    annotations:
    46      iam.gke.io/gcp-service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod-bak.iam.gserviceaccount.com
    47    name: k8s-infra-gcr-promoter-bak
    48    namespace: test-pods
    49  ---
    50  kind: ServiceAccount
    51  apiVersion: v1
    52  metadata:
    53    annotations:
    54      iam.gke.io/gcp-service-account: kubernetes-external-secrets-sa@k8s-prow.iam.gserviceaccount.com
    55    name: kubernetes-external-secrets-sa
    56    namespace: default
    57  ---
    58  kind: ServiceAccount
    59  apiVersion: v1
    60  metadata:
    61    annotations:
    62      iam.gke.io/gcp-service-account: prowjob-default-sa@k8s-prow.iam.gserviceaccount.com
    63    name: prowjob-default-sa
    64    namespace: test-pods
    65  ---
    66  # legacy-sa-json-key-rotator is used for rotating the default build cluster sa
    67  # json key, and should only be used for this purpose. This GCP SA will be
    68  # granted secret manager owner permission on the
    69  # default-k8s-build-cluster-service-account-key secret in k8s-prow-builds
    70  # project, and service account key list/create/delete permission on the
    71  # pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com SA.
    72  kind: ServiceAccount
    73  apiVersion: v1
    74  metadata:
    75    annotations:
    76      iam.gke.io/gcp-service-account: legacy-sa-json-key-rotator@k8s-prow.iam.gserviceaccount.com
    77    name: legacy-sa-json-key-rotator
    78    namespace: test-pods