This webhook syncs federated identity credentials from Azure for a Kubernetes cluster. Every time a Kubernetes service account with a specific label gets created it queries the Azure Managed Identities to fetch the client ID and tenant ID, and patches these values into this service account.
MIT License
5
stars
0
forks
source link
refactor(gcp): Update GCP querying to use Asset Inventory API #21
Searching for the GCP service account is now done by using the Asset Inventory API. This saves some API requests and should speed up the process.
NOTE:
This requires the Asset Inventory API (cloudasset.googleapis.com) to be enabled on a project. Furthermore, assigning the Cloud Asset Viewer (roles/asset.viewer) role to the account used for the syncer itself is necessary.
Searching for the GCP service account is now done by using the Asset Inventory API. This saves some API requests and should speed up the process.
NOTE:
This requires the Asset Inventory API (
cloudasset.googleapis.com) to be enabled on a project. Furthermore, assigning the Cloud Asset Viewer(roles/asset.viewer)role to the account used for the syncer itself is necessary.