Test your network latency to the nearest cloud provider in AWS, Azure, GCP, Alibaba Cloud, IBM Cloud, Oracle Cloud and DigitalOcean directly from your browser.

Stars: ✭ 60 (+328.57%)

Mutual labels: gcp

Networking-and-Kubernetes

This is the code repo for Networking and Kubernetes: A Layered Approach. https://learning.oreilly.com/library/view/networking-and-kubernetes/9781492081647/

Stars: ✭ 103 (+635.71%)

Mutual labels: gcp

bigtable-autoscaler-operator

Kubernetes operator to autoscale Google's Cloud Bigtable clusters

Stars: ✭ 22 (+57.14%)

Mutual labels: gcp

gisjogja

GISJOGJA - aplikasi web based sistem informasi geografis (SIG) / GIS wisata kota JOGJA - www.firstplato.com

Stars: ✭ 17 (+21.43%)

Mutual labels: gcp

hive-bigquery-storage-handler

Hive Storage Handler for interoperability between BigQuery and Apache Hive

Stars: ✭ 16 (+14.29%)

Mutual labels: gcp

devrel

Common solutions and tools developed for Apigee

Stars: ✭ 121 (+764.29%)

Mutual labels: gcp

cli

The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent.

Stars: ✭ 811 (+5692.86%)

Mutual labels: gcp

collie-cli

Collie CLI allows you to manage your AWS, Azure & GCP cloud landscape through a single view.

Stars: ✭ 152 (+985.71%)

Mutual labels: gcp

cloud-pricing-api

GraphQL API for cloud pricing. Contains over 3M public prices from AWS, Azure and GCP. Self-updates prices via an automated weekly job.

Stars: ✭ 281 (+1907.14%)

Mutual labels: gcp

pubsub cli

super handy google cloud Pub/Sub CLI

Stars: ✭ 32 (+128.57%)

Mutual labels: gcp

grucloud

Generate diagrams and code from cloud infrastructures: AWS, Azure,GCP, Kubernetes

Stars: ✭ 76 (+442.86%)

Mutual labels: gcp

hush gcp secret manager

A Google Secret Manager Provider for Hush

Stars: ✭ 17 (+21.43%)

Mutual labels: gcp

deployment-controller

基于Fabric8模拟Kubernetes的Deployment实现一个Controller

Stars: ✭ 60 (+328.57%)

Mutual labels: crd

tfeel

Twitter sentiment analysis

Stars: ✭ 22 (+57.14%)

Mutual labels: gcp

Everything-Tech

A collection of online resources to help you on your Tech journey.

Stars: ✭ 396 (+2728.57%)

Mutual labels: gcp

cookbook

VueJS + NodeJS Evergreen Cookbook

Stars: ✭ 440 (+3042.86%)

Mutual labels: gcp

GCPEditorPro

Amazingly fast and simple ground control points interface. ◎

Stars: ✭ 33 (+135.71%)

Mutual labels: gcp

View All Similar Projects ➔

Gcp Service Account Controller

this controller manges gcp service account over kubernetes resources.

The Helm chart can be found in the Kiwigrid helm repo. Add it via:

helm repo add kiwigrid https://kiwigrid.github.io

The Helm charts source can be found at:

https://github.com/kiwigrid/helm-charts/tree/master/charts/gcp-serviceaccount-controller

Features

creates gcp service accounts and creates secrets from the service account keyfile
handles the full lifecycle of a service account via CRD
keyfiles are only exists inside kubernetes and not saved outside
with version 0.2.0 you can restrict enabled roles per namespace via regular expressions (this feature is enabled by default; can be disabled with DISABLE_RESTRICTION_CHECK)

Deployment

First you need to create a GCP service account with at least the following permissions:

- iam.serviceAccounts.create
- iam.serviceAccounts.delete
- iam.serviceAccounts.get
- iam.serviceAccounts.list
- iam.serviceAccounts.update
- iam.serviceAccountKeys.create
- iam.serviceAccountKeys.delete
- iam.serviceAccountKeys.get
- iam.serviceAccountKeys.list
- pubsub.subscriptions.getIamPolicy
- pubsub.subscriptions.setIamPolicy
- pubsub.topics.getIamPolicy
- pubsub.topics.setIamPolicy
- storage.buckets.getIamPolicy
- storage.buckets.setIamPolicy
- resourcemanager.projects.getIamPolicy
- resourcemanager.projects.setIamPolicy

You can use the helm chart to deploy Then add the base64 encoded file to the gcpCredentials value.

helm upgrade -i -f <YOUR_VALUES_FILE> <RELEASE_NAME> helm/

Example

This is an example resource definition for a service account:

apiVersion: gcp.kiwigrid.com/v1beta1
kind: GcpServiceAccount
metadata:
  name: gcpserviceaccount-sample
spec:
  serviceAccountIdentifier: kube-example
  serviceAccountDescription: kube-example
  secretName: kube-example-secret
  bindings:
  - resource: "//cloudresourcemanager.googleapis.com/projects/<PROJECT_NAME>"
    roles:
    - "roles/cloudsql.editor"

Example for buckets:

apiVersion: gcp.kiwigrid.com/v1beta1
kind: GcpServiceAccount
metadata:
  name: gcpserviceaccount-bucket-sample
spec:
  serviceAccountIdentifier: kube-bucket-example
  serviceAccountDescription: kube-bucket-example
  secretName: kube-bucket-example-secret
  bindings:
  - resource: buckets/my-bucket-name
    roles:
    - roles/storage.objectAdmin

Example for namespace restriction:

apiVersion: gcp.kiwigrid.com/v1beta1
kind: GcpNamespaceRestriction
metadata:
  labels:
  name: gcpnamespacerestriction-sample
spec:
  namespace: test
  regex: true
  restrictions:
  - resource: "^buckets/my-bucket-name$"
    roles:
    - "^roles/storage\.objectAdmin$"
  - resource: "^pubsub/.*$"
    roles:
    - "^roles/.*$"

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

kiwigrid / gcp-serviceaccount-controller

Programming Languages

Labels

Projects that are alternatives of or similar to gcp-serviceaccount-controller

Gcp Service Account Controller

Features

Deployment

Example