use prow in the default namespace

kubernetes · Aug 29, 2024 · 802aff0 · 802aff0
1 parent d800ba1
commit 802aff0
Showing 1 changed file with 6 additions and 20 deletions.
diff --git a/infra/gcp/terraform/k8s-infra-prow/iam.tf b/infra/gcp/terraform/k8s-infra-prow/iam.tf
@@ -74,12 +74,12 @@ resource "google_service_account_iam_binding" "argocd" {
   role               = "roles/iam.workloadIdentityUser"
 
   members = [
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/config-bootstrapper]",
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/crier]",
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/deck]",
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/hook]",
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/prow-controller-manager]",
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/sinker]",
+    "serviceAccount:k8s-infra-prow.svc.id.goog[defaultconfig-bootstrapper]",
+    "serviceAccount:k8s-infra-prow.svc.id.goog[defaultcrier]",
+    "serviceAccount:k8s-infra-prow.svc.id.goog[defaultdeck]",
+    "serviceAccount:k8s-infra-prow.svc.id.goog[defaulthook]",
+    "serviceAccount:k8s-infra-prow.svc.id.goog[defaultprow-controller-manager]",
+    "serviceAccount:k8s-infra-prow.svc.id.goog[defaultsinker]",
   ]
 }
 
@@ -110,17 +110,3 @@ resource "google_service_account_iam_binding" "prow" {
     "serviceAccount:k8s-infra-prow.svc.id.goog[argocd/argocd-server]",
   ]
 }
-
-resource "google_service_account" "halogen" {
-  account_id   = "halogen"
-  display_name = "halogen"
-  project      = module.project.project_id
-}
-
-resource "google_service_account_iam_binding" "halogen" {
-  service_account_id = google_service_account.halogen.name
-  role               = "roles/iam.workloadIdentityUser"
-  members = [
-    "serviceAccount:k8s-infra-prow.svc.id.goog[prow/halogen]",
-  ]
-}