Skip to content

Instantly share code, notes, and snippets.

@viggin543

viggin543/do-backup.bash

Created February 27, 2021 07:17
Show Gist options
  • Save viggin543/111e6e610bda335e6ba566a3373ff258 to your computer and use it in GitHub Desktop.
Save viggin543/111e6e610bda335e6ba566a3373ff258 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
do-backup.bash
#!/bin/zsh
gsutil mb gs://argocd-backup
gcloud iam service-accounts create argocd-backup \
--description="argocd-backup utils" \
--display-name="argocd-backup"
gsutil iam ch serviceAccount:argocd-backup@<PROJECT_KEY>.iam.gserviceaccount.com:objectAdmin gs://argocd-backup
gcloud iam service-accounts add-iam-policy-binding \
--role roles/iam.workloadIdentityUser \
--member "serviceAccount:<PROJECT_KEY>.svc.id.goog[utils/stg-argocd-backup-eu-west1]" \
argocd-backup@<PROJECT_KEY>.iam.gserviceaccount.com
# TEST KSA to GSA -> gsutil ls gs://backup-bucket #should work
kubectl run -it \
--image google/cloud-sdk:slim \
--serviceaccount <KSA_NAME> \
--namespace utils \
workload-identity-test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment