Skip to content

Commit

Permalink
README.md: update "Allow access to images" (#77)
Browse files Browse the repository at this point in the history 
Recommend per-repo access policy instead of per-project.
  • Loading branch information
@sergiitk
sergiitk authored May 1, 2024
1 parent 6ffc132 commit 8b7701a
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,12 +134,15 @@ to these images. To grant access to images stored in `grpc-testing` project GCR,
run:

```sh
gcloud projects add-iam-policy-binding "grpc-testing" \
--member="serviceAccount:${GCE_SA}" \
--role="roles/artifactregistry.reader" \
--condition="None"
gcloud artifacts repositories add-iam-policy-binding "projects/grpc-testing/locations/us/repositories/psm-interop" \
--member="serviceAccount:${GCE_SA}" \
--role="roles/artifactregistry.reader" \
--condition=None
```

If you get `PERMISSION_DENIED`, contact one of the repo
[maintainers](https://github.com/grpc/psm-interop/blob/master/MAINTAINERS.md).

##### Allow test driver to configure workload identity automatically
Test driver will automatically grant `roles/iam.workloadIdentityUser` to
allow the Kubernetes service account to impersonate the dedicated GCP workload
Expand Down

0 comments on commit 8b7701a

Please sign in to comment.