diff --git a/templates/gitlab-ci-k8s-gcp.yml b/templates/gitlab-ci-k8s-gcp.yml
index 5bed69f219b0e192e18721b893345d4ef214e302..08e370ed269d3517213dedfeae4faf7d84246324 100644
--- a/templates/gitlab-ci-k8s-gcp.yml
+++ b/templates/gitlab-ci-k8s-gcp.yml
@@ -56,44 +56,43 @@ variables:
K8S_KUBECTL_IMAGE: $[[ inputs.kubectl-image ]]
-.gcp-provider-auth:
- before_script:
- - echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
- - echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
- - |-
- if [[ "$ENV_TYPE" ]]
- then
- case "$ENV_TYPE" in
- review*)
- env_prefix=REVIEW;;
- integ*)
- env_prefix=INTEG;;
- staging*)
- env_prefix=STAGING;;
- prod*)
- env_prefix=PROD;;
- *)
- ;;
- esac
- env_oidc_provider=$(eval echo "\$GCP_${env_prefix}_OIDC_PROVIDER")
- env_oidc_account=$(eval echo "\$GCP_${env_prefix}_OIDC_ACCOUNT")
- fi
- oidc_provider="${env_oidc_provider:-$GCP_OIDC_PROVIDER}"
- oidc_account="${env_oidc_account:-$GCP_OIDC_ACCOUNT}"
- - |-
- cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"
- {
- "type": "external_account",
- "audience": "//iam.googleapis.com/${oidc_provider}",
- "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
- "token_url": "https://sts.googleapis.com/v1/token",
- "credential_source": {
- "file": "$CI_BUILDS_DIR/.auth_token.jwt"
- },
- "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${oidc_account}:generateAccessToken"
- }
- EOF
- - export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"
+.k8s-gcp-adc:
+ - echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
+ - echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
+ - |-
+ if [[ "$ENV_TYPE" ]]
+ then
+ case "$ENV_TYPE" in
+ review*)
+ env_prefix=REVIEW;;
+ integ*)
+ env_prefix=INTEG;;
+ staging*)
+ env_prefix=STAGING;;
+ prod*)
+ env_prefix=PROD;;
+ *)
+ ;;
+ esac
+ env_oidc_provider=$(eval echo "\$GCP_${env_prefix}_OIDC_PROVIDER")
+ env_oidc_account=$(eval echo "\$GCP_${env_prefix}_OIDC_ACCOUNT")
+ fi
+ oidc_provider="${env_oidc_provider:-$GCP_OIDC_PROVIDER}"
+ oidc_account="${env_oidc_account:-$GCP_OIDC_ACCOUNT}"
+ - |-
+ cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"
+ {
+ "type": "external_account",
+ "audience": "//iam.googleapis.com/${oidc_provider}",
+ "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
+ "token_url": "https://sts.googleapis.com/v1/token",
+ "credential_source": {
+ "file": "$CI_BUILDS_DIR/.auth_token.jwt"
+ },
+ "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${oidc_account}:generateAccessToken"
+ }
+ EOF
+ - export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"
.k8s-deploy:
id_tokens:
@@ -101,7 +100,7 @@ variables:
aud: "$GCP_OIDC_AUD"
before_script:
- !reference [.k8s-scripts]
- - !reference [.gcp-provider-auth, before_script]
+ - !reference [.k8s-gcp-adc]
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- k8s_login
@@ -111,6 +110,6 @@ variables:
aud: "$GCP_OIDC_AUD"
before_script:
- !reference [.k8s-scripts]
- - !reference [.gcp-provider-auth, before_script]
+ - !reference [.k8s-gcp-adc]
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- k8s_login
\ No newline at end of file