I am trying to make postgres accessible from my GKE cluster. For this I have created a GSA with enough permissions to access postgres, KSA, Role, Rolebindings and created a iam_member with role Workload Identity. In short KSA will assume all permissions of GSA. This setup works fine when I use my built-in username to access postgres but when I try to access it with google_sql_user of type CLOUD_IAM_SERVICE_ACCOUNT, I am getting an error that this user doesn't have permissions. Do I need to provide separate permissions to this user , if yes, how to do that using terraform?
Related Questions in POSTGRESQL
- Only the first SQL script gets executed inside Docker Postgres container
- Compare fields in two tables
- Hibernate ClobJdbcType bindings: what are the diferences?
- Postgres && statement Error in Mybatis Mapper?
- Can this query be optimized? (Choosing a random row to insert, that excludes previously inserted Rows)
- Connection terminated unexpectedly while performing multi row insert using pg-promise
- Processing multiple forms in nodejs and postgresql
- How to copy data from SQLite to postgreSQL?
- PGAdmin4 configured behind a reverse proxy but unable to connect to Postgresql server
- Updates to pgsodium encrypted values don't use specified key_id
- Connecting to Postgres running in a Docker container using psql
- Can't connect to local postgresql server from my docker container
- Django Arrayfield migration to cloud sql (Postgresql) not creating the column
- Get list of matching keywords for each post
- docker-compose can't reset postgresql database
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in TERRAFORM
- Why does terraform aws_cognito_user_pool always show as "updated in-place" on every single terraform plan?
- Terraform - loop over complex data in data source
- Terraform cidrsubnets
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Problem to add service principal permissions with terraform
- Multiple resources for the depends_on dependencies is throwing an Error
- Parametrizing backend in terraform on gcp
- AWS EKS Fargate pod scheduling issue with Prometheus deployment
- Terraform valdiate that one of N variables is set to "true"
- How to assign a value to a string variable, that includes embedded '=' in the value
- Terraform loop over Map variable to provision multiple Databricks catalogs
- Terraform OCI error when creating Network Load Balancer
- logiapp teams api connection terraform user sign in
- Difference between google_project_iam_* and other google_*_iam_* resources
- JSON representation of the current Terraform configuration
Related Questions in GOOGLE-KUBERNETES-ENGINE
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- Kubectl command throws error when executed from python script but manual execution works fine
- Unable to add TLS certificate to GKE from Google Secret Manager
- GKE Clusters no indication within metrics or logs after failure
- Getting connection refused to Private GKE Internal point. Autopilot private cluster
- Can I have the Google managed service range on a standard gke cluster created with Terraform- non auto-pilot
- Configure Lens with GKE cluster - gke_gcloud_auth_plugin issue
- Having issues joining my kubernetes worker noed to a controller node
- How to deploy airflow in kubernetes cluster that uses istio
- GKE cluster shutdown
- Artifactory 404 error from virtual repository where docker pulls fine but crictl does not
- Scraping from Mexico in GCP EKG?
- not able to connect via cloud sql proxy
- SQL connection throws error when adding DistributedSession, SessionMiddleware
- CronJob pod repeats pending forever even after deleting it
Related Questions in WORKLOAD-IDENTITY
- Running Azure Function in AKS with Workload Identity and Eventhub Trigger
- GCP Workload Identity Federation in java
- Unable to connect to Azure SQL from Kubernetes (AKS) web app container using workload identity
- Issues generating IMDS access token from AKS Pod using workload identity
- Access Google Artifact repository image from onprem K8S using Workload Identity Federation
- Naive Question: How to access google drive/sheets from Jupyter without downloading a service key?
- GKE with Workload identity can't access secrets from Secret Manager through nodejs client library
- GCP Identity Federation Authentication not working from docker on github actions
- Unable to authenticate to Artifact Registry using Workload Identity
- Aks workload identity with deamon set
- argocd-image-updater cannot pull image from GCP artifact registry
- GKE workload identity with spring boot
- Using terraform along with service connection based on workload identity federation
- Clone git with workload/ federated identity
- How to use Workload Identity when configuring external clusters in Argo CD?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?