Remove not used sa-gcs-plank service account

Sawthis · Jul 18, 2024 · b22b428 · b22b428
1 parent 5aa8914
commit b22b428
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 18 deletions.
diff --git a/docs/prow/authorization.md b/docs/prow/authorization.md
@@ -9,7 +9,6 @@ To deploy a Prow cluster, configure the following service accounts in the Google
 | **sa-gke-kyma-integration**   | Runs integration tests on a GKE cluster. | `Cloud KMS CryptoKey Encrypter/Decrypter` (`roles/cloudkms.cryptoKeyVersions.useToDecrypt`,`roles/cloudkms.cryptoKeyVersions.useToEncrypt`,`roles/resourcemanager.projects.get`), `Compute Admin` (`roles/compute.admin`), `Compute Network Admin`,`Kubernetes Engine Admin` (`roles/container.admin`), `Kubernetes Engine Cluster Admin` (`roles/container.clusterAdmin`), `DNS Administrator` (`roles/dns.admin`), `Service Account User` (`roles/iam.serviceAccountUser`), `Storage Admin` (`roles/storage.admin`)
 | **sa-kyma-artifacts**         | Saves release and development artifacts to the GCS bucket. | `Storage Object Admin` (`roles/storage.objectAdmin`)
 | **sa-vm-kyma-integration**    | Runs integration tests on k3d. | `Compute Instance Admin (beta)` (`roles/compute.instanceAdmin`), `Compute OS Admin Login` (`roles/compute.osAdminLogin`), `Service Account User` (`roles/iam.serviceAccountUser`)
-| **sa-gcs-plank**              | Currently not in use. | no roles attached
 | **sa-crier**                  | Reports Prow Job statuses to GitHub. | `Service Account User` |
 
 

diff --git a/pkg/tools/pjtester/test_artifacts/test-prow-config.yaml b/pkg/tools/pjtester/test_artifacts/test-prow-config.yaml
@@ -30,7 +30,6 @@ plank:
       gcs_configuration:
         bucket: kyma-prow-logs
         path_strategy: "explicit"
-      gcs_credentials_secret: "sa-gcs-plank" # Service account with "Object Admin" role
 
 deck:
   spyglass:

diff --git a/prow/workload-cluster/trusted-workload/trusted_workloadidentity_serviceaccount.yaml b/prow/workload-cluster/trusted-workload/trusted_workloadidentity_serviceaccount.yaml
@@ -2,14 +2,6 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
-metadata:
-  annotations:
-    iam.gke.io/gcp-service-account: [email protected]
-  name: prowjob-default-sa
-  namespace: default
----
-apiVersion: v1
-kind: ServiceAccount
 metadata:
   annotations:
     iam.gke.io/gcp-service-account: [email protected]

diff --git a/prow/workload-cluster/untrusted_workloadidentity_serviceaccount.yaml b/prow/workload-cluster/untrusted_workloadidentity_serviceaccount.yaml
@@ -1,13 +1,5 @@
 # Service Accounts linked to Google Workload Identity
 ---
-- apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    annotations:
-      iam.gke.io/gcp-service-account: [email protected]
-    name: prowjob-default-sa
-    namespace: default
----
 - apiVersion: v1
   kind: ServiceAccount
   metadata: