Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SURE-3099] Add ability to configure the Service Account for node pools in GKE clusters #262

Closed
1 of 4 tasks
kkaempf opened this issue Jan 9, 2024 · 2 comments
Closed
1 of 4 tasks

[SURE-3099] Add ability to configure the Service Account for node pools in GKE clusters #262

kkaempf opened this issue Jan 9, 2024 · 2 comments
Assignees
@yiannistri
Labels
JIRA Must shout kind/enhancement New feature or request status/effort-estimate-required
Milestone
v2.9.0

Comments

@kkaempf
Copy link

kkaempf commented Jan 9, 2024
edited by mjura
Loading

Request description:

Best practice for GKE is to use a separate SA with minimal access for the node pools. This is not an option in GKEv2 today and should be added. List of existing SA in the project is available through the GCP API. https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa https://avd.aquasec.com/cspm/google/kubernetes/default-service-account/

Actual behavior:

No ability to configure Service Account for node pools

Expected behavior:

Ability to configure Service Account for node pools

Tasks:

  • update oprator
  • update terraform-rancher-provider
  • update docs

PR's:
@kkaempf kkaempf added kind/enhancement New feature or request JIRA Must shout labels Jan 9, 2024
@kkaempf kkaempf moved this to Backlog in CAPI / Turtles Jan 9, 2024
@kkaempf kkaempf added this to the v2.9.0 milestone Feb 5, 2024
@yiannistri yiannistri self-assigned this May 9, 2024
@yiannistri yiannistri moved this from Backlog to In Progress (8 max) in CAPI / Turtles May 9, 2024
This was referenced May 16, 2024
Closed
Merged
@yiannistri yiannistri mentioned this issue May 21, 2024
Merged
5 tasks
@yiannistri yiannistri moved this from In Progress (8 max) to PR to be reviewed in CAPI / Turtles May 21, 2024
@yiannistri yiannistri moved this from PR to be reviewed to In Progress (8 max) in CAPI / Turtles May 21, 2024
@yiannistri yiannistri mentioned this issue May 21, 2024
Closed
@yiannistri
Copy link
Contributor

Before updating https://github.com/rancher/terraform-provider-rancher2 we need to add a new release branch that tracks Rancher 2.9, see https://github.com/rancher/terraform-provider-rancher2/milestone/26. This is because the change to include the optional service account field are available in the 2.9 branch of Rancher.

@yiannistri yiannistri moved this from In Progress (8 max) to Blocked in CAPI / Turtles Jun 12, 2024
@cpinjani cpinjani moved this from Blocked to To Test in CAPI / Turtles Jul 16, 2024
@cpinjani
Copy link
Contributor

cpinjani commented Jul 17, 2024
edited
Loading

Validation passed on build v2.9-81337b95660cba868629d6fe769bd7e8242b5aee-head, gke-operator:v1.9.0-rc.8
Details here: rancher/dashboard#11068 (comment)

@github-project-automation github-project-automation bot moved this from To Test to Done in CAPI / Turtles Jul 17, 2024
@mitulshah-suse mitulshah-suse mentioned this issue Jan 23, 2025
Closed
mjura added a commit to mjura/terraform-provider-rancher2 that referenced this issue Feb 4, 2025
@mjura
Add service account for node pool in GKE cluster
e719332 
Add ability to specify a service account for a node pool in a GKE cluster

Issue: rancher/gke-operator#262
@mjura mjura mentioned this issue Feb 4, 2025
Merged
mjura added a commit to mjura/terraform-provider-rancher2 that referenced this issue Feb 5, 2025
@mjura
Add service account for node pool in GKE cluster
b9db23b 
Add ability to specify a service account for a node pool in a GKE cluster

Issue: rancher/gke-operator#262
Signed-off-by: Michal Jura <[email protected]>
mjura added a commit to mjura/terraform-provider-rancher2 that referenced this issue Feb 5, 2025
@mjura
Add service account for node pool in GKE cluster
d973684 
Add ability to specify a service account for a node pool in a GKE cluster

Issue: rancher/gke-operator#262
Signed-off-by: Michal Jura <[email protected]>
mjura added a commit to mjura/terraform-provider-rancher2 that referenced this issue Feb 5, 2025
@mjura
Add service account for node pool in GKE cluster
1da0985 
Add ability to specify a service account for a node pool in a GKE cluster

Issue: rancher/gke-operator#262
Signed-off-by: Michal Jura <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yiannistri yiannistri

Labels
JIRA Must shout kind/enhancement New feature or request status/effort-estimate-required
Projects
CAPI / Turtles
Archived in project
Milestone
v2.9.0
Development

No branches or pull requests
4 participants
@kkaempf @mjura @yiannistri @cpinjani