serviceAccount missing in v3.0.1

F5Networks / f5-google-gdm-templates

Google Deployment Templates for quickly deploying BIG-IP services in Google Cloud Platform

28 stars 45 forks source link

serviceAccount missing in v3.0.1 #27

Closed simonkowallik closed 1 year ago

simonkowallik commented 5 years ago

Do you already have an issue opened with F5 support?

Description

The option to configure a serviceAccount is missing in template version 3.0.1.

Template

3.0.1 templates

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 4

mikeshimkus commented 5 years ago

Hi, none of our templates configure a service account, they ask for an existing account. For templates that were using the serviceAccount parameter for service discovery, the parameter has been removed because those solutions no longer configure service discovery.

simonkowallik commented 5 years ago

I was not referring to service account creation. Service accounts are relevant beyond service discovery. Firewall rules is one example. Version 3.0.1 silently removed the ability to assign a service account which existing customers previously relied on.

mikeshimkus commented 5 years ago

Seems like we have a fundamental misunderstanding of how serviceAccount is being used. I will run this by product management and update here with the internal issue number.

simonkowallik commented 5 years ago

As a side note for the curious reader: When using the deployment manager without setting a service account, the resulting VM instance does not allow to add a service account through the cloud console. To add a service account to the VM instance after deployment use gcloud. example:

gcloud --project=$GCP_PROJECT compute instances set-service-account $VM_INSTANCE --service-account $SERVICE_ACCOUNT_EMAIL

JeffGiroux commented 4 years ago

Any updates on this? I noticed 3.20 standalone does not ask for service account in yaml nor does it configure the VM instance with a svc account. This now requires an additional step post deployment to add the svc account to the VM. This account is useful for things like service discovery.

shyawnkarim commented 4 years ago

I've created Jira ticket #1803 to get the serviceAccount parameter added back into standalone templates.

xags commented 4 years ago

This also impairs standalone templates from accessing/creating a storage bucket with credentials.

JeffGiroux commented 4 years ago

Working with customer and having to shutdown, add service account, then start up BIG-IP again is disruptive to onboarding. Is there an ETA for service account to be added back to YAML and template code for automated service account binding?

shyawnkarim commented 1 year ago

Closing due to age. These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 2.0 GitHub repo.