F5Networks / f5-google-gdm-templates

Google Deployment Templates for quickly deploying BIG-IP services in Google Cloud Platform
28 stars 45 forks source link

Include minimum Service Account authorizations for failover via-api and auto-scale #59

Closed gwolfis closed 3 years ago

gwolfis commented 3 years ago

Related customer SR: 1-6795128855

GDM templates offer a field to include a Service Account when Failover or Autoscale deployments are launched.

Above SR got filled because the customer wasn't aware what authorization should be minimal enabled for HA via-api to work.

Not having the right authorization attached to your service accounts makes that deployed BIG-IPs are not able to communicate with GCP over REST-API resulting in not functioning auto-scale or failover.

Template

This counts for all GDM templates who deploy failover via-api and auto-scale.

Proposed Solution

Include the minimum Service Account Authorization in the README.md Service Account field Description and include this in the .yaml file. Also include a note in the .yaml file troubleshooting section.

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 4

Severity level definitions:

  1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. immediate attention is required.
  2. Severity 2 (High) : Defect is causing major obstruction of system operations.
  3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
  4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
  5. Severity 5 (Trival) : Defect is not causing any interuptions to system operations, but none-the-less is a bug.
shyawnkarim commented 3 years ago

This is a known issue and already in our backlog. I just raised the priority level to high. Internal ID ESECLDTPLT-1749.

shyawnkarim commented 3 years ago

Closing.

This issue was resolved with Release 3.11.0.