Provision custom service accounts for node pools with minimum roles

GoogleCloudPlatform / ai-on-gke

AI on GKE is a collection of examples, best-practices, and prebuilt solutions to help build, deploy, and scale AI Platforms on Google Kubernetes Engine

Apache License 2.0

222 stars 168 forks source link

Provision custom service accounts for node pools with minimum roles #658

Closed gtsorbo closed 4 months ago

arueth commented 5 months ago

Do you think we need a service account for each node pool, since workloads would be using Workload Identity?

arueth commented 5 months ago

We'll also need to apply an SA to the cluster configuration for NAP.

arueth commented 5 months ago

We'll also need roles/artifactregistry.reader for AR and roles/serviceusage.serviceUsageConsumer for image streaming