Closed paulczar closed 5 years ago
xiaobaitusi
commented
5 years ago Hi Paul, thanks for the feedback. I agree with you on the native support to use service account key. We do have a task to add service account key CRD which allows users to create a secret to store the credential key. The ETA is that it's going to come within next couple of weeks.
AlexBulankou
commented
5 years ago @kibbles-n-bytes , can you please close when this addressed (I believe either in 0.0.8 or 0.0.9? )
AlexBulankou
commented
5 years ago It didn't make it into 0.0.9, but on track for 0.0.10. CC @kibbles-n-bytes @xiaobaitusi
kibbles-n-bytes
commented
5 years ago 0.0.10 is now released, with IAMServiceAccountKey support, along with a controller to convert the GSA private key to a Kubernetes Secret for easily mounting into your pods.
I can create an IAM service account and policies, but I can't use it as part of an application without extra work. We should allow the user to provide a namespace / secret to store the credentials json file that can be created for a service account.
see example here - https://github.com/paulczar/gcp-cloud-compute-operator/blob/master/pkg/controller/serviceaccountkey/serviceaccountkey_controller.go