There are several operations that are better done on some sort of management node.
The management node should use the Globus image, but be on a low-end instance type. It should be tagged for management (not gcs), so that it allows in SSH instead of HTTPS and GridFTP. It should use OSLogin for authentication.
We also need a Service Account for instances to run. In addition to whatever basic functions the instance needs, it also needs write access to appropriate secrets.
The Terraform code should define an instance template only, and not actually start any instances. This depends on #6 for the core configuration.
There are several operations that are better done on some sort of management node.
The management node should use the Globus image, but be on a low-end instance type. It should be tagged for management (not gcs), so that it allows in SSH instead of HTTPS and GridFTP. It should use OSLogin for authentication.
We also need a Service Account for instances to run. In addition to whatever basic functions the instance needs, it also needs write access to appropriate secrets.
The Terraform code should define an instance template only, and not actually start any instances. This depends on #6 for the core configuration.