What is the GCP service account used for?

estafette / estafette-gke-preemptible-killer

Kubernetes controller to spread preemption for preemtible VMs in GKE to avoid mass deletion after 24 hours

https://helm.estafette.io

MIT License

448 stars 72 forks source link

What is the GCP service account used for? #73

Closed ademariag closed 4 years ago

ademariag commented 4 years ago

Hi,

probably I am missing something, but what is the actual GCP service account used for?

The estafette-gke-preemptible-killer seems to delete the nodes using a call to the kubernetes API, which is in fact whitelisted in the rbac.

If so, what do you use the service account for?

ademariag commented 4 years ago

Looking at the code I realise the GCE Service Account is needed to delete the actual node, as the kubectl delete node X only removed it from the cluster.

Thank you, closing this issue