Closed kkaempf closed 1 month ago
Before updating https://github.com/rancher/terraform-provider-rancher2 we need to add a new release branch that tracks Rancher 2.9, see https://github.com/rancher/terraform-provider-rancher2/milestone/26. This is because the change to include the optional service account field are available in the 2.9 branch of Rancher.
Validation passed on build v2.9-81337b95660cba868629d6fe769bd7e8242b5aee-head, gke-operator:v1.9.0-rc.8
Details here: https://github.com/rancher/dashboard/issues/11068#issuecomment-2228707115
Request description:
Best practice for GKE is to use a separate SA with minimal access for the node pools. This is not an option in GKEv2 today and should be added. List of existing SA in the project is available through the GCP API. https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa https://avd.aquasec.com/cspm/google/kubernetes/default-service-account/
Actual behavior:
No ability to configure Service Account for node pools
Expected behavior:
Ability to configure Service Account for node pools
Tasks: