[SURE-3099] Add ability to configure the Service Account for node pools in GKE clusters - Githubissues

rancher / gke-operator

Apache License 2.0

12 stars 22 forks source link

[SURE-3099] Add ability to configure the Service Account for node pools in GKE clusters #262

Closed kkaempf closed 1 month ago

kkaempf commented 7 months ago

Request description:

Best practice for GKE is to use a separate SA with minimal access for the node pools. This is not an option in GKEv2 today and should be added. List of existing SA in the project is available through the GCP API. https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa https://avd.aquasec.com/cspm/google/kubernetes/default-service-account/

Actual behavior:

No ability to configure Service Account for node pools

Expected behavior:

Ability to configure Service Account for node pools

Tasks:

[x] update oprator
[ ] update terraform-rancher-provider
[ ] update docs

yiannistri commented 2 months ago

Before updating https://github.com/rancher/terraform-provider-rancher2 we need to add a new release branch that tracks Rancher 2.9, see https://github.com/rancher/terraform-provider-rancher2/milestone/26. This is because the change to include the optional service account field are available in the 2.9 branch of Rancher.

cpinjani commented 1 month ago

Validation passed on build v2.9-81337b95660cba868629d6fe769bd7e8242b5aee-head, gke-operator:v1.9.0-rc.8 Details here: https://github.com/rancher/dashboard/issues/11068#issuecomment-2228707115