-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds a gce-service-account flag so you BYO service-account #8761
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: geojaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
/hold cancel |
Cloud: gce | ||
KubernetesVersion: v1.15.6-beta.1 | ||
Project: testproject | ||
GCEServiceAccount: test-account@testproject.iam.gserviceaccount.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you need to add this gce_byo_sa
test case to cmd/kops/create_cluster_integration_test.go
. I'd also expect to see test-account@testproject.iam.gserviceaccount.com
in some expected output values for this test somewhere... in a kubernetes.tf or in expected-v1alpha2.yaml
?
tests/integration/create_cluster/gce_byo_sa/expected-v1alpha2.yaml
Outdated
Show resolved
Hide resolved
Generated code and some cleanup Not sure where that code went Tests for service account fixes case on gceserviceaccount
Need to fix service account implementation first Fixing tests and iterating on the serviceaccount logic Run the gce_byo_sa test
looks good now, thanks for the work! it'll be great to eventually support this at the instance group level too. /lgtm |
you bet! thanks for helping me keep this active. we should definitely support IG level configs in next iteration. |
This will need #8760 . It lets you specify the email of a service account with which you'd like your instances to be launched. This is part of trying to steer the GCE support closer to GCE native/best practices.