BYO Service Accounts #17
Conversation
There was a problem hiding this comment.
I think we should make the custom service account a Required field, and explain how to use the default one in the description. That'll require users to opt-out. Both our existing examples can use the existing account.
If we keep these docs distinct, we should make the benefits of BYO service account more clear in the intro, calling out the wide access granted to the default account (your entire project's compute instances, effectively!) and how that's not a sensible least-privilege security model. We could also merge the docs with the gke-cluster docs, and throw in a few paragraphs there.
Our goal here is to (strongly) encourage users to use custom accounts, so it should be opt-out and the benefits of performing the extra work to use one clear.
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
Co-Authored-By: robmorgan <[email protected]>
|
Currently wrestling with the IAM permissions to make the tests pass on CircleCI |
…rm-google-gke into byo-service-account
This PR implements custom service accounts in our examples. This is a best practice that follows the principle of least privilege. By default, each node in a GKE cluster is a Compute Engine instance. Therefore, applications running on a GKE cluster inherit the scopes of the Compute Engine instances to which they are deployed. Using the new module
gke-service-account, users have the option to limit the permission scope thereby improving the security of the GKE cluster.