Document Google service account configuration #36
Comments
|
I'm not entirely sure about the details of this, this is why I add @linki who'll be able to answer clearly. Also, we actually used this with GKE (Container Engine) and not with a custom installation of GCE. We're definitely looking forward to make it usable in all the Google Cloud environments. |
|
Thanks! I'm running in GKE too -- as far as I'm aware the GKE default service account is the GCE node's service account, which default's to the GCP project's default service account. I could be mistaken on that though. |
|
@paultiplady You're right, by default I documented the different options for GCP and AWS over at #43. Small disclaimer: mounting the credentials file is currently untested with |
|
👍 thanks for the info, this will work well for my usecase then. |
I'm getting the following error while running mate v0.3.0 in GCE:
I'm sure this is because the Service Account being used doesn't have permissions on Google Cloud DNS.
How is mate assuming that the Service accounts have been configured? Does the default node service account have to have the DNS permissions added? A few words in the docs on configuring this would be helpful.
'm hoping there's a better way than just adding the permissions to the project-wide service account, which isn't viable in a production cluster (but would still be viable in a test/build cluster). Other similar projects (e.g. https://github.com/PalmStoneGames/kube-cert-manager/) read a service account JSON blob from a mounted volume, which seems to be a good general approach.
The text was updated successfully, but these errors were encountered: