From 4bed7e6be3ea3758d3dfcb43d2752a32575d44c9 Mon Sep 17 00:00:00 2001 From: Don Petersen Date: Fri, 21 Aug 2020 13:35:06 -0700 Subject: [PATCH] Set auto_provisioning_defaults.service_account This sets the Service Account that should be used by node VMs created by node auto-provisioning. This should cause the auto-provisioned nodes to have the same permissions as the nodes that are manually provisioned. --- autogen/main/cluster.tf.tmpl | 5 ++++- autogen/main/sa.tf.tmpl | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 7621acdb53..fc387e81e5 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -73,7 +73,10 @@ resource "google_container_cluster" "primary" { {% if beta_cluster %} cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + auto_provisioning_defaults { + service_account = local.service_account + } autoscaling_profile = var.cluster_autoscaling.autoscaling_profile != null ? var.cluster_autoscaling.autoscaling_profile : "BALANCED" dynamic "resource_limits" { for_each = local.autoscalling_resource_limits diff --git a/autogen/main/sa.tf.tmpl b/autogen/main/sa.tf.tmpl index d2db091904..65d086cc19 100644 --- a/autogen/main/sa.tf.tmpl +++ b/autogen/main/sa.tf.tmpl @@ -23,7 +23,7 @@ locals { ["dummy"], ), ) - // if user set var.service_accont it will be used even if var.create_service_account==true, so service account will be created but not used + // if user set var.service_account it will be used even if var.create_service_account==true, so service account will be created but not used service_account = (var.service_account == "" || var.service_account == "create") && var.create_service_account ? local.service_account_list[0] : var.service_account }