You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/09/09 11:45:07 UTC
[incubator-dlab] branch DLAB-terraform updated: fixed issue with
service account
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new 41866d4 fixed issue with service account
41866d4 is described below
commit 41866d4aab6032b948cfaae8ff6990719bb7307e
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Mon Sep 9 14:44:58 2019 +0300
fixed issue with service account
---
.../terraform/gcp/ssn-gke/main/gke.tf | 2 +-
.../terraform/gcp/ssn-gke/main/iam.tf | 33 ++++++++++++++++++++--
.../terraform/gcp/ssn-gke/main/variables.tf | 2 +-
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/gke.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/gke.tf
index a386918..8228673 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/gke.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/gke.tf
@@ -55,7 +55,7 @@ resource "google_container_node_pool" "ssn_k8s_gke_node_pool" {
location = var.region
cluster = google_container_cluster.ssn_k8s_gke_cluster.name
node_count = var.ssn_k8s_workers_count
- version = var.gke_cluster_version
+ version = var.gke_cluster_version
node_config {
machine_type = var.ssn_k8s_workers_shape
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/iam.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/iam.tf
index 147d866..152bdce 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/iam.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/iam.tf
@@ -20,10 +20,39 @@
# ******************************************************************************
locals {
- service_account_name = "${var.service_base_name}-k8s-sa"
+ service_account_name = "${var.service_base_name}-sa"
+ role_name = "${var.service_base_name}-role"
}
resource "google_service_account" "ssn_k8s_sa" {
account_id = local.service_account_name
display_name = local.service_account_name
-}
\ No newline at end of file
+}
+
+resource "google_project_iam_member" "log_writer" {
+ project = var.project_id
+ # role = "projects/${var.project_id}/roles/${local.role_name}"
+ role = "roles/logging.logWriter"
+ member = "serviceAccount:${google_service_account.ssn_k8s_sa.email}"
+}
+
+resource "google_project_iam_member" "metric_writer" {
+ project = var.project_id
+ # role = "projects/${var.project_id}/roles/${local.role_name}"
+ role = "roles/monitoring.metricWriter"
+ member = "serviceAccount:${google_service_account.ssn_k8s_sa.email}"
+}
+
+resource "google_project_iam_member" "monitoring_viewer" {
+ project = var.project_id
+ # role = "projects/${var.project_id}/roles/${local.role_name}"
+ role = "monitoring.viewer"
+ member = "serviceAccount:${google_service_account.ssn_k8s_sa.email}"
+}
+
+//resource "google_project_iam_custom_role" "ssn_k8s_role" {
+// role_id = local.role_name
+// title = local.role_name
+// description = "Role for GKE cluser - ${local.gke_name}"
+// permissions = ["iam.roles.list", "iam.roles.create", "iam.roles.delete"]
+//}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
index 7898592..71d5a36 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
@@ -56,7 +56,7 @@ variable "additional_tag" {
}
variable "ssn_k8s_workers_count" {
- default = 2
+ default = 1
}
variable "gke_cluster_version" {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org