Skip to content

Cloud Composer 2 uses the Default Compute Engine service account for GKE Autopilot nodes #10842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mikejuliettetango opened this issue Jan 5, 2022 · 3 comments
Closed

Cloud Composer 2 uses the Default Compute Engine service account for GKE Autopilot nodes #10842

mikejuliettetango opened this issue Jan 5, 2022 · 3 comments
Labels
bug forward/linked service/composer

Comments

@mikejuliettetango
Copy link

mikejuliettetango commented Jan 5, 2022
edited by modular-magician
Loading

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

If this is a bug report (for when something is there, but doesn't work how it should), please use the bug issue template instead.

If this is an enhancement / feature request (for when something (a resource, field, etc.) is missing, and should be added), please use the enhancement template instead.

If you have a support request or question, please check out the other resources listed here.

If your issue does not fit into one of the above templates, please fill out the following:

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment or link the pull request to this issue.

Terraform Version

  • terraform <= 1.1.2

Affected Resource(s)

Issue Description

Because Composer 2 uses the Default Compute Engine service account and Workload Identity to manage the GKE Autopilot clusters, you may not specify a service account for your GKE Nodepool as an optional argument as currently stated:

service_account - (Optional) The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the "default" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.

References

b/301065829
@github-actions github-actions bot added service/composer forward/review In review; remove label to forward labels Aug 17, 2023
@edwardmedia edwardmedia removed the forward/review In review; remove label to forward label Sep 18, 2023
@mbajer42
Copy link

mbajer42 commented Jan 9, 2024

Correct me if I misunderstood your question, but it seems that it is possible to specify a service account: https://cloud.google.com/composer/docs/composer-2/create-environments#service-account

@mbajer42
Copy link

Please close this issue @rileykarson

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug forward/linked service/composer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rileykarson @mbajer42 @modular-magician @edwardmedia @mikejuliettetango