-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
3
-
False
-
None
-
False
-
OCPSTRAT-1006 - Remove Terraform from the GCP IPI installer
-
-
-
Sprint 251, Sprint 252
As an installer user, I want my gcp creds used for install to be used by the CAPG controller when provisioning resources.
Acceptance Criteria:
- Users can authenticate using the service account from ~/.gcp/osServiceAccount.json
- users can authenticate with default application credentials
- Docs team is updated to whether existing credential methods will continue to work (specifically environment variables): see official docs
Engineering Details:
- We can pass in a secret containing the service account creds, so we can do t hat during the manifest stage, which is probably a more appropriate place
- The controller supports auth'ing with default application credentials when there is no secret supplied, so that's good. That should work for use cases where they don't want service account
- GCP controller authentication is handled here: https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/cloud/scope/managedcontrolplane.go#L67
This requires/does not require a design proposal.
This requires/does not require a feature gate.