-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
-
5
-
False
-
None
-
False
-
OCPSTRAT-1006 - Remove Terraform from the GCP IPI installer
-
-
-
Sprint 249, Sprint 250
User Story:
I want the installer to create the service accounts that would be assigned to control plane and compute machines, similar to what is done in terraform now.
Acceptance Criteria:
Description of criteria:
- Control plane and compute service accounts are created with appropriate permissions (see details)
- Service accounts are attached to machines
- Skip creation of control-plane service accounts when they are specified in the install config
(optional) Out of Scope:
Detail about what is specifically not being delivered in the story
Engineering Details:
- Service accounts are needed by the machines, so they could be created in either PreProvision or InfraReady
- compute node service account permissions are captured here: https://github.com/openshift/installer/blob/master/data/data/gcp/cluster/iam/main.tf
- control plane iam is here:
https://github.com/openshift/installer/blob/master/data/data/gcp/cluster/master/main.tf#L5-L38 - The service accounts should be specified in the machine spec.
This requires/does not require a design proposal.
This requires/does not require a feature gate.