Hello,
I’m trying to create an Autopilot GKE cluster using Terraform, and I’m specifying a custom Service Account to use for the cluster. See the code snippet bellow.
However, when I run terraform apply TF still creates the cluster using the default Compute Engine Service Account.
Can someone share a TF code sample that creates the cluster based on a specified SA ?
I read the bellow solved issue but there are no followups on a successfull TF sample code
GKE autopilot is always created with default service account · Issue #8918 · hashicorp/terraform-provider-google · GitHub so I’m not sure how it should look like in the end.
Thank you,
Cristina
resource "google_container_cluster" "cluster" {
# depends_on = [module.project-cfg]
provider = google-beta
project = var.project_id
name = var.name
location = var.location
description = var.description
enable_autopilot = true
enable_kubernetes_alpha = false
enable_legacy_abac = false
logging_service = "logging.googleapis.com/kubernetes"
monitoring_service = "monitoring.googleapis.com/kubernetes"
network = "projects/${var.on_prem_host_project_name}/global/networks/on-prem-connectivity"
subnetwork = "projects/${var.on_prem_host_project_name}/regions/${var.gke_region}/subnetworks/${var.gke_subnetwork}"
addons_config {
horizontal_pod_autoscaling {
disabled = false
}
http_load_balancing {
disabled = false
}
}
vertical_pod_autoscaling {
enabled = true
}
ip_allocation_policy {
cluster_secondary_range_name = "gke-pods"
services_secondary_range_name = "gke-services"
}
master_auth {
client_certificate_config {
issue_client_certificate = false
}
}
master_authorized_networks_config {
cidr_blocks {
cidr_block = local.my_ip
display_name = "current address"
}
}
private_cluster_config {
enable_private_nodes = true
enable_private_endpoint = false
master_ipv4_cidr_block = "xxx"
}
release_channel {
channel = "REGULAR"
}
default_snat_status {
disabled = false
}
cost_management_config {
enabled = true
}
node_config {
service_account = var.gke_service_account
labels = {
env = var.env_label
}
}
}