Private GKE in Shared VPC env

Question

Private GKE in Shared VPC env

viharikrishna opened this issue 5 years ago · 1 comments

Hello Sethvargo,

Thank you for the code. I'm working on deploying this in our environment (shared vpc)
I got couple of quick questions

Are these two steps must to make this work in shared VPC environment?

Add this service project SA on the host project

gcloud projects add-iam-policy-binding project_name 
--member serviceAccount:service-xx@container-engine-robot.iam.gserviceaccount.com 
--role roles/container.hostServiceAgentUser

Add this service project SA on the host project to the shared VPC subnet - bindings on host project

members:
  - serviceAccount:service-xx@container-engine-robot.iam.gserviceaccount.com
  role: roles/compute.networkUser

Note - I already have a manually created service account(service project) with "compute.networkuser" permissions on the subnet in the host project. Using that same account for terraform.

Answer 1 · 2019-08-22T23:02:33.000Z

Hi there! This has been automatically marked as stale because it has not had activity in the past 14 days. It will be closed in 14 days if no further activity takes place.