What is the GCP service account used for?

Question

What is the GCP service account used for?

ademariag opened this issue 4 years ago · comments

Alessandro De Maria commented 4 years ago

Hi,

probably I am missing something, but what is the actual GCP service account used for?

The estafette-gke-preemptible-killer seems to delete the nodes using a call to the kubernetes API, which is in fact whitelisted in the rbac.

If so, what do you use the service account for?

Alessandro De Maria · Answer 1 · Tue Apr 14 2020 03:41:54 GMT+0800 (China Standard Time)

Looking at the code I realise the GCE Service Account is needed to delete the actual node, as the kubectl delete node X only removed it from the cluster.

Thank you, closing this issue