Currently the module doesn't specify the service_account attribute for the google_container_cluster resource, which means the cluster will attempt to use the default compute service account for the Project ID specified. If you use Project Factory to create the project for this module, PF will delete the default compute SA (which is its own bug terraform-google-modules/terraform-google-project-factory#181 ), and Terraform will give you an error that looks like the following:

* google_container_cluster.gitlab: googleapi: Error 400: Service account "483850288765-compute@developer.gserviceaccount.com" does not exist., badRequest

Surfacing a variable to specify an alternate SA should do fine here.

This should be labelled as enhancement and added to the Cloud Foundation Toolkit project; I currently lack permissions to do so. 😢

I tried to edit and see if I could add the enhancement label, but I don't think I have that ability either

I added the label, but should mention this isn't an official CFT repo. @viglesiasce created this repo and would be the right person to review any PRs.

Yes, ignore me. I was overzealous in my triage. 😊

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days