Skip to content
This repository has been archived by the owner on Nov 2, 2024. It is now read-only.

fix: Cloud Ops permission errors #931

Merged
merged 4 commits into from
Jun 2, 2022
Merged

fix: Cloud Ops permission errors #931

merged 4 commits into from
Jun 2, 2022

Conversation

daniel-sanche
Copy link
Member

@daniel-sanche daniel-sanche commented May 25, 2022
edited
Loading

Over the last few weeks, we've been seeing missing data in the Cloud Ops products on new sandboxes. I thought this was due to our outdated version of Istio, but after some experimentation, it looks like it can be patched by adding additional permissions on the GKE cluster service account

This PR fixes the issue by adding extra roles to the default compute instance service account, ensuring GCP observability client libraries can send data to Cloud Ops

@github-actions
Copy link

Open in Cloud Shell
You can also use the Stage Website Action if there were updates to the website.

Note: Open in Cloud Shell may not work properly if this PR contains changes to the custom Cloud Shell image

This was referenced May 25, 2022
Merged
Closed
Closed
This was linked to issues May 25, 2022
profiler does not work #898
Closed
Error creating Slo: googleapi: Error 400: Invalid SLO definition: The metric referenced by the provided filter is unknown. Check the metric name and labels. #896
Closed
arbrown
arbrown approved these changes May 25, 2022
View reviewed changes
Copy link
Contributor

@arbrown arbrown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider tightening the permissions if possible. I think that the permissions needed for the service account could be somewhat reduced on the first two entries, but I'm not as close to the project, so I could be missing something and I'll trust your judgment.

terraform/03_gke_cluster.tf Outdated Show resolved Hide resolved
arbrown
arbrown approved these changes May 25, 2022
View reviewed changes
Copy link
Contributor

@arbrown arbrown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider tightening the permissions if possible. I think that the permissions needed for the service account could be somewhat reduced on the first two entries, but I'm not as close to the project, so I could be missing something and I'll trust your judgment.

terraform/03_gke_cluster.tf Outdated Show resolved Hide resolved
@daniel-sanche daniel-sanche merged commit f00b4a3 into develop Jun 2, 2022
@daniel-sanche daniel-sanche deleted the permissions_fix branch June 2, 2022 22:20
This was referenced Jun 15, 2022
Closed
Merged
daniel-sanche added a commit that referenced this pull request Jun 16, 2022
@daniel-sanche
fix: Cloud Ops permission errors (#931)
cfb9e4b
This was referenced Sep 19, 2022
Closed
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@arbrown arbrown arbrown approved these changes

Assignees

@arbrown arbrown

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@daniel-sanche @arbrown