Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add information about privileges for service accounts #382

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add information about privileges for service accounts #382

wants to merge 5 commits into from

Conversation

bartoszbetka
Copy link
Contributor

Resolves #368

@bartoszbetka bartoszbetka requested a review from cameel May 10, 2019 11:42
@bartoszbetka bartoszbetka force-pushed the chore-determine-the-minimal-set-of-roles-needed-for-service-accounts branch from 1058c38 to ba161ba Compare May 10, 2019 11:49
cameel
cameel reviewed May 14, 2019
View reviewed changes
Copy link
Contributor

@cameel cameel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here are a few remarks, mostly about formatting.

More importantly, I've pushed two commits that reorganize your explanation to make it easier to understand. Please look at it, try it, and tell me if you found any errors.

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
bartoszbetka
bartoszbetka commented May 16, 2019
View reviewed changes
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md
- Creating and deleting resources within a cluster (pods, services, config maps, etc.).
- Creating and deleting schemas, tables and other items inside a PostgreSQL database on a Cloud SQL instance (but not the database or the instance itself).
- Attaching storage to cluster pods.
- Configuring a load balancer inside the cluster and attaching a static IP to it.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This three points above are control by cluster service account. You should consider deleted they from concent-deployer description.

README.md Outdated

``` bash
gcloud beta iam service-accounts create \
"$deployer_service_account" \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This command need only name of service_account without @$project_name.iam.gserviceaccount.com

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
@bartoszbetka bartoszbetka force-pushed the chore-determine-the-minimal-set-of-roles-needed-for-service-accounts branch from e34c52f to 5f2e747 Compare May 16, 2019 15:19
@bartoszbetka bartoszbetka force-pushed the chore-determine-the-minimal-set-of-roles-needed-for-service-accounts branch from 5f2e747 to 39f10aa Compare February 3, 2020 13:53
@claassistantio
Copy link

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ bartoszbetka
❌ cameel
You have signed the CLA already but the status is still pending? Let us recheck it.

@bartoszbetka bartoszbetka force-pushed the chore-determine-the-minimal-set-of-roles-needed-for-service-accounts branch from 39f10aa to db76ed4 Compare February 3, 2020 14:21
@bartoszbetka bartoszbetka mentioned this pull request Feb 3, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cameel cameel cameel left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Determine the minimal set of roles/privileges needed for the service accounts
3 participants
@bartoszbetka @claassistantio @cameel