Skip to content
This repository has been archived by the owner on Oct 20, 2023. It is now read-only.

Resolve dependency for Workload Identity in IAM #298

Closed
gkowalski-google opened this issue Oct 9, 2019 · 2 comments · Fixed by #606
Closed

Resolve dependency for Workload Identity in IAM #298

gkowalski-google opened this issue Oct 9, 2019 · 2 comments · Fixed by #606
Assignees
@gkowalski-google
Labels
bug Something isn't working priority: p3 Desirable enhancement or minor bug fix, not yet prioritized triaged: yes
Milestone
Forseti Release v...

Comments

@gkowalski-google
Copy link
Contributor

gkowalski-google commented Oct 9, 2019
edited
Loading

Story

During deployment using the latest helm/Terraform changes, there was an error applying a configuration targeting the On GKE End to End example. The workload identity was not available when Terraform was attempting to bind to the service accounts: Identity namespace does not exist. This blocked the pods from being deployed onto the cluster. This has been seen with Kube 1.13 and 1.14.

screenshot

Proposed Solution

Determine if the service account resources need to have a dependency on the workload identity.

Acceptance Criteria

Deploy the GKE End to End example without issue.
@gkowalski-google gkowalski-google added priority: p2 Important feature defect, moderate live issue triaged: yes labels Oct 9, 2019
@kevensen kevensen self-assigned this Oct 9, 2019
@gkowalski-google gkowalski-google mentioned this issue Oct 14, 2019
Merged
@kevensen kevensen mentioned this issue Oct 31, 2019
Merged
@dekuhn dekuhn added 1 - Planning Issues being considered for the next 3 releases Backlog Issue to be considered at some point in the future and removed Backlog Issue to be considered at some point in the future labels Mar 4, 2020
@gkowalski-google
Copy link
Contributor Author

This should be resolved with the latest on GKE end-to-end example using GKE TF module 7.2.0. Has not been encountered recently, re-open if necessary.

@gkowalski-google
Copy link
Contributor Author

This PR contains a fix for this issue.

@gkowalski-google gkowalski-google changed the title Investigate dependency for Workload Identity in IAM Resolve dependency for Workload Identity in IAM Aug 14, 2020
@gkowalski-google gkowalski-google mentioned this issue Aug 14, 2020
Merged
@gkowalski-google gkowalski-google added this to the Forseti Operations milestone Aug 14, 2020
@gkowalski-google gkowalski-google added priority: p3 Desirable enhancement or minor bug fix, not yet prioritized and removed priority: p2 Important feature defect, moderate live issue labels Aug 14, 2020
@gkowalski-google gkowalski-google added bug Something isn't working and removed 1 - Planning Issues being considered for the next 3 releases labels Aug 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gkowalski-google gkowalski-google

Labels
bug Something isn't working priority: p3 Desirable enhancement or minor bug fix, not yet prioritized triaged: yes
Projects
None yet
Milestone
Forseti Release v2.26.0
3 participants
@dekuhn @kevensen @gkowalski-google