Skip to content

Commit

Permalink
feat: add premptible killer service account (#22)
Browse files Browse the repository at this point in the history
* feat: add premptible killer service account

* fix: use correct svc account for key
  • Loading branch information
alexouzounis authored Feb 25, 2020
1 parent a05cc2a commit 0c72d75
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
18 changes: 18 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,24 @@ resource "google_service_account_key" "certmanager_dns_editor_key" {
service_account_id = google_service_account.certmanager_dns_editor.name
}

### Service Account for the Preemptible node killer
# https://github.com/estafette/estafette-gke-preemptible-killer
resource "google_service_account" "preemptible_killer" {
account_id = "preemptible-killer"
display_name = "Service Account for the Preemptible Killer to zap pre emptible nodes before Google takes them away"
}

### Set IAM for preemptible-killer to zap nodes
resource "google_project_iam_member" "preemptible_killer" {
role = "compute.instances.delete"
member = "serviceAccount:${google_service_account.preemptible_killer.email}"
}

### Key for the Preemptible killer Service Account
resource "google_service_account_key" "preemptible_killer" {
service_account_id = google_service_account.preemptible_killer.name
}

### Service Account for Terraform
resource "google_service_account" "prow_terraform" {
account_id = "prow-tf"
Expand Down
6 changes: 6 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,10 @@ output "prow_artefacts_bucket_name" {
output "certmanager_svc_account_key" {
value = google_service_account_key.certmanager_dns_editor_key.private_key
sensitive = true
}

## Cert-Manager outputs
output "preemptible_killer_key_svc_account_key" {
value = google_service_account_key.preemptible_killer.private_key
sensitive = true
}

0 comments on commit 0c72d75

Please sign in to comment.