feat: Add samples for custom node service account

shannonxtreme · shannonxtreme · commit 3d8b40a0b358 · 2025-06-23T18:17:43.000Z
diff --git a/gke/autopilot/custom_service_account/main.tf b/gke/autopilot/custom_service_account/main.tf
@@ -21,6 +21,19 @@
 * https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa
 */
 
+data "google_project" "project" {
+}
+
+resource "google_service_account" "default" {
+  account_id   = "gke-node-service-account"
+  display_name = "GKE node service account"
+}
+
+resource "google_project_iam_member" "default" {
+  project = data.google_project.project.project_id
+  role    = "roles/container.defaultNodeServiceAccount"
+  member  = "serviceAccount:${google_service_account.default.email}"
+}
 
 # [START gke_autopilot_custom_service_account]
 resource "google_container_cluster" "autopilot_cluster" {
