https://garden.io logo
#🤖|ask-kapa
where and how should I define a service account needed by some of my services which is usu
# 🤖|ask-kapa
p

proud-river-11384

09/18/2023, 2:27 PM
@microscopic-river-74022 where and how should I define a service account needed by some of my services which is usually already present?
m

microscopic-river-74022

09/18/2023, 2:27 PM
Please stand by @proud-river-11384 as I search the knowledge base. I normally take about 20 seconds or so. :wave:
---------------------- In Garden, you can define a service account in the
garden.yml
file of the parent module of your services. However, the extracts do not provide specific instructions on how to define a service account in Garden. If you are working with Kubernetes and need to define a service account for your pods, you can specify the
serviceAccountName
in the pod specification. The
automountServiceAccountToken
field can be used to indicate whether a service account token should be automatically mounted. This is a boolean field and is not required. For Google Cloud Platform (GCP), you can create a service account using the
gcloud
command-line tool. You can then grant the service account the necessary permissions, create a JSON key file for the service account, and prepare the
imagePullSecret
in your Kubernetes cluster. Here is an example of how to create a service account and grant it write access to the Google Artifacts Registry:
Copy code
bash
gcloud iam service-accounts create gar-access --project ${PROJECT_ID}
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member=serviceAccount:[[email protected]]${PROJECT_ID}.iam.gserviceaccount.com \
--role=roles/artifactregistry.writer
And here is how to create a JSON key file for the service account and prepare the `imagePullSecret`:
Copy code
bash
gcloud iam service-accounts keys create keyfile.json --iam-account [[email protected]]${PROJECT_ID}.iam.gserviceaccount.com
kubectl --namespace default create secret docker-registry gcr-config \
--docker-server=gcr.io \
--docker-username=_json_key \
--docker-password="$(cat keyfile.json)"
Please refer to the Garden documentation () and the Kubernetes documentation () for more detailed instructions. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
Let me check the knowledge base for you. One moment! :books:
p

proud-river-11384

09/18/2023, 2:32 PM
@microscopic-river-74022 Can I set a default service-account in the project.garden.yaml top level?
m

microscopic-river-74022

09/18/2023, 2:32 PM
---------------------- Based on the provided extracts, there is no direct mention of setting a default service account in the
project.garden.yml
file. Garden configuration is done via
garden.yml
or
*.garden.yml
files, which Garden compiles into a Stack Graph of your project. The project configuration file should be located in the top-level directory of the project's Git repository. It's suggested to name it
project.garden.yml
for clarity. However, the specifics of setting a default service account within this file are not detailed in the provided extracts. For more detailed information, you should refer to the Garden documentation (). ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------