From 4c0f707fd86b672116547728e5fab80b55362cf4 Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 25 Oct 2023 15:35:34 -0600
Subject: [PATCH 1/2] set default service_account to not be 'default'

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 terraform/gcp/modules/gke_cluster/cluster.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/terraform/gcp/modules/gke_cluster/cluster.tf b/terraform/gcp/modules/gke_cluster/cluster.tf
index fe6c91fe2..8921a7a81 100644
--- a/terraform/gcp/modules/gke_cluster/cluster.tf
+++ b/terraform/gcp/modules/gke_cluster/cluster.tf
@@ -128,6 +128,10 @@ resource "google_container_cluster" "cluster" {
     autoscaling_profile = var.cluster_autoscaling_profile
     enabled             = var.cluster_autoscaling_enabled
 
+    auto_provisioning_defaults = {
+      service_account = google_service_account.gke-sa.email
+    }
+
     resource_limits {
       resource_type = "cpu"
       minimum       = var.resource_limits_resource_cpu_min

From c02f7f3e9f148c8035165df638c6229781fe872b Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 25 Oct 2023 15:39:21 -0600
Subject: [PATCH 2/2] remove =

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 terraform/gcp/modules/gke_cluster/cluster.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/gcp/modules/gke_cluster/cluster.tf b/terraform/gcp/modules/gke_cluster/cluster.tf
index 8921a7a81..6e103cd67 100644
--- a/terraform/gcp/modules/gke_cluster/cluster.tf
+++ b/terraform/gcp/modules/gke_cluster/cluster.tf
@@ -128,7 +128,7 @@ resource "google_container_cluster" "cluster" {
     autoscaling_profile = var.cluster_autoscaling_profile
     enabled             = var.cluster_autoscaling_enabled
 
-    auto_provisioning_defaults = {
+    auto_provisioning_defaults {
       service_account = google_service_account.gke-sa.email
     }