This looks to still be happening as of the latest CoreOS image. Did the support ticket ever get resolved?
On Friday, August 8, 2014 at 9:25:59 PM UTC+2, Fritz Mueller wrote: > > Hi all, > > I've been experimenting with CoreOS clustering on GCE (using the CoreOS > 402.2.0 GCE image). I would like to be able to pull some app secrets > (certs and keys) from a GCS bucket in my GCE project as part of > provisioning. This has worked quite nicely for us in the past with the > non-CoreOS GCE container images using service account scopes. > > The latest GCE CoreOS images come pre-configured with some aliases for > "gcutil", "gcloud", and "gsutil" that use a containerized Google Cloud SDK > from the public repository. While service account scopes work quite nicely > with this for gcutil and gcloud, for some reason gsutil doesn't seem to get > the permissions associated with the instance scopes. This means I'm unable > to bootstrap the project secrets in a secure way (at least not the same > convenient way we have used to date before CoreOS). > > Anybody else running into this? Any insight into this problem or > suggestions for work-arounds would be very much appreciated! > > thanks much, > --FritzM. > > > > > > >
