Requesting the ability to add a custom monitoring metrics writer role to GKE node service account

[pavankrishna5]

TL;DR

Currently, the GKE module is assigning a monitoring metrics writer role as a default to the GKE node service account. I am requesting the ability to add a custom role than the default role: metrics writer role

Terraform Resources

IAM role for GKE node service account created here:
https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/modules/beta-private-cluster/sa.tf#L59

 "google_project_iam_member" "cluster_service_account-metric_writer" {
  count   = var.create_service_account ? 1 : 0
  project = google_service_account.cluster_service_account[0].project
  role    = "roles/monitoring.metricWriter"
  member  = google_service_account.cluster_service_account[0].member
}

Detailed design

Create a new variable, monitoring_metric_writer_role and set it to the default value: roles/monitoring.metricWriter. Use the variable in the role section in the code block like this:

 "google_project_iam_member" "cluster_service_account-metric_writer" {
  count   = var.create_service_account ? 1 : 0
  project = google_service_account.cluster_service_account[0].project
  role    = var.monitoring_metric_writer_role
  member  = google_service_account.cluster_service_account[0].member
}

variable "monitoring_metric_writer_role" {
  type        = string
  description = "custom monitoring metrics writer role in case there is any"
  default     = "roles/monitoring.metricWriter"
}

Additional information

Few organization restricts using the role available, and may restrict the user to use a specific role instead of the default role.