Insert excerpt |
---|
| General Pre-requisites |
---|
| General Pre-requisites |
---|
name | common-installation-pre-requisites |
---|
nopanel | true |
---|
|
For details on compatible versions, please refer to the https://infozone.atlassian.net/wiki/x/owDKCg.
Insert excerpt |
---|
| Public Cloud Pre-requisites |
---|
| Public Cloud Pre-requisites |
---|
name | public-cloud-installation-pre-requisites |
---|
nopanel | true |
---|
|
GCP Specific Tools
The following GCP specific tool is required to be installed locally:
...
For details on compatible versions, please refer to the https://infozone.atlassian.net/wiki/x/owDKCg .
Domain DNS Setup
A public hosted zone is required to be set up prior the installation. This is your parent domain that will be used for creating subdomain later to allow Usage Engine Private Edition access through hostname
Minimum IAM User Policy
To use the installation guide, you need to ensure the user who performs the installation was granted with minimum permission in order to be able to provision GCP resources.
Info |
---|
You do not need to setup the following if the user that performs the installation was granted with Editor role. |
For best practice it is preferably to set up a minimum IAM role for the user to perform the installation.
To manage GCP project access, please refer to GCP documentation for guidance https://cloud.google.com/iam/docs/granting-changing-revoking-access.
The following table contains the permissions required by the application.
Application | IAM Role Permission |
---|
Terraform | Code Block |
---|
title: UEPE Terraform Role
description: Minimum permissions that required by terraform
stage: GA
includedPermissions:
- cloudsql.instances.create
- cloudsql.instances.delete
- cloudsql.instances.get
- cloudsql.instances.update
- cloudsql.users.list
- compute.globalAddresses.createInternal
- compute.globalAddresses.deleteInternal
- compute.globalAddresses.get
- compute.instanceGroupManagers.get
- compute.networks.create
- compute.networks.delete
- compute.networks.get
- compute.networks.removePeering
- compute.networks.updatePolicy
- compute.networks.use
- compute.routers.create
- compute.routers.delete
- compute.routers.get
- compute.routers.update
- compute.subnetworks.create
- compute.subnetworks.delete
- compute.subnetworks.get
- container.clusters.create
- container.clusters.delete
- container.clusters.get
- container.clusters.update
- container.operations.get
- dns.changes.create
- dns.changes.get
- dns.changes.list
- dns.managedZones.create
- dns.managedZones.delete
- dns.managedZones.get
- dns.managedZones.getIamPolicy
- dns.managedZones.list
- dns.managedZones.update
- dns.resourceRecordSets.create
- dns.resourceRecordSets.delete
- dns.resourceRecordSets.get
- dns.resourceRecordSets.list
- dns.resourceRecordSets.update
- file.instances.create
- file.instances.delete
- file.instances.get
- file.instances.update
- file.operations.get
- iam.roles.get
- iam.serviceAccounts.create
- iam.serviceAccounts.delete
- iam.serviceAccounts.get
- iam.serviceAccounts.getIamPolicy
- iam.serviceAccounts.setIamPolicy
- resourcemanager.projects.get
- resourcemanager.projects.getIamPolicy
- resourcemanager.projects.setIamPolicy
- servicenetworking.services.addPeering
- servicenetworking.services.get |
|
Kubectl | Grant role roles/container.admin to get access to the cluster via kubectl. |