diff --git a/modules/ccs-gcp-customer-procedure.adoc b/modules/ccs-gcp-customer-procedure.adoc index eaf5ca01482a..f3b28ca830cf 100644 --- a/modules/ccs-gcp-customer-procedure.adoc +++ b/modules/ccs-gcp-customer-procedure.adoc @@ -93,17 +93,17 @@ The following roles must be link:https://cloud.google.com/iam/docs/granting-role |Compute Admin |`roles/compute.admin` -|DNS Admin +|DNS Administrator |`roles/dns.admin` |Organizational Policy Viewer |`roles/orgpolicy.policyViewer` -|Owner -|`roles/owner` +// |Owner +// |`roles/owner` -|Project IAM Admin -|`roles/resourcemanager.projectIamAdmin` +// |Project IAM Admin +// |`roles/resourcemanager.projectIamAdmin` |Service Management Administrator |`roles/servicemanagement.admin` @@ -114,6 +114,27 @@ The following roles must be link:https://cloud.google.com/iam/docs/granting-role |Storage Admin |`roles/storage.admin` +|Compute Load Balancer Admin +|`roles/compute.loadBalancerAdmin` + +|Role Viewer +|`roles/viewer` + +|Role Administrator +|`roles/iam.roleAdmin` + +|Security Admin +|`roles/iam.securityAdmin` + +|Service Account Key Admin +|`roles/iam.serviceAccountKeyAdmin` + +|Service Account Admin +|`roles/iam.serviceAccountAdmin` + +|Service Account User +|`roles/iam.serviceAccountUser` + |=== . link:https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys[Create the service account key] for the `osd-ccs-admin` IAM service account. Export the key to a file named `osServiceAccount.json`; this JSON file will be uploaded in {cluster-manager-first} when you create your cluster. diff --git a/modules/osd-create-cluster-ccs.adoc b/modules/osd-create-cluster-ccs.adoc index 239d430011f5..33e493e8c34e 100644 --- a/modules/osd-create-cluster-ccs.adoc +++ b/modules/osd-create-cluster-ccs.adoc @@ -70,6 +70,9 @@ The project name must be 10 characters or less. ** Service Management Administrator ** Service Usage Admin ** Storage Admin + ** Compute Load Balancer Admin + ** Role Viewer + ** Role Administrator * You have created a key for your `osd-ccs-admin` GCP service account and exported it to a file named `osServiceAccount.json`. + [NOTE]