To use CI/CD services on Google Cloud, your user needs to have the right permissions assigned to them. Let's perform the following steps to configure a service account for the CI/CD:
- Follow the instructions in the Provisioning a managed Kubernetes cluster on the GKE recipe of Chapter 1, Building Production-Ready Kubernetes Clusters, to deploy a GKE cluster. If you already have one, skip to step 2 to create a service account that will be used by the pipeline later:
$ gcloud iam service-accounts create cicd-account
--display-name "My CICD Service Account"
- Replace the following devopscookbook in both places with your project name and add storage admin role binding to your service account:
$ gcloud projects
add-iam-policy-binding
devopscookbook --role
roles/storage.admin --member
serviceAccount:[email protected]
- Store your cicd-account key:
$ gcloud iam service-accounts keys
create cicd-key.json
--iam-account [email protected]
With that, you have assigned the permissions to your service account.