Update FAQ.md
This commit is contained in:
parent
5120df1615
commit
7c3768d338
|
@ -1,5 +1,6 @@
|
||||||
|
|
||||||
## 00-bootstrap
|
## 00-bootstrap
|
||||||
|
|
||||||
1. How to handle requests where automation, logging and/or billing export projects are not under organization but in different folders.
|
1. How to handle requests where automation, logging and/or billing export projects are not under organization but in different folders.
|
||||||
- Run bootstrap stage and let automation, logging and/or billing projects be created under organization.
|
- Run bootstrap stage and let automation, logging and/or billing projects be created under organization.
|
||||||
- Run resource manager stage or any other custom stage which creates the folders where these projects will reside.
|
- Run resource manager stage or any other custom stage which creates the folders where these projects will reside.
|
||||||
|
@ -7,19 +8,19 @@
|
||||||
- This step will move the projects from organization to the parent folders specificed.
|
- This step will move the projects from organization to the parent folders specificed.
|
||||||
|
|
||||||
## cicd
|
## cicd
|
||||||
|
|
||||||
1. Why do we need two seperate ServiceAccounts when configuring cicd pipelines (cicd SA and IaC SA)
|
1. Why do we need two seperate ServiceAccounts when configuring cicd pipelines (cicd SA and IaC SA)
|
||||||
- Having seperate service accounts helps shutdown the pipeline incase of any issues and still keep IaC SA and ability to run terraform plan/apply manually.
|
- Having seperate service accounts helps shutdown the pipeline incase of any issues and still keep IaC SA and ability to run terraform plan/apply manually.
|
||||||
- A pipeline can only generate a token that can get access to an SA. It cannot directly call a provider file to impersonate IaC SA.
|
- A pipeline can only generate a token that can get access to an SA. It cannot directly call a provider file to impersonate IaC SA.
|
||||||
- Having providers file that allows impersonation to IaC SA allows flexibility to run terraform manually or from CICD Pipelines.
|
- Having providers file that allows impersonation to IaC SA allows flexibility to run terraform manually or from CICD Pipelines.
|
||||||
<p align="center">
|
![CICD SA and IaC SA](IaC_SA.png)
|
||||||
<img src="IaC_SA.png" alt="CICD SA and IaC SA">
|
|
||||||
</p>
|
## Authenciation
|
||||||
|
|
||||||
## Authenciation
|
|
||||||
1. If you are seeing "Permission Issues" when doing terraform apply and the identity with which you are running terraform has correct permissions;
|
1. If you are seeing "Permission Issues" when doing terraform apply and the identity with which you are running terraform has correct permissions;
|
||||||
run below command so that correct auth credentials are picked by ADC when terraform commands are executed
|
run below command so that correct auth credentials are picked by ADC when terraform commands are executed
|
||||||
|
|
||||||
````
|
````bash
|
||||||
gcloud auth application-default login
|
gcloud auth application-default login
|
||||||
````
|
````
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue