To use CI/CD services on Google Cloud, your user needs to have the right permissions assigned to them. Let's perform the following steps to configure a service account for the CI/CD:
- Follow the instructions in the Provisioning a managed Kubernetes cluster on the GKE recipe of Chapter 1, Building Production-Ready Kubernetes Clusters, to deploy a GKE cluster. If you already have one, skip to step 2 to create a service account that will be used by the pipeline later:
$ gcloud iam service-accounts create cicd-account \
--display-name "My CICD Service Account"
- Replace the following devopscookbook in both places with your project name and add storage admin role binding to your service account:
$ gcloud projects \
add-iam-policy-binding \
devopscookbook --role \
roles/storage.admin --member \
serviceAccount:cicd-account@devopscookbook.iam.gserviceaccount.com
- Store your cicd-account key:
$ gcloud iam service-accounts keys \
create cicd-key.json \
--iam-account cicd-account@devopscookbook.iam.gserviceaccount.com
With that, you have assigned the permissions to your service account.