move gcp provisioning of workers to the newly created scm-level-specific gcloud projects
Categories
(Infrastructure & Operations :: RelOps: General, defect)
Tracking
(Not tracked)
People
(Reporter: grenade, Assigned: grenade)
References
Details
|
Assignee | |
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
We've set up new projects in GCP for TC workers to live in, and I'd like to start moving them over.
relops/
applications/
fx-workers-tier1/
fx-workers-tier1-prod
fx-workers-tier1-nonprod
fx-workers-tier3/
fx-workers-tier3-prod
fx-workers-tier3-nonprod
What permissions or setup does Taskcluster (the app) need, and what permissions should Taskcluster (the team) have? For the short term it makes sense to give access freely while we're still setting things up, but I'd like to know what the minimum is, too.
|
||
Comment 2•5 years ago
|
||
Until we have worker manager taskcluster the app needs no permissions. I don't think the team needs any either unless we're setting up the workers. If we are probably easiest just to give us editor role?
|
||
Comment 3•5 years ago
|
||
(In reply to Kendall Libby [:fubar] (he/him) from comment #1)
We've set up new projects in GCP for TC workers to live in, and I'd like to
start moving them over.relops/
applications/
fx-workers-tier1/
fx-workers-tier1-prod
fx-workers-tier1-nonprod
fx-workers-tier3/
fx-workers-tier3-prod
fx-workers-tier3-nonprodWhat permissions or setup does Taskcluster (the app) need, and what
permissions should Taskcluster (the team) have? For the short term it makes
sense to give access freely while we're still setting things up, but I'd
like to know what the minimum is, too.
On my side, I need these permissions:
- Create GCE images
- Create and manage service accounts
- Launch and manage instances
- Create and manage GCE templates
- Create GCS buckets
|
||
Updated•5 years ago
|
Description
•