Google Cloud IAM Permissions Guide
Overview
Zeet leverages Google Cloud services to deliver its platform capabilities. Understanding the permissions required helps in setting up and using the platform efficiently. This guide delves deep into the Google Cloud IAM permissions used by Zeet, starting with default permissions needed for initial cloud connections and then moving onto fine-grained permissions for advanced users.
1. Default Permissions
These permissions are essential for establishing the basic connection between Zeet and your Google Cloud account.
1.1. Cloud Connection
- Required Permissions:
- Project Owner: Ensures Zeet has adequate permissions manage and deploy google cloud services.
1.2. Platform Permissions (Default)
By default, all platform and deployment permissions, as detailed in the "Fine Grained Customization Permissions" section, are enabled. This streamlined configuration makes it easier for users to explore and get started with the platform.
2. Fine Grained Customization Permissions
For users who need more control over the permissions granted to Zeet. This section is relevant for Pro, Scale, and Enterprise plan users.
Only Pro, Scale, and Enterprise plan users can customize these permissions.
2.1. Cloud Connection
- Customizable Permissions: Depending on the use case, users can decide which permissions to grant.
2.2. Platform Permissions by Use Case
Detailed permissions for specific use-cases:
2.2.1. Container Management
Managing Service Containers or Job Containers requires permissions to various Google Cloud services:
- GCR: Allows Zeet to manage container repositories.
- GKE: Lets Zeet interact with Kubernetes clusters.
- Compute Engine: Provides control over virtual servers in the cloud.
- VPC Network: Ensures network-related configurations can be adjusted.
- Cloud DNS: Allows domain name system service management.
- IAM: Manages Google Cloud access.
- Workload Identity: Provides iam access for containers.
2.2.2. Serverless via Google Cloud Run Management
For those looking to manage Serverless Functions:
- Cloud Run: Manages serverless containers.
- GCR: Allows management of container repositories.
- IAM: Manages Google Cloud access.
2.2.4. Terraform Module Management
Needed for Terraform Stack setups:
- Cloud Storage: Storage for Terraform states and modules.
Additional permissions for Terraform Module Management depend on the specific template utilized.
2.3. Zeet Dashboard and Monitoring
2.3.1. View Logs
- Cloud Logging (formerly Stackdriver Logging): Allows historical log viewing on the dashboard.
2.3.2. View Metrics
- Cloud Monitoring (formerly Stackdriver Monitoring): Enables monitoring of metrics related to services managed by Zeet.