stephen-soltesz
commented
4 years ago @nkinkade Would we have to create the buckets manually if we targeted a new GCP project? or, are there scripts that do this automatically?
Open stephen-soltesz opened 6 years ago
stephen-soltesz
commented
4 years ago @nkinkade Would we have to create the buckets manually if we targeted a new GCP project? or, are there scripts that do this automatically?
nkinkade
commented
4 years ago @stephen-soltesz: it is currently a manual process. I guess my question is where this sort of documentation should go, and whether this particular issue is just one small part of the larger issue that nearly all of our GCS buckets, as far as I know, were created manually and had ACLs applied manually.
stephen-soltesz
commented
4 years ago I'm confident that our "just so" configs of gcp projects are going to bite us one day -- I just don't know which day (could be a long time). The passage of time makes this worse not better. That's the main motivation here. A secondary reason could be making k8s-support re-usable by not-us. That's under specified though.
@stephen-soltesz: Is this still an issue? CloudBuild needs write access to the bucket, as do Operators (when running the bootstrap_platform_cluster.sh script. This almost seems like a part of the larger issue of having adhoc ACLs manually configured throughout each project. Not sure if this issue is still relevant?