From 3b0dde1da2b2db1a455eb73011c232f3f293b607 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 13 Nov 2018 13:16:49 -0800 Subject: [PATCH] Add documentation on resource.google_container_cluster (#126) /cc @rileykarson --- website/docs/r/container_cluster.html.markdown | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 856570721f..af4034fefa 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -357,6 +357,11 @@ The `node_config` block supports: * `service_account` - (Optional) The service account to be used by the Node VMs. If not specified, the "default" service account is used. + In order to use the configured `oauth_scopes` for logging and monitoring, the service account being used needs the + [roles/logging.logWriter](https://cloud.google.com/iam/docs/understanding-roles#stackdriver_logging_roles) and + [roles/monitoring.metricWriter](https://cloud.google.com/iam/docs/understanding-roles#stackdriver_monitoring_roles) roles. + + -> Projects that enable the [Cloud Compute Engine API](https://cloud.google.com/compute/) with Terraform may need these roles added manually to the service account. Projects that enable the API in the Cloud Console should have them added automatically. * `tags` - (Optional) The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.