OSDOCS-11735: Update GCP installation info

barbacbd · barbacbd · commit 7835fff466b0 · 2024-09-26T07:27:39.000-04:00
** Add in notes for permissions when user does not provide service accounts for installs.
** Add in service account field for the install parameters
diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc
@@ -2109,6 +2109,13 @@ Additional GCP configuration parameters are described in the following table:
 |The name of the custom {op-system} image that the installation program is to use to boot compute machines. If you use `compute.platform.gcp.osImage.project`, this field is required.
 |String. The name of the {op-system} image.
 
+|compute:
+  platform:
+    gcp:
+      serviceAccount:
+|Specifies the email address of a {gcp-short} service account to be used during installations. This service account will be used to provision compute machines.
+|String. The email address of the service account.
+
 |platform:
   gcp:
     network:
@@ -2385,6 +2392,17 @@ When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use
 |Specifies the behavior of control plane VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
 |`Terminate` or `Migrate`. The default value is `Migrate`.
 
+|controlPlane:
+  platform:
+    gcp:
+      serviceAccount:
+|Specifies the email address of a {gcp-short} service account to be used during installations. This service account will be used to provision control plane machines.
+[IMPORTANT]
+====
+In the case of shared VPC installations, when the service account is not provided, the installer service account must have the `resourcemanager.projects.getIamPolicy` and `resourcemanager.projects.setIamPolicy` permissions in the host project.
+====
+|String. The email address of the service account.
+
 |compute:
   platform:
     gcp:
diff --git a/modules/minimum-required-permissions-ipi-gcp-xpn.adoc b/modules/minimum-required-permissions-ipi-gcp-xpn.adoc
@@ -31,3 +31,12 @@ Ensure that the host project applies one of the following configurations to the
 * `projects/<host-project>/roles/dns.networks.bindPrivateDNSZone`
 * `roles/compute.networkUser`
 ====
+
+If you do not supply a service account for control plane nodes in the `install-config.yaml` file, please grant the below permissions to the service account in the host project.
+
+[%collapsible]
+====
+* `resourcemanager.projects.getIamPolicy`
+* `resourcemanager.projects.setIamPolicy`
+====
+
