Merge pull request #81053 from barbacbd/OSDOCS-11735

bscott-rh · web-flow · commit ccb99df8d16b · 2024-09-27T13:18:08.000-04:00
OSDOCS-11735: Update GCP installation info
diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc
@@ -2130,6 +2130,13 @@ Additional GCP configuration parameters are described in the following table:
 |The name of the custom {op-system} image that the installation program is to use to boot compute machines. If you use `compute.platform.gcp.osImage.project`, this field is required.
 |String. The name of the {op-system} image.
 
+|compute:
+  platform:
+    gcp:
+      serviceAccount:
+|Specifies the email address of a {gcp-short} service account to be used during installations. This service account will be used to provision compute machines.
+|String. The email address of the service account.
+
 |platform:
   gcp:
     network:
@@ -2406,6 +2413,17 @@ When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use
 |Specifies the behavior of control plane VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
 |`Terminate` or `Migrate`. The default value is `Migrate`.
 
+|controlPlane:
+  platform:
+    gcp:
+      serviceAccount:
+|Specifies the email address of a {gcp-short} service account to be used during installations. This service account will be used to provision control plane machines.
+[IMPORTANT]
+====
+In the case of shared VPC installations, when the service account is not provided, the installer service account must have the `resourcemanager.projects.getIamPolicy` and `resourcemanager.projects.setIamPolicy` permissions in the host project.
+====
+|String. The email address of the service account.
+
 |compute:
   platform:
     gcp:
diff --git a/modules/minimum-required-permissions-ipi-gcp-xpn.adoc b/modules/minimum-required-permissions-ipi-gcp-xpn.adoc
@@ -31,3 +31,12 @@ Ensure that the host project applies one of the following configurations to the
 * `projects/<host-project>/roles/dns.networks.bindPrivateDNSZone`
 * `roles/compute.networkUser`
 ====
+
+If you do not supply a service account for control plane nodes in the `install-config.yaml` file, please grant the below permissions to the service account in the host project.
+
+[%collapsible]
+====
+* `resourcemanager.projects.getIamPolicy`
+* `resourcemanager.projects.setIamPolicy`
+====
+
