Prerequisites

General

  • A Linux or Windows (WSL) client machine to run the install script. The install script is officially supported on the following:

    • CentOS 7, 8, 9

    • RHEL 7, 8, 9

    • Ubuntu 20.04, 22.04

    • Debian 10, 11

    • Windows Subsystem for Linux (WSL)

  • System requirements:

    • (Minimum) A single-core CPU, 1 GB RAM, 100 MB of free space

    • (Recommended) A dual-core CPU, 2 GB RAM, 1 GB of free space

  • An active GCP account

  • An active SCM account

  • An organization created in SCM

  • Domains validated in SCM

  • SCM credentials for one of the following: AdminAPI, EnrollAPI, or ACME

  • Terraform v1.1.4 or later and Google provider v4.7.0 or later

  • Google Cloud CLI

  • A service account or user account for authentication at Google Cloud

  • The project ID if you have multiple projects in your GCP account

GCP account prerequisites for Cloud Run function deployment

  • To perform deployment you need either of the major GCP account types: user account or service account with the following permissions:

    • Cloud Functions Admin: cloud function creation, removal, etc.

    • Cloud Scheduler Admin: scheduler creation, removal, etc.

    • Storage Admin: to access bucket which contains scm.yaml file

    • Create Service Accounts: SA creation

    • Delete Service Accounts: SA removal

  • The following GCP services must be enabled in the project:

    • compute.googleapis.com

    • cloudfunctions.googleapis.com

    • cloudscheduler.googleapis.com

    • cloudbuild.googleapis.com

    • iam.googleapis.com

    • run.googleapis.com

If any of those services are not enabled, they will be checked and enabled during the install.sh script execution. To enable GCP service, additional permission is granted by assigning one of the following roles: Editor, Service Usage Admin, or Owner.

  • To perform Terraform authentication to Google Cloud you need to authenticate your user account or service account for application default credentials with the command: gcloud auth application-default login.