Background
The 3.8.1.2 ECFS version (released on December 2022) uses a load balancer which is based on GCP ILB.
For any older version of ECFS, the load balancer was based on GCP routes.
New systems deployed using that version will create the GCP internal load balancer,
while systems run older version can migrate to the GCP internal load balancer using a non-disruptive upgrade.
For both approaches, the service account which is attached to the EMS machine, should have additional IAM permissions for managing the GCP internal load balancer.
Overview
This article provides a list of permissions required for using GCP internal load balancer in Elastifile cluster.
The required permissions are in addition to the permissions which are required for managing the Elastifile cluster in general. For more information, refer here.
List of permissions
- compute.addresses.createInternal
- compute.addresses.deleteInternal
- compute.addresses.get
- compute.forwardingRules.list
- compute.disks.useReadOnly
- compute.forwardingRules.get
- compute.forwardingRules.create
- compute.healthChecks.get
- compute.healthChecks.create
- compute.healthChecks.useReadOnly
- compute.instances.use
- compute.instanceGroups.create
- compute.instanceGroups.get
- compute.instanceGroups.use
- compute.instanceGroups.update
- compute.regionBackendServices.create
- compute.regionBackendServices.use
- compute.regionBackendServices.get