lemon-monkey-228
01/25/2022, 4:41 PMpulumi-state
GCP project and my resources will live in a completely separate project.great-queen-39697
01/25/2022, 8:50 PMbillions-glass-17089
01/25/2022, 9:14 PMproject_id
arg you can manually set. I'd store it as a pulumi config tholemon-monkey-228
01/26/2022, 9:19 AMGOOGLE_CREDENTIALS
env var which points to a service account keyproject_id
so that's not an issue, but the deployment will try and use the service account (provided by the GOOGLE_CREDENTIALS
env var) to do the deploymentgcs://
bucket (eg. called my-app-deployer
)
This has been fine because I've been deploying K8s services so far, so not had the need to deploy GCP resources too.GOOGLE_CREDENTIALS
service account key for both my state storage and as the account to deploy the GCP resourcespulumi-states
project that can write into a GCS bucket to save the state changes; one service account in my-project
that will actually deploy the resources)great-queen-39697
01/26/2022, 5:10 PMpulumi config set --secret <service-account-name> <secret-key>
as an example) or as an explicit provider in the resource options (as in https://www.pulumi.com/registry/packages/gcp/api-docs/provider/). I'd personally lean toward the config set secret version, but you can use either one.