Skip to content
This repository was archived by the owner on Apr 3, 2024. It is now read-only.

Commit e7f15f5

Browse files
ofrobotsofrobots
authored
add note about scopes on GKE (#264)
1 parent 8571d85 commit e7f15f5

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

README.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,17 @@ the [Google Cloud Console][dev-console]. You can start adding snapshots and log-
4040

4141
## Running on Google Cloud Platform
4242

43-
The Stackdriver Debugger Agent should work without manually provided authentication credentials for instances running on Google Cloud Platform, as long as the [Stackdriver Debugger API][debugger-api] access scope is enabled on that instance. For Google App Engine instances, this is automatic if the Debugger API has been enabled for your project (which is the default).
43+
The Stackdriver Debugger Agent should work without manually provided authentication credentials for instances running on Google Cloud Platform, as long as the [Stackdriver Debugger API][debugger-api] access scope is enabled on that instance.
4444

45-
For Google Compute Engine instances, you need to explicitly enable the Debugger API access scope for each instance. When creating a new instance through the GCP web console, you can do this in one of two ways under **Identity and API access**:
45+
For **Google App Engine** instances, this is the enabled by default.
46+
47+
On **Google Container Engine (GKE)**, you need to explicitly add the `cloud_debugger` OAuth scope when creating the cluster:
48+
49+
```
50+
$ gcloud container clusters create example-cluster-name --scopes https://www.googleapis.com/auth/cloud_debugger
51+
```
52+
53+
For **Google Compute Engine instances**, you need to explicitly enable the Debugger API access scope for each instance. When creating a new instance through the GCP web console, you can do this in one of two ways under **Identity and API access**:
4654
* Use the Compute Engine default service account and select "Allow full access to all Cloud APIs" under Access scopes.
4755
* Select a service account with the [**Cloud Debugger Agent**][debugger-roles] role, which contains the necessary permissions (or any other role with at least the same permissions). You may need to create one if you don't have one already.
4856

0 commit comments

Comments
 (0)