From 9a04bd4ea01de6ec0a20b97c1460ff8f00759b90 Mon Sep 17 00:00:00 2001
From: Pieter van der Giessen <pieter@pionative.com>
Date: Thu, 12 Oct 2023 15:50:32 +0200
Subject: [PATCH] Update Google DNS doc in case custom role is used

Signed-off-by: Pieter van der Giessen <pieter@pionative.com>
---
 content/docs/configuration/acme/dns01/google.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/content/docs/configuration/acme/dns01/google.md b/content/docs/configuration/acme/dns01/google.md
index 460239de80c..b9b6db839a6 100644
--- a/content/docs/configuration/acme/dns01/google.md
+++ b/content/docs/configuration/acme/dns01/google.md
@@ -45,7 +45,8 @@ gcloud projects add-iam-policy-binding $PROJECT_ID \
 >  * `dns.resourceRecordSets.*`
 >  * `dns.changes.*`
 >  * `dns.managedZones.list`
-
+>
+> In case you do not use the `dns.admin` role, you will also need to make sure that the Service Account used by your GKE cluster (e.g. the Compute Engine default service account) has the `https://www.googleapis.com/auth/cloud-platform` access scope assigned to it. See [Access scopes in GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes).
 ## Use Static Credentials
 
 Follow the instructions in the following sections to deploy cert-manager using