From 38917e18d2fae4495a9cebf695ef6748ae0a7ca5 Mon Sep 17 00:00:00 2001
From: Toni Menzel <toni.menzel@rebaze.com>
Date: Mon, 9 Sep 2019 10:13:12 +0200
Subject: [PATCH] Add gcloud service-account create

The error from gcloud is very misleading when trying to create a key for non-existing account (it tells you that you do not have the right permissions, which is actually incorrect). This documentation should inform the user to make sure the account is created first.

Signed-off-by: Toni Menzel <toni.menzel@rebaze.com>
---
 docs/tasks/issuers/setup-acme/dns01/google.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/tasks/issuers/setup-acme/dns01/google.rst b/docs/tasks/issuers/setup-acme/dns01/google.rst
index f18c47624..9b2a36291 100644
--- a/docs/tasks/issuers/setup-acme/dns01/google.rst
+++ b/docs/tasks/issuers/setup-acme/dns01/google.rst
@@ -29,6 +29,12 @@ Create a Service Account Secret
 
 To access this service account cert-manager uses a key stored in a Kubernetes Secret. First, create a key for the service account and download it as JSON file, then create a Secret from this file.
 
+If you did not create the service "dns01-solver" account before, you need to create it first:
+
+.. code-block:: shell
+
+   gcloud iam service-accounts create dns01-solver
+
 .. code-block:: shell
 
    # Replace use of project-id with the id of your project