GCP Credentials for Auto Provisioning¶
With Rafay, customers can auto provision clusters in GCP in either an "new" or an "existing" GCP Project.
Step 1: Select GCP Project¶
Login into the Google Cloud Console.
New GCP Project¶
If you wish to create a new GCP Project, click on "New Project" and follow the instructions.
For example, after you create a new project called "demos", you should see something like the following.
Existing GCP Project¶
If you wish to use an exiting GCP Project, ensure you select it before proceeding to the next step.
Step 2: Enable Programmatic Access¶
Rafay creates resources in the project programmatically using GCP's "Cloud Deployment Manager" and "Compute Engine" APIs.
Click on "APIs & Services" and Select "Dashboard".
Now, click on "Enable APIs and Services"
Now, type in "Cloud Deployment Manager" into the box and select "Cloud Deployment Manager V2 API". Enable API Access.
Now, type in "Compute Engine API" into the box, Select it and enable API Access.
Step 3: Generate Service Account Credentials¶
For auto provisioning, Rafay requires Service Account credentials for a specific GCP Project.
Both both new and existing GCP Projects, customers may prefer to create a "new service account" for Rafay and limit it to just the "roles" it requires for auto provisioning. This also provides the added benefit of auditability.
- Click on "APIs & Services" and Select "Credentials"
- Click on "Create Credentials" and select "Service Account Key"
- Select "New Service Account"
Enter a "name" for the Service Account. In the example below, the name for the service account is "rafay-user".
For the role, assign "Compute Admin" and "Deployment Manager Editor".
- Ensure you have selected "JSON" for the key type.
Click Create and download/save the generated credentials.
You will be importing this downloaded JSON credentials in the Provider Profile for GCP.
Step 4: Create Cloud Credential¶
- Sign into the Rafay Console and click on Infrastructure
- Select "Cloud Credentials", Click on "New Credential" and provide a unique name and select GCP from the "Provider" drop down.
- Upload the JSON credentials file downloaded from Step 3 into the "Credentials File" and Save.