Skip to content

GCP Credentials for Auto Provisioning

Customers can auto provision clusters in GCP in either an "new" or an "existing" GCP Project.


Step 1: Select GCP Project

Login into the Google Cloud Console.

New GCP Project

If you wish to create a new GCP Project, click on "New Project" and follow the instructions.

Create Project

For example, after you create a new project called "demos", you should see something like the following.

Select Project

Existing GCP Project

If you wish to use an exiting GCP Project, ensure you select it before proceeding to the next step.


Step 2: Enable Programmatic Access

The controller creates resources in the project programmatically using GCP's "Cloud Deployment Manager" and "Compute Engine" APIs.

Click on "APIs & Services" and Select "Dashboard".

APIs

Now, click on "Enable APIs and Services"

Enable Programmatic Access

Now, type in "Cloud Deployment Manager" into the box and select "Cloud Deployment Manager V2 API". Enable API Access.

Deployment Manager API

Now, type in "Compute Engine API" into the box, Select it and enable API Access.

Compute Engine API


Step 3: Generate Service Account Credentials

For auto-provisioning, the controller requires Service Account credentials for a specific GCP Project.

Both both new and existing GCP Projects, customers may prefer to create a "new service account" for the controller and limit it to just the "roles" it requires for auto provisioning. This also provides the added benefit of auditability.

  • Click on "APIs & Services" and Select "Credentials"

Select Credentials

  • Click on "Create Credentials" and select "Service Account Key"
  • Select "New Service Account"
  • Enter a "name" for the Service Account.

  • For the role, assign "Compute Admin" and "Deployment Manager Editor".

  • Ensure you have selected "JSON" for the key type.
  • Click Create and download/save the generated credentials.

  • You will be importing this downloaded JSON credentials in the Provider Profile for GCP.

Service Account Role


Step 4: Create Cloud Credential

  • Sign into the Web Console and click on Infrastructure
  • Select "Cloud Credentials", Click on "New Credential" and provide a unique name and select GCP from the "Provider" drop down.
  • Upload the JSON credentials file downloaded from Step 3 into the "Credentials File" and Save.

View Cloud Credential