Setup GCP Account

Enable Google Cloud APIs, Create a Custom Role and Setup a Service Account

Prerequisites

An existing Google Cloud Platform (GCP) Account is required before you proceed. To deploy a cluster on GCP with Kublr, you’ll need to create a GCP service account and a private key. For custom roles, you’ll use a gcloud Google Cloud CLI

Overview

To deploy a cluster on GPC with Kublr, you’ll need to enable GCP APIs, create a GCP service account, and a GCP role. All cluster resources (e.g. nodes) are created in your GCP service account via the GCP API and will be managed by Kublr. Use your GCP account credential to sign in to GCP.

Enable the Google Cloud API

  1. Follow this link (https://console.cloud.google.com) to GCP Console and log in to your account.
  2. On the top left click to expand the menu Expand Policy
  3. Select the API and services sub-menu API and services button
  4. On the API & services page select library LIbrary button
  5. On the left menu and look for Cloud Deployment Manager V2 API in the search window Cloud deployment management API
  6. Click on the Cloud Deployment Manager V2 API
  7. On the next window click the button Enable
  8. Check that the API are enabled now
    Development api enabled
  9. Repeat steps 1-7 for Compute Engine API, and check results
    Engine API enabled

Create a Custom Role

  1. Follow this link (https://cloud.google.com/sdk/install) to install gcloud on your PC

  2. Download file with the predefined custom role

  3. Use gcloud command with the next parameters
    gcloud iam roles create ROLE_ID --project PROJECT_ID --file YAML_ROLE_FILE
    For example
    gcloud iam roles create KublrMinVersion1 --project kublr-195022 --file gcp_minpriv.yaml

  4. Ignore the next warning message: API is not enabled for permissions: [storage.buckets.create, storage.buckets.delete, storage.buckets.get, storage.buckets.getIamPolicy, storage.buckets.list, storage.buckets.setIamPolicy, storage.buckets.update, storage.objects.create, storage.objects.delete, storage.objects.get, storage.objects.getIamPolicy, storage.objects.list, storage.objects.setIamPolicy, storage.objects.update]. Please enable the corresponding APIs to use those permissions

Create a Service Account for the Custom Role

  1. Follow this link (https://console.cloud.google.com) to GCP Console and log in to your account.

  2. On the top left click to expand the menu Expand Policy

  3. Select the IAM and Admin sub-menu IAM sub-menu

  4. On the IAM & admin page select Service Accounts

  5. On the left menu and click Create Service Account at the top of the page.

  6. Fill out the form
    Store the username somewhere. Press “Create” and go to the next window. For example
    Fill SA form

  7. Assign the custom role to a new service account.

    NOTE You need a project owner role to assign roles.

    Fill SA form2

  8. Add permissions to this service account and push DONE button.
    Fill SA form3

  9. Find the service account you just created and in the Actions column select Manage keys.
    Create New Private Key

  10. Push ADD KEY button and then select Create new key.

  11. Click the CREATE button. Your JSON key will be downloaded and placed in your downloads directory. This file will be necessary to add your credentials to Kublr.