Google Cloud Console

Enable Google Cloud API’s, create Custom Role and setup Service Account

Pre-requisites

Existing Google Cloud Platform Account is required before you proceed. To deploy a cluster in your Google Cloud Platform (GCP) account with Kublr, you’ll need to create a GCP service account and a private key. To create a custom role, you’ll use a gcloud Google Cloud CLI

Overview

To deploy a cluster in your GPC account with Kublr, you’ll need to allow some GCP API, create a GCP service account a GCP role. All cluster resources (e.g. nodes) are created in your GCP service account using the GCP API and will be managed by Kublr. Use your GCP account credential to sign in to the Google Cloud Platform.

Enable Gggole Cloud API

  1. Follow this link (https://console.cloud.google.com) to Google Cloud Platform Console and log in to your account.
  2. On the top left click to expand the menu Expand Policy
  3. Select the API and services sub-menu API and services button
  4. On the API & services page select library LIbrary button
  5. On the left menu and look for Cloud deployment management API in the search window Cloud deployment management API
  6. Click on the Cloud Developer Management V2 API
  7. On the next window click the button Enable
  8. Check that the API are enabled now
    Development api enabled
  9. Repeat steps 1-7 for Compute Engine API, and check results
    Engine API enabled
  10. Repeat steps 1-7 for Cloud Storage API, and check results
    Storage API enabled

Create a custom role

  1. Follow this link (https://cloud.google.com/sdk/install) to install gcloud on your PC
  2. Download file with the predefined custom role
  3. Use gcloud command with the next parameters
    gcloud iam roles create ROLE_ID --project PROJECT_ID --file YAML_ROLE_FILE
    For example
    gcloud iam roles create KublrMinVersion1 --project kublr-195022 --file gcp_minpriv.yaml

  4. Ignore the next warning message: API is not enabled for permissions: [storage.buckets.create, storage.buckets.delete, storage.buckets.get, storage.buckets.getIamPolicy, storage.buckets.list, storage.buckets.setIamPolicy, storage.buckets.update, storage.objects.create, storage.objects.delete, storage.objects.get, storage.objects.getIamPolicy, storage.objects.list, storage.objects.setIamPolicy, storage.objects.update]. Please enable the corresponding APIs to use those permissions

Create a service account for the cystom role

  1. Follow this link (https://console.cloud.google.com) to Google Cloud Platform Console and log in to your account.
  2. On the top left click to expand the menu Expand Policy
  3. Select the IAM and Admin sub-menu IAM sub-menu
  4. On the IAM & admin page select Service Accounts
  5. On the left menu and click Create Service Account at the top of the page.
  6. Fill out the form
    Store username somewhere. Press “Create” and goto the next window. For example
    Fill SA form
  7. Assign the custom role to a new service account
    Fill SA form2
  8. Add permissions to this service account
    Fill SA form3
  9. Fill out the form, click Furnish a new private key, and choose JSON
    Furnish a New Private Key
  10. Click the Save button. Your JSON key will be downloaded and placed in your downloads directory. This file will be necessary to add your credentials to Kublr.

Questions? Suggestions? Need help? Contact us.