Created on 02-22-201807:49 AM - edited 08-17-201908:44 AM
This is a detailed walk-through of configuring a service account in Google Cloud Platform and a cloud credential in Cloudbreak. Once these are done, Cloudbreak can spin up your clusters in GCP easily and quickly.
High Level Steps
Enable Compute Engine API in GCP project
Create service account with required roles in GCP project
Create credential for GCP service account in Cloudbreak
You will need a GCP account that you have full rights to administer service accounts and a Cloudbreak instance. The Cloudbreak can be running anywhere, as long as it has network access to GCP. My example is running on an internal OpenStack cluster.
On the main dashboard page, you will find the Project ID. You will need this to define your credential in Cloudbbreak in a later step.
GCP - APIs Dashboard
Go to the Service Accounts screen by (1) clicking the menu in the top left, (2) hovering over APIs and Services, and (3) Clicking on Dashboard.
GCP - APIs & Services Dashboard
Verify that the Google Compute Engine API is listed and enabled. If it is not click on the Enable APIs button to search for and enable it.
GCP - Service Accounts
Go to the Service Accounts screen by (1) clicking the menu in the top left, (2) hovering over IAM & Admin, and (3) Clicking on Service Accounts.
GCP - Create Service Account - Step 1
Click "Create Service Account"
GCP - Create Service Account - Step 2
Give the service account a name
Check the "Furnish a new key" box. This will download a key to your computer when you finish creating the account.
If you are using Cloudbreak 2.7 or later, select JSON format key. Google has deprecated the P12 format and it will eventually be unsupported. If you are using Cloudbreak before 2.7, I strongly recommend that you move to 2.7 because of the many excellent new features and use JSON. In Cloudbreak 2.4, P12 is the only format that is supported.
Click the "Select a Role" dropdown
Select the required Compute Engine roles.
Select the Storage Admin role under Storage.
Click outside of the roles selection dropdown to reveal the "create" button.
All five of the roles shown are required for the service account.
GCP - Create Service Account - Step 3
GCP - Service Account Created
The new private key will be downloaded and the password for the key will be displayed. You will not use the password for Cloudbreak.
GCP - Service Accounts List
You will need to supply the Service Account ID in the Cloudbreak Credential form in a later step.
Cloudbreak - Creating GCP credential
Log into your Cloudbreak instance.
Click on Credentials in navigation bar
Click on "Create Credential"
Cloudbreak - Select cloud platform
Click "Select your cloud provider" to pull down list
Click on Google
Cloudbreak - Create Credential
Give this credential a name. This will be used in Cloudbreak to identify which cloud you will use to provision a new cluster.
Paste in the Service Account ID from the earlier step.
Paste in the Project ID from the earlier step.
Upload the key file that was downloaded in the earlier step.
Cloudbreak - Verifying Credential - Step 1
To see that the credential is working, start to create a new cluster
Click Clusters on the left-side menu
Click Create Cluster
Cloudbreak - Verifying Credential - Step 2
Once you select your new credential, the Region and Availability Zone fields should get populated. If they don't, they will be blank or say "select region". That would be an indication that your credential does not have the proper roles, or you do not have the Compute Engine API set up.
Once you've verified that your credential can talk to the GCP API, you can finish the cluster creation wizard to build your first cluster.