Created on 02-22-2018 07:49 AM - edited 08-17-2019 08:44 AM
This is a detailed walk-through of configuring a service account in Google Cloud Platform and a cloud credential in Cloudbreak. Once these are done, Cloudbreak can spin up your clusters in GCP easily and quickly.
High Level Steps
You will need a GCP account that you have full rights to administer service accounts and a Cloudbreak instance. The Cloudbreak can be running anywhere, as long as it has network access to GCP. My example is running on an internal OpenStack cluster.
Log into the GCP Console at https://console.cloud.google.com
On the main dashboard page, you will find the Project ID. You will need this to define your credential in Cloudbbreak in a later step.
Go to the Service Accounts screen by (1) clicking the menu in the top left, (2) hovering over APIs and Services, and (3) Clicking on Dashboard.
Verify that the Google Compute Engine API is listed and enabled. If it is not click on the Enable APIs button to search for and enable it.
Go to the Service Accounts screen by (1) clicking the menu in the top left, (2) hovering over IAM & Admin, and (3) Clicking on Service Accounts.
All five of the roles shown are required for the service account.
The new private key will be downloaded and the password for the key will be displayed. You will not use the password for Cloudbreak.
You will need to supply the Service Account ID in the Cloudbreak Credential form in a later step.
Log into your Cloudbreak instance.
To see that the credential is working, start to create a new cluster
Once you select your new credential, the Region and Availability Zone fields should get populated. If they don't, they will be blank or say "select region". That would be an indication that your credential does not have the proper roles, or you do not have the Compute Engine API set up.
Once you've verified that your credential can talk to the GCP API, you can finish the cluster creation wizard to build your first cluster.