Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar
Expert Contributor

This is a detailed walk-through of configuring a service account in Google Cloud Platform and a cloud credential in Cloudbreak. Once these are done, Cloudbreak can spin up your clusters in GCP easily and quickly.

High Level Steps

  1. Enable Compute Engine API in GCP project
  2. Create service account with required roles in GCP project
  3. Create credential for GCP service account in Cloudbreak

You will need a GCP account that you have full rights to administer service accounts and a Cloudbreak instance. The Cloudbreak can be running anywhere, as long as it has network access to GCP. My example is running on an internal OpenStack cluster.

Google Cloud Platform Console

Log into the GCP Console at https://console.cloud.google.com

On the main dashboard page, you will find the Project ID. You will need this to define your credential in Cloudbbreak in a later step.

62472-google-cloud-platform-console.png

GCP - APIs Dashboard

Go to the Service Accounts screen by (1) clicking the menu in the top left, (2) hovering over APIs and Services, and (3) Clicking on Dashboard.

62473-gcp-apis-dashboard.png

GCP - APIs & Services Dashboard

Verify that the Google Compute Engine API is listed and enabled. If it is not click on the Enable APIs button to search for and enable it.

62525-gcp-apis-amp-services-dashboard.png

GCP - Service Accounts

Go to the Service Accounts screen by (1) clicking the menu in the top left, (2) hovering over IAM & Admin, and (3) Clicking on Service Accounts.

62474-gcp-service-accounts.png

GCP - Create Service Account - Step 1

  1. Click "Create Service Account"

62475-gcp-create-service-account-step-1.png

GCP - Create Service Account - Step 2

  1. Give the service account a name
  2. Check the "Furnish a new key" box. This will download a key to your computer when you finish creating the account.
  3. If you are using Cloudbreak 2.7 or later, select JSON format key. Google has deprecated the P12 format and it will eventually be unsupported.
    If you are using Cloudbreak before 2.7, I strongly recommend that you move to 2.7 because of the many excellent new features and use JSON. In Cloudbreak 2.4, P12 is the only format that is supported.
  4. Click the "Select a Role" dropdown
  5. Select the required Compute Engine roles.
  6. Select the Storage Admin role under Storage.
  7. Click outside of the roles selection dropdown to reveal the "create" button.

All five of the roles shown are required for the service account.

62476-gcp-create-service-account-step-2.png

GCP - Create Service Account - Step 3

  1. Click "Create"

62477-gcp-create-service-account-step-3.png

GCP - Service Account Created

The new private key will be downloaded and the password for the key will be displayed. You will not use the password for Cloudbreak.

62478-gcp-service-account-created.png

GCP - Service Accounts List

You will need to supply the Service Account ID in the Cloudbreak Credential form in a later step.

62479-gcp-service-accounts-list.png

Cloudbreak - Creating GCP credential

Log into your Cloudbreak instance.

  1. Click on Credentials in navigation bar
  2. Click on "Create Credential"

62480-cloudbreak-creating-gcp-credential.png

Cloudbreak - Select cloud platform

  1. Click "Select your cloud provider" to pull down list
  2. Click on Google

62481-cloudbreak-select-cloud-platform.png

Cloudbreak - Create Credential

  1. Give this credential a name. This will be used in Cloudbreak to identify which cloud you will use to provision a new cluster.
  2. Paste in the Service Account ID from the earlier step.
  3. Paste in the Project ID from the earlier step.
  4. Upload the key file that was downloaded in the earlier step.
  5. Click "Create"

62482-cloudbreak-create-credential.png

Cloudbreak - Verifying Credential - Step 1

To see that the credential is working, start to create a new cluster

  1. Click Clusters on the left-side menu
  2. Click Create Cluster

62483-cloudbreak-verifying-credential-step-1.png

Cloudbreak - Verifying Credential - Step 2

Once you select your new credential, the Region and Availability Zone fields should get populated. If they don't, they will be blank or say "select region". That would be an indication that your credential does not have the proper roles, or you do not have the Compute Engine API set up.

62484-cloudbreak-verifying-credential-step-2.png

Finished

Once you've verified that your credential can talk to the GCP API, you can finish the cluster creation wizard to build your first cluster.

1,378 Views