{product-title} requires a Google Cloud Platform (GCP) service account that provides authentication and authorization to access data in the Google APIs. If you do not have an existing IAM service account that contains the required roles in your project, you must create one.
-
You created a project to host your cluster.
-
Create a service account in the project that you use to host your {product-title} cluster. See Creating a service account in the GCP documentation.
-
Grant the service account the appropriate permissions. You can either grant the individual permissions that follow or assign the
Ownerrole to it. See Granting roles to a service account for specific resources.NoteWhile making the service account an Owner of the project is the easiest way to gain the required permissions, it means that that service account has complete control over the project. You must determine if the risk that comes from offering that power is acceptable.
-
Create the service account key in JSON format. See Creating service account keys in the GCP documentation.
The service account key is required to create a cluster.