Registering a Google Account in gopaddle, provides gopaddle the required Google Account credentials to provision and manage Google GKE clusters, push or pull Docker Images to the Artifact (Docker) Registry.  Registering a Google Account is a three step process. First a role with the necessary access privileges needs to be created in the Google Cloud Console. This role is assigned to a newly created Service Account. The Service account credentials are then used to register the Google Account in the gopaddle portal.

Pre-requisite

gopaddle uses Google's Kubernetes Engine API in order to provision and manage GKE clusters. Before registering a Google Cloud Account ensure that the API is enabled in the Google Cloud Kubernetes Engine page

Creating a Role

  1. Login to the Google Cloud Console and select the project under which the Google GKE Clusters need to be managed. If no projects are available, create a new projectC
  2. Choose IAM & Admin and choose Roles
  3. Choose CREATE ROLE to create a new Role
  4. Choose ADD PERMISSIONS to add permissions to manage kubernetes clusters and the Artifact Registry. Under filter roles, select permissions under Kubernetes Engine Admin, Kubernetes Engine Cluster Admin, Artifact Registry Administrator and Service Account User. In addition, select the permissions : container.clusters.get , container.clusters.delete and container.clusters.getCredentials

Here is the final list of permissions to be added to the role :

artifactregistry.files.get
artifactregistry.files.list
artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.repositories.create
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
container.clusters.create
container.clusters.delete
container.clusters.get
container.clusters.getCredentials
container.clusters.list
container.clusters.update
container.operations.get
container.operations.list
container.thirdPartyObjects.update
container.tokenReviews.create
iam.serviceAccounts.actAs
iam.serviceAccounts.get
iam.serviceAccounts.list
resourcemanager.projects.get
compute.instanceGroups.get
compute.instances.get
storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.list
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update

5. Choose CREATE to save the Role

Creating a Service Account

  1. Choose API & Services and Choose Credentials
  2. Click on CREATE CREDENTIALS to create a new credential of type Service account
  3. Name the Service account and choose the newly created Role to associate with the Service Account
  4. Create a Key for the Service Account by clicking on CREATE KEY
  5. Create a p12 file based key.

6. Save the secret password and the p12 file generated

7. Note down the Service Account email ID. 

The Google Project Name, Service Account Email ID, P12 file and the Private Key password generated in the previous steps will used to register the Google Cloud Account in gopaddle.

Did this answer your question?