Registering a Google Account in gopaddle, provides gopaddle the required Google Account credentials to provision and manage Google GKE clusters, push or pull Docker Images to the Artifact (Docker) Registry.  Registering a Google Account is a three step process. First a role with the necessary access privileges needs to be created in the Google Cloud Console. This role is assigned to a newly created Service Account. The Service account credentials are then used to register the Google Account in the gopaddle portal.

Pre-requisite

gopaddle uses Google's Kubernetes Engine API in order to provision and manage GKE clusters. Before registering a Google Cloud Account ensure that the API is enabled in the Google Cloud Kubernetes Engine page

Step-1 : Create a Role

You can create a new role either using the gcloud command line utility or from the Google Cloud Console.


a) Creating a Role using gcloud command

1. Install gcloud utility by following the step here.

2. Download the google IAM role permissions file.

3. Using gcloud command-line utility, create a new role with the required permissions.

gcloud iam roles create <role-name> --project=<Project_ID> --file=<permissions-file-path>


b) Creating a Role using Google Cloud Console

  1. Login to the Google Cloud Console and select the project under which the Google GKE Clusters need to be managed. If no projects are available, create a new project

  1. Choose IAM & Admin and choose Roles

  2. Choose CREATE ROLE to create a new Role

  3. Choose ADD PERMISSIONS to add permissions to manage kubernetes clusters and the Artifact Registry. Under filter roles, select permissions under Kubernetes Engine Admin, Kubernetes Engine Cluster Admin, Artifact Registry Administrator and Service Account User. In addition, select the permissions : container.clusters.get , container.clusters.delete and container.clusters.getCredentials

Here is the final list of permissions to be added to the role :

artifactregistry.files.get
artifactregistry.files.list
artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.repositories.create
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
compute.instanceGroups.get
compute.instances.get
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.create
container.clusters.delete
container.clusters.get
container.clusters.getCredentials
container.clusters.list
container.clusters.update
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.list
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.events.list
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.ingresses.create
container.ingresses.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.replicaSets.list
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.tokenReviews.create
container.pods.update
container.pods.proxy
container.pods.updateStatus
iam.serviceAccounts.actAs
iam.serviceAccounts.get
iam.serviceAccounts.list
resourcemanager.projects.get
storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.list
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update
container.validatingWebhookConfigurations.create container.validatingWebhookConfigurations.delete container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.validatingWebhookConfigurations.update container.mutatingWebhookConfigurations.create container.mutatingWebhookConfigurations.delete container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.mutatingWebhookConfigurations.update

5. Choose CREATE to save the Role


Step -2 Creating a Service Account

  1. Choose API & Services and Choose Credentials

  2. Click on CREATE CREDENTIALS to create a new credential of type Service account

  3. Name the Service account and choose the newly created Role to associate with the Service Account. If you have created the role using the gcloud utility, then choose the role IAM demo role.

  4. Create a Key for the Service Account by clicking on CREATE KEY

  5. Create a JSON file based key.

  6. Save the JSON file generated

7. Note down the Service Account email ID. 

Note down the Google Project Name, Service Account Email ID, JSON file generated in the previous steps to register the Google Cloud Account in gopaddle.

Registering a Google Account in gopaddle

  1. In the gopaddle UI, navigate to the Settings option in the top navigation bar.

  2. Select the Cloud option.

  3. In the Cloud page, choose the Cloud Accounts tab.

  4. Click on Create to register the Google Cloud Account.

  5. In the account registration wizard, choose the Provider as Google.

  6. Provide the Service Account Email ID, and upload the Service Account JSON Key file.

  7. Click on Create to register the Google Cloud Account.

Did this answer your question?