forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gcp-service-accounts.html.md.erb
38 lines (29 loc) · 1.45 KB
/
gcp-service-accounts.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
---
title: Creating Service Accounts in GCP for Enterprise PKS
owner: Ops Manager
---
<strong><%= modified_date %></strong>
This topic describes the steps required to create service accounts for <%= vars.product_full %> on Google Cloud Platform (GCP).
In order for Kubernetes to create load balancers and attach persistent disks to pods, you must create service accounts with sufficient permissions.
You need separate service accounts for Kubernetes cluster master and worker node VMs.
<%= vars.vm_credentials %>
## <a id='create-master'></a>Create the Master Node Service Account
1. From the GCP Console, select **IAM & admin > Service accounts**.
1. Click **Create Service Account**.
1. Enter a name for the service account, and add the following roles:
* **Compute Engine**
* **Compute Instance Admin (v1)**
* **Compute Network Admin**
* **Compute Security Admin**
* **Compute Storage Admin**
* **Compute Viewer**
* **Service Accounts**
* **Service Account User**
1. Click **Create**.
## <a id='create-worker'></a>Create the Worker Node Service Account
1. From the GCP Console, select **IAM & admin > Service accounts**.
1. Click **Create Service Account**.
1. Enter a name for the service account, and add the **Compute Engine > Compute Viewer** role.
1. Click **Create**.
After you create both service accounts for Kubernetes, follow the procedures in
[Installing <%= vars.product_short %> on GCP](./installing-pks-gcp.html).