Add your cloud account to Northflank

To add a new cloud provider integration navigate to the clusters page in your account settings.

You can add credentials when creating a new cluster, or create a new integration on its own. In both cases you will be able to use the saved credentials to create new clusters in the future.

You must select a cloud provider plan before you can integrate your account. You must have sufficient resource quotas available on your cloud platform to deploy a cluster using Northflank.

You can use Northflank with an existing Google Cloud Platform project, or create a new one. It is recommended that you create a new service account to integrate with Northflank:

1. Open your GCP console and create a new project, or select an existing one.
2. Ensure billing is enabled and enable the Kubernetes Engine API and Cloud Resource Manager API in your project
3. Navigate to IAM and admin in your project and open the service accounts page
4. Create a new service account:
   1. Add a name and description, click create and continue
   2. Add roles with the required permissions: the standard Google roles service account user and Kubernetes engine admin contain all the required permissions
   3. Select the new service account and go to the keys page. Create a new key and download the keyfile.json
5. Navigate to your Northflank account settings and open the clusters page
6. Create a new integration, or create a new cluster and select new credentials . Select Google Cloud Platform as the provider.
7. Copy and paste the contents of your keyfile.json
8. Create the integration or continue configuring your new cluster. Your credentials will be saved as a new integration when you create the new cluster.

You can edit the integration at any time to update the keyfile.json and Google project ID, if required. If you change the Google project while there are still Northflank clusters on it, you will be unable to manage those clusters and deleting them via Google may leave orphaned resources.

It is recommended that you create a new IAM user group and user to integrate with Northflank:

1. Navigate to your Northflank account settings and open the clusters page
2. Create a new integration, or create a new cluster and select new credentials . Select Amazon Web Services as the provider.
3. Open your AWS IAM console , open the users page and add a new user (without console access)
4. In the new user click add permissions and select create inline policy, and add the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": "*",
            "Action": [
                "autoscaling:*",
                "ec2:*",
                "ecr:*",
                "eks:*",
                "iam:*",
                "kms:*"
            ]
        }
    ]
}

5. Open security credentials in your new user and click create access key. Select the Application running outside AWS use case and click next. Enter a description that will help you recognise your key (e.g. Northflank BYOC) and create access key.
6. Enter the access key and secret key for the user you created into the Northflank integration form
7. Create the integration or continue configuring your new cluster. Your credentials will be saved as a new integration when you create the new cluster.

You can edit the integration at any time to update the secrets, if required. If the new secrets do not have permission to manage existing clusters, you will be unable to edit those clusters and deleting them via AWS may leave orphaned resources.

It is recommended that you create a new Azure Active Directory application to integrate with Northflank:

1. Navigate to your Northflank account settings and open the clusters page
2. Create a new integration, or create a new cluster and select new credentials . Select Azure as the provider.
3. Open Azure Portal and navigate to Azure Active Directory
4. Register a new application with Azure AD from the add menu, or from the app registrations page. Copy the the directory (tenant) ID and the application (client) ID to the Northflank form.
5. In your new application click the link for managed application in local directory (your application's name) and copy the application's object ID from properties to Northflank.
6. Go back to your application overview and open the certificates and secrets page. Create a new client secret, and copy the secret value (not the secret ID) to Northflank.
7. Navigate to subscriptions and select an existing subscription, or create a new one. For security, the subscription you use with Northflank should have only the necessary permissions allocated to it.
8. Open access control (IAM) and add a new role assignment to the subscription. Select the contributor role from privileged administrator roles, and then add your Active Directory application as a member.
9. Open resource providers in your subscription, search for and select the provider Microsoft.ContainerService. Click register to add the provider to the subscription.
10. Copy the subscription ID to Northflank
11. Create the integration or continue configuring your new cluster. Your credentials will be saved as a new integration when you create the new cluster.

You can edit the integration at any time to update the secrets, if required. If the new secrets do not have permission to manage existing clusters, you will be unable to edit those clusters and deleting them via Azure Active Directory may leave orphaned resources.

1. Navigate to your Northflank account settings and open the clusters page
2. Create a new integration, or create a new cluster and select new credentials . Select Civo as the provider.
3. Open your Civo dashboard and navigate to the security page in your profile, under settings
4. Copy your Civo API key into the Northflank integration form
5. Create the integration or continue configuring your new cluster. Your credentials will be saved as a new integration when you create the new cluster.

You can edit the integration at any time to update the API key, if required. You should not install any applications from the Civo marketplace to Northflank-managed clusters.