v1
ApplicationAPI & CLI

On this page

Cloud Providers /

Google Cloud Platform: add your account to Northflank

To add your Google Cloud Platform account to Northflank, navigate to the clusters page in your account settings and create a new integration.

Click here to create a new GCP integration.

You must have sufficient resource quotas available in your GCP account to deploy a cluster using Northflank.

Select or create your Google Cloud Platform project

You can use Northflank with an existing Google Cloud Platform project, or create a new one.

New GCP project setup

  1. Open your GCP console and create a new project, or select an existing one.
  2. Ensure billing is enabled
  3. Enable the Kubernetes Engine API and Cloud Resource Manager API

Required permissions to integrate your Google Cloud Platform account

The standard Google roles roles/iam.serviceAccountUser (Service Account User) and roles/container.admin (Kubernetes Engine Admin) contain all the required permissions to integrate your GCP account.

  • iam.serviceAccounts.actAs
  • iam.serviceAccounts.get
  • container.clusterRoleBindings.create
  • container.clusterRoleBindings.delete
  • container.clusterRoleBindings.get
  • container.clusterRoleBindings.list
  • container.clusterRoleBindings.update
  • container.clusterRoles.bind
  • container.clusterRoles.create
  • container.clusterRoles.escalate
  • container.clusterRoles.get
  • container.clusterRoles.list
  • container.clusterRoles.update
  • container.clusters.create
  • container.clusters.delete
  • container.clusters.get
  • container.clusters.getCredentials
  • container.clusters.list
  • container.clusters.update
  • container.configMaps.create
  • container.configMaps.get
  • container.configMaps.list
  • container.configMaps.update
  • container.customResourceDefinitions.create
  • container.customResourceDefinitions.get
  • container.customResourceDefinitions.update
  • container.daemonSets.create
  • container.daemonSets.delete
  • container.daemonSets.get
  • container.daemonSets.list
  • container.daemonSets.update
  • container.deployments.create
  • container.deployments.get
  • container.deployments.list
  • container.deployments.update
  • container.horizontalPodAutoscalers.create
  • container.horizontalPodAutoscalers.list
  • container.horizontalPodAutoscalers.update
  • container.mutatingWebhookConfigurations.create
  • container.mutatingWebhookConfigurations.list
  • container.mutatingWebhookConfigurations.update
  • container.namespaces.create
  • container.namespaces.get
  • container.namespaces.update
  • container.networkPolicies.create
  • container.networkPolicies.get
  • container.networkPolicies.update
  • container.nodes.list
  • container.operations.list
  • container.persistentVolumeClaims.list
  • container.podDisruptionBudgets.create
  • container.podDisruptionBudgets.list
  • container.podDisruptionBudgets.update
  • container.pods.list
  • container.pods.proxy
  • container.podSecurityPolicies.create
  • container.podSecurityPolicies.get
  • container.podSecurityPolicies.update
  • container.replicaSets.list
  • container.resourceQuotas.create
  • container.resourceQuotas.get
  • container.resourceQuotas.update
  • container.roleBindings.create
  • container.roleBindings.get
  • container.roleBindings.list
  • container.roleBindings.update
  • container.roles.bind
  • container.roles.create
  • container.roles.escalate
  • container.roles.get
  • container.roles.list
  • container.roles.update
  • container.runtimeClasses.list
  • container.secrets.create
  • container.secrets.get
  • container.secrets.list
  • container.secrets.update
  • container.serviceAccounts.create
  • container.serviceAccounts.delete
  • container.serviceAccounts.get
  • container.serviceAccounts.list
  • container.serviceAccounts.update
  • container.services.create
  • container.services.get
  • container.services.list
  • container.services.update
  • container.statefulSets.create
  • container.statefulSets.get
  • container.storageClasses.create
  • container.storageClasses.get
  • container.storageClasses.update
  • container.thirdPartyObjects.create
  • container.thirdPartyObjects.get
  • container.thirdPartyObjects.list
  • container.thirdPartyObjects.update
  • container.validatingWebhookConfigurations.create
  • container.validatingWebhookConfigurations.get
  • container.validatingWebhookConfigurations.list
  • container.validatingWebhookConfigurations.update
  • container.volumeSnapshotClasses.create
  • container.volumeSnapshotClasses.get
  • container.volumeSnapshotClasses.update

Add your Google Cloud Platform account with a cross-project service account

You can integrate your Google Cloud Platform account using a cross-project service account. When you create your integration Northflank will make a new service account in Google Cloud Platform for you, which you can grant access to your GCP project.

  1. Navigate to your Northflank account settings and open the clusters page
  2. Create a new cloud provider integration and select Google Cloud Platform as the provider
  3. Name the integration, enter your Google Project ID , and click create
  4. Copy the Northflank service account email from the credentials section
  5. Go to the IAM page in your GCP console
  6. Click Grant Access and add the Northflank service account email as a principal
  7. Select Service Account User and Kubernetes Engine Admin as roles, or add roles with the equivalent permissions
  8. Save and return to Northflank to verify the permissions

Add your Google Cloud Platform account with a service key

You can add your account to Northflank by providing the service key for an IAM user with the required permissions. This is a legacy method, it is recommended that you instead integrate using a cross-project service account.

It is recommended that you create a new service account to integrate with Northflank.

  1. Navigate to the service accounts page in IAM and admin in your Google Cloud Platform project
  2. Create a new service account:
    1. Add a name and description, click create and continue
    2. Add roles with the required permissions
    3. Select the new service account and go to the keys page. Create a new key and download the key file with the type JSON
  3. Navigate to your Northflank account settings and open the clusters page
  4. Create a new cloud provider integration and select Google Cloud Platform as the provider
  5. Copy and paste the contents of your keyfile.json and create the integration

You can now configure and deploy new clusters in your GCP account.

You can edit the integration at any time to update the keyfile.json and Google project ID, if required. If you change the Google project while there are still Northflank clusters on it, you will be unable to manage those clusters and deleting them via Google may leave orphaned resources.

note

If you have recently added or changed permissions for your service user account they may take some time to propagate throughout Google.

Next steps

Create a Kubernetes cluster

Create a new Northflank-managed cluster on a cloud provider.

Manage your Kubernetes cluster

Manage your clusters on other cloud providers using Northflank.

© 2024 Northflank Ltd. All rights reserved.

northflank.comTermsPrivacyfeedback@northflank.com