Cloud Providers /
Add your Google Cloud Platform account to Northflank
To add a new cloud provider integration navigate to the clusters page in your account settings.
You can add credentials when creating a new cluster, or create a new integration on its own. In both cases you will be able to use the saved credentials to create new clusters in the future.
You must have sufficient resource quotas available on your cloud platform to deploy a cluster using Northflank.
You can use Northflank with an existing Google Cloud Platform project, or create a new one.
Project setup
- Open your GCP console and create a new project, or select an existing one.
- Ensure billing is enabled
- Enable the Kubernetes Engine API and Cloud Resource Manager API
Required permissions
It is recommended that you create a new service account to integrate with Northflank.
- Navigate to the service accounts page in IAM and admin in your project
- Create a new service account:
- Add a name and description, click create and continue
- Add roles with the required permissions, listed below
- Select the new service account and go to the keys page. Create a new key and download the key file with the type
JSON
roles/iam.serviceAccountUser
(Service Account User) and roles/container.admin
(Kubernetes Engine Admin) contain all the required permissions to integrate your GCP account.iam.serviceAccounts.actAs
iam.serviceAccounts.get
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.create
container.clusters.delete
container.clusters.get
container.clusters.getCredentials
container.clusters.list
container.clusters.update
container.configMaps.create
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.customResourceDefinitions.create
container.customResourceDefinitions.get
container.customResourceDefinitions.update
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.list
container.daemonSets.update
container.deployments.create
container.deployments.get
container.deployments.list
container.deployments.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.get
container.namespaces.update
container.networkPolicies.create
container.networkPolicies.get
container.networkPolicies.update
container.nodes.list
container.operations.list
container.persistentVolumeClaims.list
container.podDisruptionBudgets.create
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.pods.list
container.pods.proxy
container.podSecurityPolicies.create
container.podSecurityPolicies.get
container.podSecurityPolicies.update
container.replicaSets.list
container.resourceQuotas.create
container.resourceQuotas.get
container.resourceQuotas.update
container.roleBindings.create
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.list
container.secrets.create
container.secrets.get
container.secrets.list
container.secrets.update
container.serviceAccounts.create
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.get
container.services.list
container.services.update
container.statefulSets.create
container.statefulSets.get
container.storageClasses.create
container.storageClasses.get
container.storageClasses.update
container.thirdPartyObjects.create
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.update
- Navigate to your Northflank account settings and open the clusters page
- Create a new integration, or create a new cluster and select new credentials . Select Google Cloud Platform as the provider.
- Copy and paste the contents of your
keyfile.json
- Create the integration or continue configuring your new cluster. Your credentials will be saved as a new integration when you create the new cluster.
You can edit the integration at any time to update the keyfile.json
and Google project ID, if required. If you change the Google project while there are still Northflank clusters on it, you will be unable to manage those clusters and deleting them via Google may leave orphaned resources.
note