v1
ApplicationAPI & CLI

On this page

Cloud Providers /

Google Cloud Platform on Northflank

You can integrate your Google Cloud Platform account to create and manage clusters using Northflank.

To add your GCP account navigate to the clusters page in your account settings and create a new integration.

Click here to create a new GCP integration.

You can create an integration using a cross-project service account (recommended), or using a service key (legacy method).

After integrating your account, you can create a new cluster.

Select or create your GCP project

You can use Northflank with an existing Google Cloud Platform project, or create a new one.

New GCP project setup

  1. Open your GCP console and create a new project, or select an existing one.
  2. Ensure billing is enabled
  3. Enable the Kubernetes Engine API and Cloud Resource Manager API

Required permissions

The standard Google roles roles/iam.serviceAccountUser (Service Account User) and roles/container.admin (Kubernetes Engine Admin) contain all the required permissions to integrate your GCP account.

  • iam.serviceAccounts.actAs
  • iam.serviceAccounts.get
  • container.clusterRoleBindings.create
  • container.clusterRoleBindings.delete
  • container.clusterRoleBindings.get
  • container.clusterRoleBindings.list
  • container.clusterRoleBindings.update
  • container.clusterRoles.bind
  • container.clusterRoles.create
  • container.clusterRoles.escalate
  • container.clusterRoles.get
  • container.clusterRoles.list
  • container.clusterRoles.update
  • container.clusters.create
  • container.clusters.delete
  • container.clusters.get
  • container.clusters.getCredentials
  • container.clusters.list
  • container.clusters.update
  • container.configMaps.create
  • container.configMaps.get
  • container.configMaps.list
  • container.configMaps.update
  • container.customResourceDefinitions.create
  • container.customResourceDefinitions.get
  • container.customResourceDefinitions.update
  • container.daemonSets.create
  • container.daemonSets.delete
  • container.daemonSets.get
  • container.daemonSets.list
  • container.daemonSets.update
  • container.deployments.create
  • container.deployments.get
  • container.deployments.list
  • container.deployments.update
  • container.horizontalPodAutoscalers.create
  • container.horizontalPodAutoscalers.list
  • container.horizontalPodAutoscalers.update
  • container.mutatingWebhookConfigurations.create
  • container.mutatingWebhookConfigurations.list
  • container.mutatingWebhookConfigurations.update
  • container.namespaces.create
  • container.namespaces.get
  • container.namespaces.update
  • container.networkPolicies.create
  • container.networkPolicies.get
  • container.networkPolicies.update
  • container.nodes.list
  • container.operations.list
  • container.persistentVolumeClaims.list
  • container.podDisruptionBudgets.create
  • container.podDisruptionBudgets.list
  • container.podDisruptionBudgets.update
  • container.pods.list
  • container.pods.proxy
  • container.podSecurityPolicies.create
  • container.podSecurityPolicies.get
  • container.podSecurityPolicies.update
  • container.replicaSets.list
  • container.resourceQuotas.create
  • container.resourceQuotas.get
  • container.resourceQuotas.update
  • container.roleBindings.create
  • container.roleBindings.get
  • container.roleBindings.list
  • container.roleBindings.update
  • container.roles.bind
  • container.roles.create
  • container.roles.escalate
  • container.roles.get
  • container.roles.list
  • container.roles.update
  • container.runtimeClasses.list
  • container.secrets.create
  • container.secrets.get
  • container.secrets.list
  • container.secrets.update
  • container.serviceAccounts.create
  • container.serviceAccounts.delete
  • container.serviceAccounts.get
  • container.serviceAccounts.list
  • container.serviceAccounts.update
  • container.services.create
  • container.services.get
  • container.services.list
  • container.services.update
  • container.statefulSets.create
  • container.statefulSets.get
  • container.storageClasses.create
  • container.storageClasses.get
  • container.storageClasses.update
  • container.thirdPartyObjects.create
  • container.thirdPartyObjects.get
  • container.thirdPartyObjects.list
  • container.thirdPartyObjects.update
  • container.validatingWebhookConfigurations.create
  • container.validatingWebhookConfigurations.get
  • container.validatingWebhookConfigurations.list
  • container.validatingWebhookConfigurations.update
  • container.volumeSnapshotClasses.create
  • container.volumeSnapshotClasses.get
  • container.volumeSnapshotClasses.update

Add your account with a cross-project service account

You can integrate your Google Cloud Platform account using a cross-project service account. Northflank will create a new service account in Google Cloud Platform which you can then grant access to your GCP project.

Requirements

You will need the following to get started:

  1. Navigate to your Northflank account settings and open the clusters page
  2. Create a new cloud provider integration and select Google Cloud Platform as the provider
  3. Name the integration, enter your Google Project ID , and click create
  4. Copy the Northflank service account email from the credentials section
  5. Go to the IAM page in your GCP console
  6. Click Grant Access and add the Northflank service account email as a principal
  7. Select Service Account User and Kubernetes Engine Admin as roles, or add roles with the equivalent permissions
  8. Save and return to Northflank to verify the permissions

Add your account with a service key

You can add your account to Northflank by providing the service key for an IAM user. This is a legacy method, it is recommended that you instead integrate using a cross-project service account.

Requirements

You will need the following to get started:

You should create a new service account to integrate with Northflank using a service key.

  1. Navigate to the service accounts page in IAM and admin in your Google Cloud Platform project
  2. Create a new service account:
    1. Add a name and description, click create and continue
    2. Add roles with the required permissions
    3. Select the new service account and go to the keys page. Create a new key and download the key file with the type JSON
  3. Navigate to your Northflank account settings and open the clusters page
  4. Create a new cloud provider integration and select Google Cloud Platform as the provider
  5. Copy and paste the contents of your keyfile.json and create the integration

You can now configure and deploy new clusters in your GCP account.

You can edit the integration at any time to update the keyfile.json and Google project ID, if required. If you change the Google project while there are still Northflank clusters on it, you will be unable to manage those clusters and deleting them via Google may leave orphaned resources.

note

If you have recently added or changed permissions for your service user account they may take some time to propagate throughout Google.

Check your quotas

To successfully deploy a cluster on GCP using Northflank you must have the required resources available to your account for your desired region.

Check the node types you wish to deploy and ensure your account has sufficient quotas for your required node type, vCPU, and disk type for your desired regions.

You can manage your Google quota settings from your quotas page on the IAM and admin page of your Google Cloud project. You can filter the list by resource and region.

For example, to increase the number of node pools you can deploy on Google Cloud using the n2-standard-4 node type in the region europe-west2, filter the quota list with region:europe-west2 and n2_cpus, select the quota from the list, and click edit quotas.

Create a cluster

To add a new cluster, navigate to the clusters page in your account settings and click create cluster.

Click here to create a new GCP cluster.
Create a new cluster in the Northflank application

Enter a name for the cluster and select GCP as the cloud provider. Choose your integration credentials and select the region to deploy in.

The Google project ID field will be automatically filled based on the provided credentials.

Configure node pools

You can now configure the node pools for your cluster. Node pools can also be added, deleted, and updated after creating your cluster. Click add node pool to add another pool.

Minimum cluster requirements

Each cluster requires at least one node pool, and a combined minimum of 4 vCPU and 8GB memory across all node pools.

See deploy and scale node pools for more information on configuring nodes and node pools.

Configure advanced options

After adding your initial node pools you can configure advanced options for the cluster, such as build infrastructure and resource request modifiers.

When you create the cluster Northflank will begin installing system components in node pools according to their capacity. This may take up to 20 minutes.

Deploy to private nodes

GCP currently provides no way to provision private nodes. All nodes on GCP clusters will have public internet ingress and egress available.

Next steps

Configure your Kubernetes cluster

Manage your clusters on other cloud providers using Northflank.

Deploy node pools

Configure and deploy node pools on a Kubernetes cluster with Northflank.

Deploy workloads to your cluster

Deploy services, jobs, and addons to your own cluster, and configure workloads to schedule on specific node pools.

Deploy workloads to GPU instances

Create GPU-enabled node pools and deploy your AI, machine learning, and HPC workloads in your own cloud account.

© 2024 Northflank Ltd. All rights reserved.

northflank.comTermsPrivacyfeedback@northflank.com