This task explains how to use a service account to authenticate and authorize the NSX Advanced Load Balancer.

To create a service account:

Prerequisites

NSX Advanced Load Balancer needs a GCP service account to authenticate and authorize access to GCP APIs. The service account can be created in any GCP Project.

Procedure

  1. From the Google Cloud Console, select the required project.
  2. Navigate to IAM & admin > Service Accounts and click CREATE SERVICE ACCOUNT.
  3. The service account details can be provided to the Controller using either one of the following ways:
    1. Providing just the service account email ID.
      Note:
      • In this case, the service account has to be attached to the Controller virtual machine in GCP. This is done while creating the Controller.

      • This option works only when the Controller virtual machine is running inside GCP.

    2. Adding the service account JSON key to the NSX Advanced Load Balancer cloud.
      Note:
      • This option can be used irrespective of where the Controller is running (inside GCP or outside).

      • The service account JSON key has to be specified in NSX Advanced Load Balancer while creating GCP Cloud in the Controller.

      To create the JSON key, see JSON Key.

      The private key is created and downloaded to your computer.

  4. The same service account has to be added in all the GCP projects as mentioned in GCP Project Selection.

    Add this service account as a member with the required GCP role in the required project. For instance, add this service account as a member in the network project and grant it the NSX Advanced Load Balancer role.

    Refer to Roles and Permissions (GCP Full Access) to know how to create roles with the required permissions in projects as per the deployment topology.