This topic describes the steps required to create service accounts for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on Google Cloud Platform (GCP).

Note: Support for GCP is deprecated and will be entirely removed in a future TKGI version.



Overview

In order for Kubernetes to create load balancers and attach persistent disks to pods, you must create service accounts with sufficient permissions.

Note: VMware recommends configuring each service account with the least permissive privileges and unique credentials.

You must create separate service accounts for Kubernetes cluster control plane and worker node VMs:



Create the Control Plane Node Service Account

To create a service account for the control plane nodes:

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the following roles:
    • Compute Engine
      • Compute Instance Admin (v1)
      • Compute Network Admin
      • Compute Security Admin
      • Compute Storage Admin
      • Compute Viewer
    • Service Accounts
      • Service Account User
  4. Click Create.



Create the Worker Node Service Account

To create a service account for worker nodes:

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the Compute Engine > Compute Viewer role.
  4. Click Create.



Next Installation Step

To create a load balancer in GCP, follow the instructions in Creating a GCP Load Balancer for the TKGI API.

check-circle-line exclamation-circle-line close-line
Scroll to top icon