This topic describes the steps required to create service accounts for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on Google Cloud Platform (GCP).

Note: Support for GCP is deprecated and will be entirely removed in TKGI v1.19.



Overview

In order for Kubernetes to create load balancers and attach persistent disks to pods, you must create service accounts with sufficient permissions.

Note: VMware recommends configuring each service account with the least permissive privileges and unique credentials.

You must create separate service accounts for Kubernetes cluster control plane and worker node VMs:



Create the Control Plane Node Service Account

To create a service account for the control plane nodes:

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the following roles:
    • Compute Engine
      • Compute Instance Admin (v1)
      • Compute Network Admin
      • Compute Security Admin
      • Compute Storage Admin
      • Compute Viewer
    • Service Accounts
      • Service Account User
  4. Click Create.



Create the Worker Node Service Account

To create a service account for worker nodes:

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the Compute Engine > Compute Viewer role.
  4. Click Create.



Next Installation Step

To create a load balancer in GCP, follow the instructions in Creating a GCP Load Balancer for the TKGI API.

check-circle-line exclamation-circle-line close-line
Scroll to top icon