Version: 0.7

GCP Shared Projects

A Google Cloud Platform projectin Kore is accessed by way of a service account permissioned to the project you wish to use.

Add Service Account to GCP#

Kore will access GCP using a service account. To create one, use the GCP console, navigate to 'IAM & Admin' in the GCP project you wish to use. Choose 'Service Accounts' then 'Create service account'. Give it a name (e.g. 'kore-project-admin'), and ensure it has roles granting the following permissions on the project:

  • container.clusterRoleBindings.create
  • container.clusterRoleBindings.get
  • container.clusterRoles.bind
  • container.clusterRoles.create
  • container.clusters.create
  • container.clusters.delete
  • container.clusters.getCredentials
  • container.clusters.list
  • container.operations.get
  • container.operations.list
  • container.podSecurityPolicies.create
  • container.secrets.get
  • container.serviceAccounts.create
  • container.serviceAccounts.get
  • iam.serviceAccounts.actAs
  • iam.serviceAccounts.get
  • iam.serviceAccounts.list
  • resourcemanager.projects.get

Once created, select the service account and choose 'Add key', generating a key in JSON format.

warning

Take care with this file, it contains the secret values required to act as this service account. You must give this information to Kore (see below), after which we recommend removing any local copy of the file. Do not share or store this file once it has been given to Kore - you can always add a new key if you need to re-enter this information into Kore later.

Configuring GCP Project in Kore#

To configure using the UI, enter the Admin section and choose Configure > Cloud > Google Cloud Platform > Shared Projects. Select + Add shared project (for team infrastructure).

To configure using the CLI, use kore create cloudcredentials to add the key for the service account created above then kore create cloudaccount to add the GCP project.