LATEST VERSION: v1.3 - RELEASE NOTES
Pivotal Container Service v1.2

Creating Service Accounts in GCP for PKS

Page last updated:

This topic describes the steps required to create service accounts for Pivotal Container Service (PKS) on Google Cloud Platform (GCP).

In order for Kubernetes to create load balancers and attach persistent disks to pods, you must create service accounts with sufficient permissions.

You need separate service accounts for Kubernetes cluster master and worker node VMs. Pivotal recommends configuring each service account with the least permissive privileges and unique credentials.

Create the Master Node Service Account

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the following roles:
    • Compute Engine
      • Compute Instance Admin (v1)
      • Compute Network Admin
      • Compute Security Admin
      • Compute Storage Admin
      • Compute Viewer
    • Service Accounts
      • Service Account User
  4. Click Create.

Create the Worker Node Service Account

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the Compute Engine > Compute Viewer role.
  4. Click Create.

After you create both service accounts for Kubernetes, follow the procedures in Installing PKS on GCP.


Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub