メインコンテンツまでスキップ
バージョン: User Guides (BYOC)

Create GKE Service Account

This page describes how to create and configure a service account for Zilliz Cloud to deploy a Google Kubernetes Engine (GKE) cluster for your Zilliz Cloud project.

📘Notes

Zilliz BYOC is currently available in General Availability. For access and implementation details, please contact Zilliz Cloud sales.

Procedure

You can use the Google Cloud Platform (GCP) dashboard to create the EKS role. Alternatively, you can use the Terraform script Zilliz Cloud provides to bootstrap the infrastructure for your Zilliz Cloud project on GCP. For details, refer to Terraform Provider.

Step 1: Create a service account

In this step, you will create a service account for Zilliz Cloud to manage GKE clusters on your behalf and paste the service account email address back to Zilliz Cloud console.

The steps for creating a service account are as follows:

  1. On the GCP console, find and click IAM & Admin.

  2. Choose Service Accounts on the left navigation pane.

  3. Click Create service account.

  4. Set a proper name for the service account to create.

    In this demo, you can set it to your-org-gke-node-sa. The service account ID should be the first 18 characters of the service account name. You can manually set it to a proper value.

  5. Click Create and continue.

  6. Keep the default settings for Permissions and Principals.

  7. Click Done.

Step 2: Grant permissions

In this step, you will grant permissions for the GKE service account created above by associating it with a GCP-managed IAM role.

The steps for granting permissions to the GKE service account are as follows:

  1. On the GCP console, find and click IAM & Admin.

  2. On the IAM page, click Grant access.

  3. Select the GKE service account created in the previous step in the Grant access pane that moves inward.

  4. Select Kubernetes Engine Default Node Service Account from the Select a role drop-down list.

  5. Click Add IAM condition, set the condition title, and enter the condition expression into the Condition editor. The condition is as follows:

    resource.name.startsWith("projects/PROJECT_ID/locations/REGION/clusters/CLUSTER_NAME")
    📘Notes

    You need to replace the three placeholders in the above expression with actual values:

    • PROJECT_ID

    This should be your GCP project ID.

    • REGION

    This should be the cloud region of your BYOC project.

    • CLUSTER_NAME

    This should be the name of the GKE cluster that Zilliz Cloud will create on your behalf.

  6. Click Save.

  7. Cilck Save again to grant the configured permissions.