Creating Access for Temperstack in GCP
Following are the steps to access GCP credentials to Integrate with Temperstack
Create a new project under your organization(say
temperstack-integration
)Enable Cloud Monitoring API on
temperstack-integration
projectRun the command below in Cloud Shell to set the project to
temperstack-integration
(newly created project)gcloud config set project temperstack-integration
Run the command below in Cloud Shell enable cloud API need by temperstack
gcloud services enable \ sqladmin.googleapis.com \ sql-component.googleapis.com \ compute.googleapis.com \ run.googleapis.com \ dataflow.googleapis.com \ pubsub.googleapis.com \ redis.googleapis.com \ memcache.googleapis.com \ cloudfunctions.googleapis.com \ container.googleapis.com \ monitoring.googleapis.com
Open Cloud Shell on the GCP Console and create a YAML file.
Note: Ensure the shell is not attached to any project, as the role must be created at the organization level. Use the command below to unset the project.
gcloud config unset project
Create a YAML file called
temperstack.yaml
vi temperstack.yaml
Paste the contents below into that file
title: Temperstack_Custom_Role description: Custom_Role_for_Temperstack stage: GA includedPermissions: - cloudsql.instances.list - cloudsql.instances.get - compute.instances.list - compute.instances.get - compute.instanceGroupManagers.get - compute.instanceGroupManagers.list - compute.instanceGroups.get - compute.instanceGroups.list - run.executions.get - run.executions.list - run.jobs.get - run.jobs.list - run.services.get - run.services.list - run.tasks.get - run.tasks.list - memcache.instances.get - memcache.instances.list - redis.instances.get - redis.instances.list - cloudfunctions.functions.get - cloudfunctions.functions.list - container.apiServices.get - container.apiServices.list - container.clusters.get - container.clusters.list - container.deployments.get - container.deployments.list - container.namespaces.get - container.namespaces.list - container.nodes.get - container.nodes.list - container.pods.get - container.pods.list - container.nodes.get - container.nodes.list - bigtable.instances.get - bigtable.instances.list - bigtable.tables.get - bigtable.tables.list - bigtable.clusters.get - bigtable.clusters.list - storage.buckets.get - storage.buckets.list - storage.objects.get - storage.objects.list - pubsub.topics.get - pubsub.topics.list - pubsub.subscriptions.get - pubsub.subscriptions.list - cloudbuild.builds.get - cloudbuild.builds.list - dataflow.jobs.get - dataflow.jobs.list - monitoring.alertPolicies.get - monitoring.alertPolicies.list - monitoring.alertPolicies.create - monitoring.alertPolicies.update - monitoring.notificationChannelDescriptors.get - monitoring.notificationChannelDescriptors.list - monitoring.notificationChannels.create - monitoring.notificationChannels.get - monitoring.notificationChannels.list - monitoring.notificationChannels.update - monitoring.notificationChannels.verify - monitoring.notificationChannels.sendVerificationCode - spanner.instances.get - spanner.instances.list - spanner.instances.update - cloudnotifications.activities.list - monitoring.dashboards.get - monitoring.dashboards.list - monitoring.dashboards.create - monitoring.groups.create - monitoring.groups.get - monitoring.groups.list - monitoring.metricDescriptors.get - monitoring.metricDescriptors.list - monitoring.metricDescriptors.create - monitoring.notificationChannelDescriptors.get - monitoring.notificationChannelDescriptors.list - monitoring.monitoredResourceDescriptors.get - monitoring.monitoredResourceDescriptors.list - monitoring.notificationChannels.create - monitoring.notificationChannels.get - monitoring.notificationChannels.list - monitoring.notificationChannels.sendVerificationCode - monitoring.notificationChannels.update - monitoring.notificationChannels.verify - monitoring.services.get - monitoring.services.list - redis.clusters.get - redis.clusters.list - redis.clusters.update
Get
YOUR_ORG_ID
(used in the next step), by running the following command on Cloud Shellgcloud organizations list
To create the role, run the following command. Note: The current shell user must have the role Organization Role Administrator permission.
gcloud iam roles create temperstack_custom_role --organization=YOUR_ORG_ID --file=temperstack.yaml
Create and Assign a Service Account
Switch to
temperstack-integration
on GCP Console.Search for Service Accounts and got to Service Account - IAM & Admin
Click on Create Service Account.
Enter the Service Account Name (say temperstack-service-account).
Add a description
Click on Continue.
Search for
temperstack_custom_role
and assign it to the service account.Click on Done(Service Account User Role is not required).
Create a key for the service account.
Copy the JSON service account information into the Service Account Information field.
For each project being integrated with Temperstack.
Adding GCP Project IDs for intergration with Temperstack
Identify the projects that need to be integrated with Temperstack.
Add the Project IDs to GCP Project IDs field.(comma separated)
Go to IAM and Admin in the GCP Console.
Click on the Grant Access button.
Enter the Service Account ID as the Principal.
Assign the custom role
temperstack_custom_role
.Click on Save.
Last updated