Set up Google Cloud NetApp Volumes
BlueXP needs the right permissions through a Google Cloud service account.
Complete the following tasks so that BlueXP can access your Google Cloud project:
-
If you do not already have an existing service account, create a new one.
-
Add the service account member to your project and assign it specific roles (permissions).
-
Create and download a key pair for the service account that is used to authenticate to Google.
-
Grant the IAM role in the shared project.
Set up a service account
-
In the Google Cloud console, go to the Service accounts page.
-
Click Select a project, choose your project, and click Open.
-
(Optional) To create a service account, do the following:
-
Click Create service account.
-
Enter the service account name (friendly display name) and description.
The Cloud Console generates a service account ID based on this name. Edit the ID if necessary - you cannot change the ID later.
-
To set access controls now, click Create and then DONE from the bottom of the page, and continue to the next step.
-
Create and download a key pair
-
Click the Service Account name, and then from the Service account details page, click Add key > Create new key.
-
Select JSON as the key type and click Create.
By clicking Create your new public/private key pair is generated and downloaded to your system. It serves as the only copy of the private key. Store this file securely because it can be used to authenticate as your service account.
Add the service account member
-
In the IAM page click Add and fill out the fields in the Add Members page:
-
In the New Members field, enter the full service account ID.
For example: user1-service-account-gcnv@project1.iam.gserviceaccount.com
-
Add one of these roles:
-
Google Cloud NetApp Volumes Admin
OR -
Google Cloud NetApp Volumes Viewer
-
-
-
Click Save.
Create a shared VPC
In each additional GCP project that will use the service account, do the following:
-
In the IAM page, select the Shared VPC host project from the project dropdown menu.
-
Click Add Principal.
-
In the New principals field, enter the email address of your service account.
-
From the Select a role dropdown, choose the Google Cloud NetApp Volumes admin role.
-
Click Save.
For detailed steps, refer to the Google Cloud documentation: