Integrations

Connect a GCP account

6min

Microtica enables seamless infrastructure provisioning directly within your Google Cloud Platform (GCP) account. To facilitate this, it is essential to link your Google Cloud account to Microtica and provide it with the necessary access permissions. This connection allows Microtica to efficiently manage cloud resources on your behalf.

The authentication process involves Microtica impersonating a service account that you create specifically for this purpose.

1. Create a service account

  • Go to Service Accounts in the GCP Console and choose
  • Enter service account name

  • Click on Create and continue

    Document image
    
  • Skip steps 2 and 3
  • Click on Done

2. Grant impersonation access to Microtica’s service account

  • Go to Service Accounts in the GCP Console
  • Click on the service account you created in Step 1
  • Choose Permissions
  • Choose Grant access
  • Add microtica-cross-account@marine-compass-268014.iam.gserviceaccount.com in the principle field and choose Service Account Token Creator role
  • Click Save

I usually takes 3-5 minutes for these changes to be propagated. When connecting your Google Cloud in Microtica (step 4) it may show an error if the changes are still not propagated.

3. Grant permissions

  • Go to IAM in the GCP Console
  • Click on Grant access
  • In New principals, add the service account you created in Step 1
  • Choose the roles you wish to grant to Microtica. For a standard Kubernetes setup you should assign the following roles:
    • Compute Network Admin
    • Kubernetes Engine Admin
    • Project IAM Admin
    • Secret Manager Admin
    • Service Account Admin
    • Service Account Key Admin
    • Service Account User
    • Artifact Registry Administrator
    • Artifact Registry Repository Administrator
  • Choose Save

Remember to follow the principle of least privilege by only granting the necessary roles for the tasks the principal needs to perform. This approach minimizes security risks by limiting access to what is strictly necessary for the job.

Document image


4. Connect your GCP account in Microtica

  • Open Microtica Console
  • From the side menu, click on Integrations -> Cloud Accounts -> Connect GCP account
  • Enter the following:
    • Name - User-friendly account name as shown in Microtica Console
    • GCP Service Account Emal - the service account (email) you created in Step 1
Document image




5. Enable GCP APIs

https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com

https://console.cloud.google.com/apis/api/artifactregistry.googleapis.com



If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

Updated 14 Apr 2024
Doc contributor
Did this page help you?
PREVIOUS
Connect an AWS account
NEXT
Connect a Container Registry
Docs powered by Archbee