Introduction to the provisioning credential for Google Cloud

The provisioning credential for Google Cloud relies on a service account that can be assumed by CDP.

The following flow describes how the Google Cloud provisioning credential works:

  1. Your GCP account administrator creates a service account and assigns the minimum permissions allowing CDP to create and manage resources in your Google Cloud account. Next, the administrator generates a service account access key pair for the service account. The minimum permissions are described in Service account for the CDP provisioning credential.
  2. The service account is registered as a credential in CDP and its access key is uploaded to CDP.
  3. The credential is then used for registering your Google Cloud environment in CDP.
  4. Once this is done, CDP uses the credential for provisioning environment-related resources, workload clusters, and resources for other CDP services that you run in CDP.