How to Successfully Create a Kubernetes Cluster with a Specific Service Account in GCP

Discover how to resolve service account issues while creating a Kubernetes cluster in Google Cloud Platform with this detailed guide.
---
This video is based on the question https://stackoverflow.com/q/68344509/ asked by the user 'kpgenes' ( https://stackoverflow.com/u/8143795/ ) and on the answer https://stackoverflow.com/a/68353578/ provided by the user 'Gari Singh' ( https://stackoverflow.com/u/5529712/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: How to create a kubernetes cluster with service account of type 'compute@ developer.gserviceaccount.com' in GCP?

Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/l...
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license.

If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
Creating a Kubernetes Cluster with a Service Account in GCP

Setting up a Kubernetes cluster in Google Cloud Platform (GCP) can be a straightforward process. However, it can quickly become complicated if you encounter issues with service accounts. One such common problem is when GCP indicates that a specific service account, such as abcdefc-compute@ developer.gserviceaccount.com, does not exist, even though you have another service account available. This post will break down how to effectively solve this problem and ensure your cluster creation process runs smoothly.

Understanding the Problem

If you're new to GCP and are faced with the error message indicating that the service account abcdefc-compute@ developer.gserviceaccount.com does not exist, it can be frustrating. Typically, you might find yourself in the following situation:

You attempt to create a Kubernetes cluster but GCP fails with the error mentioning a missing service account.

Upon checking, you discover that you have a different service account, ayushaccount@ abcdef.iam.gserviceaccount.com, in your project.

You try to create the required service account but are unable to do so.

These issues are often due to missing default service accounts or incorrect configurations.

Solution Overview

To resolve the service account issue and successfully create your Kubernetes cluster, you have two main options:

(Re)create the default service account.

Select an existing service account while creating your GKE cluster.

Let’s explore both options in detail.

Option 1: (Re)Creating the Default Service Account

The absence of the default service account can be a common reason for this error. Here's how to go about recreating it:

Steps to Recreate the Default Service Account:

Enable/Disable the Google Compute Engine API:

You can do this directly from the GCP console. Navigate to the API & Services dashboard, find the Google Compute Engine API, and disable and then re-enable it.

or

Run the following command in Cloud Shell or your local command line:

[[See Video to Reveal this Text or Code Snippet]]

Verify that the service account has been created:

Once the API is enabled, GCP will automatically create the default service account for your project.

Option 2: Selecting an Existing Service Account

If recreating the default service account isn't feasible or preferred, you can simply select an already existing service account while creating your GKE cluster:

Steps to Select an Existing Service Account:

Go to the GKE cluster creation interface:

While setting up your cluster, navigate to the Node Pools section.

Adjust Security Settings:

Click on default-pool and find the Security settings.

Choose a Compatible Service Account:

For the Service account field, select from the dropdown the existing service account, such as ayushaccount@ abcdef.iam.gserviceaccount.com, that is already present in your GCP project.

Conclusion

By following these steps, you should be able to successfully create a Kubernetes cluster in GCP. Whether you choose to recreate the default service account or select an existing one, GCP provides the flexibility to help you navigate these common setup challenges. If you continue to face issues, ensure that you have the necessary permissions and that your GCP project is properly configured.

With the right steps in mind, you're now equipped to proceed with your GCP Kubernetes cluster journey. Happy clustering!