google-service-account-thanos.md

Creating a Google Service Account

Creating a Google Service Account

In order to create a Google service account for use with Thanos:

Navigate to the Google console menu and select IAM & Admin -> Service accounts.

From here, select the option + Create Service Account

Provide a Service Account Name and Description

Press Create.

You should now be at the Service account permissions (optional) screen. Click inside the Role box, and set the first entry to Storage Object Creator. Click the + Add Another Role and set the second entry to Storage Object Viewer.

Hit Continue

You should now be prompted to allow specific accounts access to this service account. This should be based on specific internal needs and is not a requirement. You can leave empty and press Done

Create a Key

Once back to the service accounts menu, select the ... at the end of the entry you just created and press Create Key

Confirm JSON

Confirm a JSON key and hit Create. This will download a JSON service account key entry for use with the Thanos object-store.yaml mentioned in the initial setup step.

Edit this doc on GitHub