# Google Kubernetes Engine (GKE) ## Overview Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. With the integration between Fylamynt and GKE, you can build and manage container based applications in Google Cloud Platform. The integration provides an abstraction layer over the Kubernetes API server and expose meaningful actions like "Get Overloaded Nodes", "Kill Overloaded Nodes" for automation. ## Use Cases ## Configure GKE in Fylamynt * Navigate to **Settings** > **Integrations** > **Google Kubernetes Engine**. * Configure a new integration instance. Follow the steps listed below on your GCP Account and complete the integration setup by configuring Service Account Key. Details needed to set up **GKE instance** in **Fylamynt**: To register Fylamynt application in GCP and grant access to a project's Kubernetes engine account to manage cluster resources from Fylamynt, you need to follow the steps below. #### **Create a Service Account (Ignore if you already have one)** 1. In the Cloud Console, go to the **Service accounts** page. [Go to the Service accounts page](https://console.cloud.google.com/iam-admin/serviceaccounts) 2. Select a project. 3. Click **Create service account**. 4. Enter a service account name to display in the Cloud Console. The Cloud Console generates a service account ID based on this name. Edit the ID if necessary. You cannot change the ID later. 5. Optional: Enter a description of the service account. 6. If you do not want to set access controls now, click **Done** to finish creating the service account. To set access controls now, click **Create and continue** and continue to the next step. 7. Choose the [IAM role](https://cloud.google.com/iam/docs/understanding-roles) -> **(Kubernetes Engine Service Agent)** to manage cluster resources and to grant access to the service account on the project. 8. When you are done adding roles, click **Continue**. 9. Optional: In the **Service account users role** field, add members that can [impersonate the service account](https://cloud.google.com/iam/docs/impersonating-service-accounts#allow-impersonation). 10. Optional: In the **Service account admins role** field, add members that can manage the service account. 11. Click **Done** to finish creating the service account. #### Grant this service account access to project and include Kubernetes Engine Service Agent role. 1. If you did not follow step 7 while creating the service account or you already had a service account and missed adding the IAM role - **Kubernetes Engine Service Agent,** please go to the permissions tab for the specific service account and include the role. 2. **Kubernetes Engine Service Agent role** - Gives Kubernetes Engine account access to manage cluster resources. Includes access to service accounts. #### Create service account key and add it to Fylamynt right panel to complete the integration setup 1. Select the same **Service Account** used 2. Click the **Keys** tab. 3. Click the **Add key** drop-down menu, then select **Create new key**. 4. Select **JSON** as the **Key type** and click **Create**. Clicking **Create** downloads a service account key file. After you download the key file, you cannot download it again. The downloaded key has the following format, where `private-key` is the private portion of the public/private key pair: ``` { "type": "service_account", "project_id": "project-id", "private_key_id": "key-id", "private_key": "-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n", "client_email": "service-account-email", "client_id": "client-id", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://accounts.google.com/o/oauth2/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email" } ``` **Add Service Account Key JSON to Fylamynt** 1. Copy the JSON and add it to Fylamynt right integration panel where you see the field name **Service Account Key.** 2. Click on Authorize and you are all set to use the integration.