--- title: GCP Quickstart weight: 140 --- Connect Crossplane to GCP to create and manage cloud resources from Kubernetes with [provider-upjet-gcp](https://github.com/crossplane-contrib/provider-upjet-gcp). This guide is in two parts: * Part 1 walks through installing Crossplane, configuring the provider to authenticate to GCP and creating a _Managed Resource_ in GCP directly from your Kubernetes cluster. This shows Crossplane can communicate with GCP. * [Part 2]({{< ref "provider-gcp-part-2" >}}) shows how to build and access a custom API with Crossplane. ## Prerequisites This quickstart requires: * a Kubernetes cluster with at least 2 GB of RAM * permissions to create pods and secrets in the Kubernetes cluster * [Helm](https://helm.sh/) version v3.2.0 or later * a GCP account with permissions to create a storage bucket * GCP [account keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) * GCP [Project ID](https://support.google.com/googleapi/answer/7014113?hl=en) {{}} ## Install the GCP provider Install the provider into the Kubernetes cluster with a Kubernetes configuration file. ```shell {label="provider",copy-lines="all"} cat <}}Provider{{}} installs the Kubernetes _Custom Resource Definitions_ (CRDs) representing GCP storage services. These CRDs allow you to create GCP resources directly inside Kubernetes. Verify the provider installed with `kubectl get providers`. ```shell {copy-lines="1",label="getProvider"} kubectl get providers NAME INSTALLED HEALTHY PACKAGE AGE crossplane-contrib-provider-family-gcp True True xpkg.crossplane.io/crossplane-contrib/provider-family-gcp:v1.12.1 33s provider-gcp-storage True True xpkg.crossplane.io/crossplane-contrib/provider-gcp-storage:v1.12.1 37s ``` The Storage Provider installs a second Provider, the {{}}crossplane-contrib-provider-family-gcp{{}} provider. The family provider manages authentication to GCP across all GCP family Providers. You can view the new CRDs with `kubectl get crds`. Every CRD maps to a unique GCP service Crossplane can provision and manage. {{< hint "tip" >}} See details about all the supported CRDs in the [provider examples](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/examples). {{< /hint >}} ## Create a Kubernetes secret for GCP The provider requires credentials to create and manage GCP resources. Providers use a Kubernetes _Secret_ to connect the credentials to the provider. First generate a Kubernetes _Secret_ from a Google Cloud service account JSON file and then configure the Provider to use it. ### Generate a GCP service account JSON file For basic user authentication, use a Google Cloud service account JSON file. {{< hint "tip" >}} The [GCP documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) provides information on how to generate a service account JSON file. {{< /hint >}} Save this JSON file as `gcp-credentials.json` ### Create a Kubernetes secret with the GCP credentials A Kubernetes generic secret has a name and contents. Use {{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}} to generate the secret object named {{< hover label="kube-create-secret" line="2">}}gcp-secret{{< /hover >}} in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{}} namespace. Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{}} argument to set the value to the contents of the {{< hover label="kube-create-secret" line="4">}}gcp-credentials.json{{< /hover >}} file. ```shell {label="kube-create-secret",copy-lines="all"} kubectl create secret \ generic gcp-secret \ -n crossplane-system \ --from-file=creds=./gcp-credentials.json ``` View the secret with `kubectl describe secret` {{< hint "note" >}} The file size may be a different depending on the contents. {{< /hint >}} ```shell {copy-lines="1"} kubectl describe secret gcp-secret -n crossplane-system Name: gcp-secret Namespace: crossplane-system Labels: Annotations: Type: Opaque Data ==== creds: 2330 bytes ``` {{< hint type="note" >}} The [Authentication](https://docs.upbound.io/providers/provider-gcp/authentication/) section of the GCP Provider documentation describes other authentication methods. {{< /hint >}} ## Create a ProviderConfig A `ProviderConfig` customizes the settings of the GCP Provider. Include your {{< hover label="providerconfig" line="7" >}}GCP project ID{{< /hover >}} in the _ProviderConfig_ settings. {{< hint "tip" >}} Find your GCP project ID from the `project_id` field of the `gcp-credentials.json` file. {{< /hint >}} Apply the {{< hover label="providerconfig" line="2">}}ProviderConfig{{}} with the command: {{< editCode >}} ```yaml {label="providerconfig",copy-lines="all"} cat <$@ credentials: source: Secret secretRef: namespace: crossplane-system name: gcp-secret key: creds EOF ``` {{< /editCode >}} This attaches the GCP credentials, saved as a Kubernetes secret, as a {{< hover label="providerconfig" line="10">}}secretRef{{}}. The {{< hover label="providerconfig" line="12">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the GCP credentials in the {{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.namespace{{< /hover >}}. ## Create a managed resource A _managed resource_ is anything Crossplane creates and manages outside of the Kubernetes cluster. This example creates a GCP storage bucket with Crossplane. The storage bucket is a _managed resource_. {{< hint "note" >}} To generate a unique name use {{}}generateName{{}} instead of `name`. {{< /hint >}} Create the Bucket with the following command: ```yaml {label="xr",copy-lines="all"} cat <}}apiVersion{{< /hover >}} and {{< hover label="xr" line="3">}}kind{{}} are from the provider's CRDs. The {{< hover label="xr" line="10">}}spec.forProvider.location{{< /hover >}} tells GCP which GCP region to use when deploying resources. For a {{}}bucket{{}} the region can be any [GCP multi-region location](https://cloud.google.com/storage/docs/locations#location-mr) Use `kubectl get bucket` to verify Crossplane created the bucket. {{< hint type="tip" >}} Crossplane created the bucket when the values `READY` and `SYNCED` are `True`. This may take up to 5 minutes. {{< /hint >}} ```shell {copy-lines="1"} kubectl get bucket NAME READY SYNCED EXTERNAL-NAME AGE crossplane-bucket-8b7gw True True crossplane-bucket-8b7gw 2m2s ``` ## Delete the managed resource Before shutting down your Kubernetes cluster, delete the GCP bucket just created. Use `kubectl delete bucket` to remove the bucket. {{}} Use the `--selector` flag to delete by label instead of by name. {{}} ```shell {copy-lines="1"} kubectl delete bucket --selector docs.crossplane.io/example=provider-gcp bucket.storage.gcp.upbound.io "crossplane-bucket-8b7gw" deleted ``` ## Next steps * [**Continue to part 2**]({{< ref "provider-gcp-part-2">}}) to create a Crossplane _Composite Resource_ and _Claim_. * Explore GCP resources that can Crossplane can configure in the [Provider CRD reference](https://github.com/crossplane-contrib/provider-upjet-gcp/tree/main/package/crds). * Join the [Crossplane Slack](https://slack.crossplane.io/) and connect with Crossplane users and contributors.