This documentation is for the Latest version of Cloud Run for Anthos, which uses Anthos fleets and Anthos Service Mesh. Learn more.

The past version has been archived but the documentation remains available for existing users.

Using service account credentials

Stay organized with collections Save and categorize content based on your preferences.

You can use Google service accounts to give your Cloud Run for Anthos services the necessary permissions to access Google Cloud services, for example Cloud Monitoring. Each service account let you define a specific set of Identity and Access Management (IAM) permissions that you can associate with each of your services through Kubernetes Secrets.

To create a service account, you can use the following steps that are provided here for convenience. For complete details about creating and managing service accounts, see the Identity and Access Management documentation.


To create a service account and then download the JSON key file using the Google Cloud console:

  1. Go to the Service Accounts page in Google Cloud console.

    Go to Service Accounts

  2. Click Create Service Account.

  3. Under Service account details, specify a name of your choice in Service account name.

  4. Optionally, modify the Service account ID and add a description.

  5. Click Create and continue.

  6. Under Grant this service account access to a project, from the Select a role drop-down list, select one or more roles for which you the permissions granted to the service account. For example, Monitoring Metric Writer role.

  7. Click Continue, to

  8. Optionally, you can specify users or groups who you want to associate with the service account.

  9. Click Done to create the service account.

  10. In the list of service accounts, next to the service account you created, click Actions > Manage keys.

  11. Click Add Key > Create a new key.

  12. Under Key type, select JSON.

  13. Click Create.


See the following pages to learn how to use the gcloud CLI to:

  1. Create service accounts.
  2. Assign roles and permissions.
  3. Create account keys.

After you create a key and download the JSON file which contains the credentials of your service account, you use that key to create a secret that you can then associate with your Cloud Run for Anthos services.

See Using secrets to learn how to create and then associate secrets with your services.

Next steps

Learn how to manage access to your services.