Comment on page
Creating a Google Service Account
GCP IAM Service Account
From here, select the option Create Service Account.
GCP option to create Service Account
Provide a service account name, ID, and description, then select Create and Continue.
GCP create Service Account wizard
You should now be at the Service account permissions (optional) page. Select the first Role dropdown and select Storage Object Creator. Select Add Another Role, then select Storage Object Viewer from the second dropdown. Select Continue.
GCP Service Account permissions editor
You should now be prompted to allow specific accounts access to this service account. This should be based on specific internal needs and is not a requirement. You can leave this empty and select Done.
Once back to the Service accounts page, select the Actions icon > Manage keys. Then, select the Add Key dropdown and select Create new key. A Create private key window opens.
Select JSON as the Key type and select Create. This will download a JSON service account key entry for use with the Thanos
object-store.yamlmentioned in the initial setup step.