# Connect GCP account

Sedai currently supports the following GCP cloud resources:

* Dataflow <mark style="color:blue;">**BETA**</mark>
* Google Kubernetes Engine (GKE)

Sedai individually connects to Kubernetes clusters, so GKE clusters are displayed independent of their corresponding GCP account. To connect your GKE workloads, we recommend deploying [Sedai's Smart Agent](/get-started/onboarding/autonomous-cloud-management/connect-kubernetes-cluster/sedai-smart-agent.md) within your cluster, but you can also setup with [agentless access](/get-started/onboarding/autonomous-cloud-management/connect-kubernetes-cluster/gke-agentless-setup.md).

***

## How to connect Dataflow jobs

To connect your GCP account, log in to Sedai and navigate to Settings > Integrations. In the upper righthand corner, select the **Add Integration** button and select Cloud Provider from the side drawer.&#x20;

{% hint style="info" %}
Since you can add multiple GCP accounts to Sedai, you will be asked to give your integration a unique nickname — this helps you easily identify resources within Sedai.
{% endhint %}

You will need to provide the Project ID and Region (found in the home page of your GCP console) as well as create a new service account and provide its JSON.

Once completed click save and you will be prompted to integrate Google Monitoring (by default, Sedai maps [labels](/get-started/onboarding/autonomous-cloud-management/connect-monitoring-data.md#google-monitoring) but you can optionally customize these). Enter the same Project ID and service account JSON from the previous step and click save.

### Service Account Setup

{% tabs %}
{% tab title="Setup via console" %}
From your GCP console click **IAM & Admin**, then select **Service Accounts** in the left-hand menu and click **Create Service Account**. Enter details and click continue.

Add the following roles to grant access:

| Role                                                                   | Purpose                                                                                                                                                                                                                         |
| ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <p><strong>Dataflow Viewer</strong><br>(roles/dataflow\.viewer)</p>    | Lists all Dataflow jobs ([learn more](https://cloud.google.com/dataflow/docs/concepts/access-control#dataflow.viewer))                                                                                                          |
| <p><strong>Compute Viewer</strong><br>(roles/compute.viewer)</p>       | Lists all compute instances & regions ([learn more](https://www.google.com/url?q=https://cloud.google.com/compute/docs/access/iam%23compute.viewer\&sa=D\&source=docs\&ust=1707258989163514\&usg=AOvVaw3UDNy5j4sS7pWH9t2VOSyo)) |
| <p><strong>Monitoring Viewer</strong><br>(roles/monitoring.viewer)</p> | Grants access to Cloud Monitoring metrics ([learn more](https://cloud.google.com/monitoring/access-control#grant-monitoring-access))                                                                                            |

Once saved, navigate to the Keys section of the new service account and click the **Add key** dropdown to create a new key. Select JSON key as the type and create.
{% endtab %}

{% tab title="Setup via CLI" %}
{% hint style="warning" %}
Replace `SA_NAME` and `PROJECT_ID` in the following prompts based on your service account name and GCP project.
{% endhint %}

Create new service account:

```xml
gcloud iam service-accounts create sedai-sa-dataflow-work --description "Service Account for Sedai Dataflow Integration" --display-name "sedai-sa-dataflow-work"
```

Set permissions (view [details](#setup-via-console) on the required roles)

```
gcloud projects add-iam-policy-binding [PROJECT_ID] \
  --member "serviceAccount:[SA_NAME]@[PROJECT_ID].iam.gserviceaccount.com" \
  --role roles/dataflow.viewer \
  --role roles/monitoring.viewer \
  --role roles/storage.objectViewer
```

Create and download key:

```
gcloud iam service-accounts keys create [NEW_KEY_FILE_NAME].json \
  --iam-account [SA_NAME]@[PROJECT_ID].iam.gserviceaccount.com
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sedai.io/get-started/onboarding/autonomous-cloud-management/connect-gcp-account.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.