☁️Google Cloud

Installing P0 on Google Cloud takes about 10 minutes.

Before you begin

  • Choose at least one project in which to install P0.

  • Make sure you have the ability to create roles and add IAM bindings; you can gain these abilities if you have both:

    • iam.roleAdmin

    • iam.securityAdmin

  • To install P0 with additional security, you'll need the orgpolicy.policyAdmin role on your organization. This is not required to use P0 with Google Cloud, but recommended to ensure your P0 integration is as secure as possible.

Setting up Google Cloud

For fine-grained Kubernetes access in GKE use the P0 Kubernetes integration.

  1. Navigate to "Integrations" on p0.app, then select "Google Cloud":

  1. Copy and paste your organization ID into the UI, then click "Next". You'll now be able to install one or more P0 components:

  1. Choose the component you want to install (for instance, to use P0 for just-in-time access, choose "IAM Write"). This will prompt you to enter the project IDs on which to install P0:

  1. Enter one or more project IDs, then click "Get setup commands". This will display gcloud commands that you can use to configure P0 on your projects:

  1. Running these commands will, for each project, create a custom "P0 IAM Admin" role, and grant that role to P0's service account. Run these commands now. You can run them either from a local command-line (with gcloud installed), or from the Google Cloud Shell.

  2. Select "Go to next step". If you're installing either "Access Logs" or "IAM Read", this will complete your installation. If you're installing "IAM Write", you'll be prompted you to install domain-restricted sharing on the project:

Domain-restricted sharing is optional. Installing this organization policy is not necessary to use P0. However, without this policy, if an attacker compromises P0's infrastructure, they could use P0 to gain access to your systems. You will need to adopt the orgpolicy.policyAdmin role at the level of your Google Cloud organization to configure domain-restricted sharing. Adding domain-restricted sharing does not affect any existing grants on your project.

  1. Either run these commands now and click "Verify Policy", or click "Skip This Step" now. If you skip this step you can run the commands later by clicking "Add Domain Restriction" at any time.

Congrats! You're now set up with P0 on Google Cloud.

Last updated