why the service account exist and what if we create an instance without service account, and what is the meaning of calling google cloud api from the service account
1 Answers
Think of a service account as a role that services use. So stepping back a bit. You as user have a role most like Owner which can do everything. If you add a new user but give them a role of read only then they can see but not create.
Service accounts are the same as roles but for services. In AWS they are actually called roles but just trusted to services.
Within the scope of a project
A Service account in GCP can be used by say a single VM, or all your VMs could use the same service account. It would mean they all have the same access.
You could create a service account for each VM if you wanted and give each Vm via its service account different access.
Finally you get a default service account for compute I suspect as a nice helper of the console UI. This is to make it easier for people to get started without being caught out on everything. This is also a big warning, you need to understand that the console UI does alot of things for you which might be covered by a number of gcloud commands. Sometimes this can be used to test your depth of knowldge. A queestion could ask you about a certain feature and you might not know understand it, it you have only used the console UI.
If you enable compute and create your first VM from gcloud then you do not get the default service account for compute.