category: EXP

建站小记

1. Create a Service Account gcloud iam service-accounts create least-gke-test --project fcr-it # create a new role gcloud iam roles create least-role --quiet \ --project "fcr-it" \ --file "custom-role.yaml" 2. Grant a role on SA add roles/container.clusterAdmin on SA first permission “setIamPolicy” required gcloud projects add-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role projects/fcr-it/roles/leastrole 3. Revoking access from SA then grant another one gcloud projects remove-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role roles/container.clusterAdmin gcloud projects add-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it....