1. Create a Service Account
gcloud iam service-accounts create least-gke-test --project fcr-it
# create a new role
gcloud iam roles create least-role --quiet \
--project "fcr-it" \
--file "custom-role.yaml"
2. Grant a role on SA
add roles/container.clusterAdmin on SA first
permission “setIamPolicy” required
gcloud projects add-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role projects/fcr-it/roles/leastrole
3. Revoking access from SA
then grant another one
gcloud projects remove-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role roles/container.clusterAdmin
gcloud projects add-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role roles/container.developer
4. Get credential from GKE cluster
gcloud container clusters get-credentials simple-gke-cluster --zone europe-west2-b
Roles/Permission
Roles | Get Credential |
---|---|
container.clusterAdmin | true |
container.developer | true |