tag: k8s

1. Create a Service Account gcloud iam service-accounts create least-gke-test --project fcr-it # create a new role gcloud iam roles create least-role --quiet \ --project "fcr-it" \ --file "custom-role.yaml" 2. Grant a role on SA add roles/container.clusterAdmin on SA first permission “setIamPolicy” required gcloud projects add-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role projects/fcr-it/roles/leastrole 3. Revoking access from SA then grant another one gcloud projects remove-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it.iam.gserviceaccount.com" --role roles/container.clusterAdmin gcloud projects add-iam-policy-binding fcr-it --member serviceAccount:"least-gke-test@fcr-it....

This product or feature is in a pre-release state and might change or have limited support. For more information, see the product launch stages. Prerequisite A cluster A new cloud KMS key (Should be an available key) Deploy the compute engine persistent disk CSI driver to GKE cluster Assign the Cloud KMS CryptoKey Encrypter/Decrypter role 1. Kubernetes Driver Installation Guide roles/container.developer roles/iam.roleAdmin roles/iam.serviceAccountAdmin roles/iam.serviceAccountKeyAdmin roles/resourcemanager.projectIamAdmin Above roles required to run “setup-project....