google-anthosgcp-iam

Anthos cluster cannot create kubernetes resources unless I'm am a GCP Project Owner?


I have a GCP Project and Anthos Cluster deployed within it.

If I am an admin of an Anthos cluster but not an Owner of the parent project, I have only read rights on Kubernetes and cannot create any resources. Getting:

Error from server (Forbidden)

I've given myself "Kubernetes Engine Admin", "Kubernetes Engine Cluster Admin", "Anthos Multi-cloud Admin" roles, but no success. It seems like "Owner" role is mandatory.

Also my user is attached to ClusterRole/cluster-admin through ClusterRoleBinding/gke-multicloud-cluster-admin, but I definitely need IAM Owner role.

Is this by Anthos design or I am missing something?


Solution

  • This was solved by giving myself these roles:

    Now, I can create Kubernetes resources even if I am not an Owner of the GCP project.