gke/ERR/2021_007

GKE service account permissions.

Product: Google Kubernetes Engine
Rule class: ERR - Something that is very likely to be wrong

Description

Verify that the Google Kubernetes Engine service account exists and has the Kubernetes Engine Service Agent role on the project.

Remediation

Make sure that you have the following role binding in the IAM policy:

  • Principal: serviceAccount:service-PROJECTNR@container-engine-robot.iam.gserviceaccount.com
  • Role: roles/container.serviceAgent

Further information