gke/ERR/2021_008

Google APIs service agent has Editor role.

Product: Google Kubernetes Engine
Rule class: ERR - Something that is very likely to be wrong

Description

The Google API service agent project-number@cloudservices.gserviceaccount.com runs internal Google processes on your behalf. It is automatically granted the Editor role on the project.

Remediation

Make sure that you have the following role binding in the IAM policy:

  • Principal: serviceAccount:PROJECTNR@cloudservices.gserviceaccount.com
  • Role: roles/editor

Further information