I'm working on a Kubernetes workshop and I want to give each attendant a cluster where they can deploy the exercises. I have added them as project's members and set the project editor IAM role (I wanted to set the container engine developer only but I experienced big troubles when pushing new images to GCR, but that's not the point of this question).

What I would want to achieve is to restrict the visibility of each cluster to only its owner and no one else, but I haven't found anywhere (neither in the console options nor in the documentation) how can I do this, if it's even posible.

Any idea?