K
Q

Google Cloud Service Account with 'roles/container.admin'

12/6/2017

I am trying to create a Service Account with 'roles/container.admin' and i get an error saying that the role is not supported for this resource.

$ gcloud iam service-accounts add-iam-policy-binding sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com --member='serviceAccount:sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com' --role='roles/container.admin'

ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Role roles/container.admin is not supported for this resource.

If I create a Service Account from the CONSOLE UI I can add this role without a problem.

-- Victor Rosales
gcloud
google-cloud-iam
google-cloud-platform
kubernetes

Similar Questions

How to get credentials from Azure Linux VM (kubernetes cluster) on machine different from where it was created?
Running K8s cluster from Gitlab-runner on Openshift
Kubernetes: Choose volume dependent on namespace
Running Kubernetes on a single machine bare metal

1 Answer

1/20/2018

You have to use gcloud projects to add roles for a service account at a project level as shown here.

This works for me:

gcloud projects add-iam-policy-binding PROJECT_ID \ 
--member serviceAccount:sa-ci-vm@PROJECT-ID.iam.gserviceaccount.com \
--role roles/container.admin
-- Guillem Xercavins
Source: StackOverflow