I've created a service account in the IAM page of google cloud console but unfortunately I'm unable to assign roles to this account - or I'm missing something.
When attempting to get the cluster credentials for kubectl, GCloud always responds with the following:
gcloud container clusters get-credentials api --zone europe-west1-b --project *****
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission for "projects/*****/zones/europe-west1-b/clusters/api".
I've also added all the roles to the account as demonstrated here:
gcloud projects get-iam-policy project-tilas
bindings:
- members:
- serviceAccount:travis@*****.iam.gserviceaccount.com
role: roles/container.admin
- members:
- serviceAccount:travis@*****.iam.gserviceaccount.com
role: roles/editor
- members:
- user:Tj****n@gmail.com
role: roles/owner
- members:
- serviceAccount:travis@*****.iam.gserviceaccount.com
role: roles/viewer
etag: BwVqZB734TY=
version: 1
What am I missing? Authentication is successful, and the project id/number's match up to what I see in the GCloud dashboard...
While not a definitive answer, I actually solved this but just deleting the service account and recreating it.
Frustrating.