Closed shedyb closed 1 week ago
In addition to the prerequisite APIs and role binding identified by @shedyb, the following updates are needed to keep the sample in sync with the public bare metal documentation and to ensure the sample scripts work without errors.
Under the list of APIs to enable, add the following:
compute.googleapis.com
Under role bindings, add the following:
gcloud projects add-iam-policy-binding "$PROJECT_ID" \
--member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/monitoring.viewer" \
--no-user-output-enabled
gcloud projects add-iam-policy-binding "$PROJECT_ID" \
--member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/serviceusage.serviceUsageViewer" \
--no-user-output-enabled
While reproducing a case, I noticed that customers using this public document to create GKE on bare metal are likely to encounter errors due to some missing prerequisites..
Under the list on APIs to be enable we need to include the following :
Also under the role bindings, we need to include the following :
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/kubernetesmetadata.publisher"