Closed jmhodges closed 2 years ago
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
@jmhodges Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:
Thanks for opening this issue and including so many relevant details! You or anyone else is welcome to open a PR to address this.
For the contributor who addresses this issue, it sounds like the fix is to make an add-iam-policy-binding
call for each role: https://github.com/cloudfoundry/bosh-google-cpi-release/issues/142#issuecomment-486732247
I didn't get a notification that this was marked as stale. But this is still a live doc bug
@jmhodges Sorry about that! The stale bot is a little wonky sometimes. I am reopening it now 💛
It looks like this one has been fixed. I'm closing the issue now.
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/guides/deploying-to-google-kubernetes-engine
What part(s) of the article would you like to see updated?
The section "Configuring a service account and storing its credentials" has this call documented:
But it seems that
add-iam-policy-binding
can only take one--role
argument at a time.For instance, this will cause a failure during
docker push
:The example given is otherwise able to correctly auth with gcloud, configure docker, and get credentials for the GKE cluster, but then fails to push to
gcr.io
.Looking through the output of
add-iam-policy-binding
, the new service account is only listed in therole: roles/container.clusterViewer
section.It seems that whatever the last
--role
given toadd-iam-policy-binding
is the role that will actually be applied to the binding without an error.Additional information
No response