Google Cloud Service Account with 'roles/container.admin'

6
votes

I am trying to create a Service Account with 'roles/container.admin' and i get an error saying that the role is not supported for this resource.

$ gcloud iam service-accounts add-iam-policy-binding [email protected] --member='serviceAccount:[email protected]' --role='roles/container.admin'

ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Role roles/container.admin is not supported for this resource.

If I create a Service Account from the CONSOLE UI I can add this role without a problem.

2
kubernetesgoogle-cloud-platformgcloudgoogle-cloud-iam

2 Answers

10
votes

You have to use gcloud projects to add roles for a service account at a project level as shown here.

This works for me:

gcloud projects add-iam-policy-binding PROJECT_ID \ 
--member serviceAccount:[email protected] \
--role roles/container.admin
1
votes

I got the same error. You have to give the absolute path to the role.

cloud iam service-accounts add-iam-policy-binding SERVICEACCOUNT --member=SERVICEACCOUNT_EMAIL --role=projects/PROJECTNAME/roles/ROLENAME