TL;DR. I'd like to tie a role to a user, and then specify that the user can only access (read/write) cluster A, and not clusters B or C (A, B and C being all under the same Google Cloud project).
On Google Cloud, I have a project with multiple Kubernetes clusters (GKE-based) in it.
I need to add an auditor person to a particular Kubernetes cluster (and make sure he's not able to access other GKE clusters in the project).
So far I've created a "Auditor" role.
Now that I need to attach a role to a particular email account, I'm scratching my head. On the IAM Admin page I can tie a role to a particular email and resource type. But there's nothing that'd indicate I'm tying a role to a particular specific resource.
How do I make sure a particular user email can only access a particular GKE cluster?
Should tying a user to cluster be done from within the cluster A itself? (that'd imply that user won't see clusters B and C). If so, how?
