Problem
When trying to delete a cluster manually or during cluster node scale up or down, the operation fails with the error described below:
Required 'compute.instanceGroups.update' permission for 'projects/[name]/zones/[zone]/instanceGroups/cluster-name-nodepool-name-nodename'
Environment
- Google Kubernetes Engine
Solution
- In Google Cloud Platform UI, Go to IAM & Admin > IAM,
- Look for an account named Google API Service Agent with a member project number@cloudservices.gserviceaccount.com.
- Make sure that this account is present in the project with roles/editor permission assigned to it.
Cause
This occurs because Google API Service Agent user account project number@cloudservices.gserviceaccount.com is deleted from the project or is missing roles/editor permission.
This is a Google managed service account which runs internal Google processes on your behalf. And it is automatically granted the Editor role 'roles/editor' on the project.