The following table describes the roles that are required to install Anthos Service Mesh.
Role name | Role ID | Description |
---|---|---|
Project Editor | roles/editor | Permissions for actions that modify state, such as changing existing resources. |
Compute Admin | roles/compute.admin | Full control of all Compute Engine resources. |
Kubernetes Engine Admin | roles/container.admin | Provides access to full management of Container Clusters and their Kubernetes API objects. |
Project IAM Admin | roles/resourcemanager.projectIamAdmin | Provides permissions to administer IAM policies on projects. |
Service Account Admin | roles/iam.serviceAccountAdmin | Create and manage service accounts. |
Service Account Key Admin | roles/iam.serviceAccountKeyAdmin | Create and manage (and rotate) service account keys. |
GKE Hub Admin (Beta) | roles/gkehub.admin | Full access to GKE Hubs and related resources. |
For a list of the specific permissions in each role, copy the role and search for it on Understanding roles.