Version 1.9

Permissions required to install Anthos Service Mesh

The following table describes the roles that are required to install Anthos Service Mesh.

Role name Role ID Description
Compute Admin roles/compute.admin Full control of all Compute Engine resources.
GKE Hub Admin roles/gkehub.admin Full access to GKE Hubs and related resources.
Kubernetes Engine Admin roles/container.admin Provides access to full management of Container Clusters and their Kubernetes API objects.
Mesh Config Admin roles/meshconfig.admin Provides permissions required for init, stackdriver, UI elements, etc
Project IAM Admin roles/resourcemanager.projectIamAdmin Provides permissions to administer IAM policies on projects.
Service Account Admin roles/iam.serviceAccountAdmin Create and manage service accounts.
Service Account Key Admin roles/iam.serviceAccountKeyAdmin Create and manage (and rotate) service account keys.
Service Management Admin roles/servicemanagement.admin Full control of Google Service Management resources.
Service Usage Admin roles/serviceusage.serviceUsageAdmin Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.
CA Service Admin Beta roles/privateca.admin Full access to all Certificate Authority Service resources.

What's next