Permissions required to install Anthos Service Mesh

The following table describes the roles that are required to install Anthos Service Mesh.

Role name Role ID Description
Compute Admin roles/compute.admin Full control of all Compute Engine resources.
GKE Hub Admin roles/gkehub.admin Full access to GKE Hubs and related resources.
Kubernetes Engine Admin roles/container.admin Provides access to full management of Container Clusters and their Kubernetes API objects.
Mesh Config Admin roles/meshconfig.admin Provides permissions required for init, stackdriver, UI elements, etc
Project IAM Admin roles/resourcemanager.projectIamAdmin Provides permissions to administer IAM policies on projects.
Service Account Admin roles/iam.serviceAccountAdmin Create and manage service accounts.
Service Account Key Admin roles/iam.serviceAccountKeyAdmin Create and manage (and rotate) service account keys.
Service Management Admin roles/servicemanagement.admin Full control of Google Service Management resources.
Service Usage Admin roles/serviceusage.serviceUsageAdmin Ability to enable, disable, and inspect service states, inspect operations, and consume quota and billing for a consumer project.
CA Service Admin Beta roles/privateca.admin Full access to all Certificate Authority Service resources.

What's next