This message was deleted.
# general
s
This message was deleted.
i
Here is the identity setup:
Copy code
const name = 'ciInfrastructure'

export const ciInfrastructure = new gcp.serviceAccount.Account(
  name,
  {
    project,
    accountId: 'ci-infrastructure',
    displayName: 'CI infrastructure account',
  },
  { protect },
)

bindToIAMRole(`${name}ClusterAdmin`, ciInfrastructure, {
  project,
  role: 'roles/container.clusterAdmin',
})
// for deploying cluster-wide resources e.g. traefik, cert-manager
bindToIAMRole(`${name}ContainerDeveloper`, ciInfrastructure, {
  project,
  role: 'roles/container.developer',
})
I thought since I can use the
ci-infrastructure
gcp service account/identity to create the cluster, that I’ll be able to create a clusterRoleBinding, but so far cannot.
I’m going to go back and try with
roles/container.admin
, using
container.clusterAdmin
and
container.developer
may not be enough
changing the gcp IAM role to
'roles/container.admin'
solved it
c
@important-leather-28796 not an expert but that seems to be a lack of permissions error
oh
didn’t see last message