0

I am trying to delete a node pool using a service account with ‘K8s Engine admin’ role which supposed to have full cluster permissions including API objects. I am using the sa.json in my chaostoolkit manifest (it’s an open source chaos tool). However, i get below error:

failed: googleapiclient.errors.HttpError: <HttpError 403 when requesting https://container.googleapis.com/v1/projects/chaos/zones/us-east1-b/clusters/chaos/nodePools/pool-1?alt=json returned "Required "container.clusters.update" permission(s) for "projects/chaos/zones/us-east1-b/clusters/chaos"

I would assume K8s engine admin role should have every permission needed on the clusters. Any help on how to add this specific permission to this SA or a new one?

Improve this question

1 Answer 1

Reset to default
1

Apparently the permissions were sufficient. After I added 'k8s context' parameter in the chaostoolkit manifest it worked. This is how it should look:

secrets:
k8s: KUBERNETES_CONTEXT: gke_projectname_us-east1_chaos
gcp: service_account_file: ./sa-k8s.json

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.