roles/containerthreatdetection.serviceAgent
Gives Container Threat Detection service account access to enable/disable Container Threat Detection and manage the Container Threat Detection Agent on Google Kubernetes Engine clusters.
Container Threat Detection Service Agent
['container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.auditSinks.get', 'container.auditSinks.list', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.bindings.get', 'container.bindings.list', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.get', 'container.configMaps.list', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodes.get', 'container.csiNodes.list', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpoints.get', 'container.endpoints.list', 'container.events.get', 'container.events.list', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.leases.get', 'container.leases.list', 'container.limitRanges.get', 'container.limitRanges.list', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.petSets.get', 'container.petSets.list', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podPresets.get', 'container.podPresets.list', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.get', 'container.podTemplates.list', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.list', 'container.pods.portForward', 'container.pods.update', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.list', 'container.secrets.update', 'container.serviceAccounts.create', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.tokenReviews.create', 'container.updateInfos.get', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.get', 'container.volumeSnapshots.list', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containersecurity.viewer
Readonly access to GKE Security Posture resources.
GKE Security Posture Viewer
['container.clusters.list', 'containersecurity.clusterSummaries.list', 'containersecurity.findings.list', 'containersecurity.locations.get', 'containersecurity.locations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/container.admin
Full management of Kubernetes Clusters and their Kubernetes API objects.
Kubernetes Engine Admin
['container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containeranalysis.notes.occurrences.viewer
Can view all Container Analysis Occurrences attached to a Note.
Container Analysis Occurrences for Notes Viewer
['containeranalysis.notes.get', 'containeranalysis.notes.listOccurrences']
Copy Permissions
GA
roles/container.clusterAdmin
Management of Kubernetes Clusters.
Kubernetes Engine Cluster Admin
['container.clusters.create', 'container.clusters.delete', 'container.clusters.get', 'container.clusters.list', 'container.clusters.update', 'container.operations.get', 'container.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/container.cloudKmsKeyUser
Allow the Kubernetes Engine service agent in the cluster project to call KMS with user provided crypto keys to sign payloads.
Kubernetes Engine KMS Crypto Key User
['cloudkms.cryptoKeyVersions.get', 'cloudkms.cryptoKeyVersions.useToSign', 'cloudkms.cryptoKeyVersions.useToVerify', 'cloudkms.cryptoKeyVersions.viewPublicKey', 'cloudkms.locations.get', 'cloudkms.locations.list', 'resourcemanager.projects.get']
Copy Permissions
GA
roles/container.viewer
Read-only access to Kubernetes Engine resources.
Kubernetes Engine Viewer
['container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.auditSinks.get', 'container.auditSinks.list', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.bindings.get', 'container.bindings.list', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.get', 'container.configMaps.list', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodes.get', 'container.csiNodes.list', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpoints.get', 'container.endpoints.list', 'container.events.get', 'container.events.list', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.leases.get', 'container.leases.list', 'container.limitRanges.get', 'container.limitRanges.list', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.petSets.get', 'container.petSets.list', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podPresets.get', 'container.podPresets.list', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.get', 'container.podTemplates.list', 'container.pods.get', 'container.pods.getStatus', 'container.pods.list', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.tokenReviews.create', 'container.updateInfos.get', 'container.updateInfos.list', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshots.get', 'container.volumeSnapshots.list', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containeranalysis.notes.attacher
Can attach Container Analysis Occurrences to Notes.
Container Analysis Notes Attacher
['containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.get']
Copy Permissions
GA
roles/container.developer
Full access to Kubernetes API objects inside Kubernetes Clusters.
Kubernetes Engine Developer
['container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusters.connect', 'container.clusters.get', 'container.clusters.list', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roles.get', 'container.roles.list', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containerscanning.ServiceAgent
Gives Container Scanner the access it needs to analyzecontainers for vulnerabilities and create occurrences using the Container Analysis API
Container Scanner Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'containeranalysis.notes.list', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/containeranalysis.notes.viewer
Can view Container Analysis Notes.
Container Analysis Notes Viewer
['containeranalysis.notes.get', 'containeranalysis.notes.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containerregistry.ServiceAgent
Access for Container Registry
Container Registry Service Agent
['pubsub.topics.publish', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list']
Copy Permissions
GA
roles/containeranalysis.occurrences.editor
Can edit Container Analysis Occurrences.
Container Analysis Occurrences Editor
['containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containeranalysis.notes.editor
Can edit Container Analysis Notes.
Container Analysis Notes Editor
['containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.list', 'containeranalysis.notes.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/container.defaultNodeServiceAccount
Least privilege role to use as the default service account for GKE Nodes.
Kubernetes Engine Default Node Service Account
['autoscaling.sites.writeMetrics', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list']
Copy Permissions
GA
roles/containeranalysis.occurrences.viewer
Can view Container Analysis Occurrences.
Container Analysis Occurrences Viewer
['containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/containeranalysis.admin
Access to all Container Analysis resources.
Container Analysis Admin
['containeranalysis.notes.attachOccurrence', 'containeranalysis.notes.create', 'containeranalysis.notes.delete', 'containeranalysis.notes.get', 'containeranalysis.notes.getIamPolicy', 'containeranalysis.notes.list', 'containeranalysis.notes.setIamPolicy', 'containeranalysis.notes.update', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.getIamPolicy', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.setIamPolicy', 'containeranalysis.occurrences.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/container.nodeServiceAgent
Minimal set of permission required by a GKE node to support standard capabilities such as logging and monitoring export, and image pulls.
Kubernetes Engine Node Service Agent
['autoscaling.sites.writeMetrics', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/containeranalysis.ServiceAgent
Gives Container Analysis API the access it needs to function
Container Analysis Service Agent
['artifactregistry.attachments.get', 'artifactregistry.attachments.list', 'artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.files.download', 'artifactregistry.files.get', 'artifactregistry.files.list', 'artifactregistry.locations.get', 'artifactregistry.locations.list', 'artifactregistry.mavenartifacts.get', 'artifactregistry.mavenartifacts.list', 'artifactregistry.npmpackages.get', 'artifactregistry.npmpackages.list', 'artifactregistry.packages.get', 'artifactregistry.packages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.pythonpackages.get', 'artifactregistry.pythonpackages.list', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.readViaVirtualRepository', 'artifactregistry.rules.get', 'artifactregistry.rules.list', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'containeranalysis.notes.list', 'containeranalysis.occurrences.create', 'containeranalysis.occurrences.delete', 'containeranalysis.occurrences.get', 'containeranalysis.occurrences.list', 'containeranalysis.occurrences.update', 'pubsub.schemas.attach', 'pubsub.schemas.commit', 'pubsub.schemas.create', 'pubsub.schemas.delete', 'pubsub.schemas.get', 'pubsub.schemas.list', 'pubsub.schemas.listRevisions', 'pubsub.schemas.rollback', 'pubsub.schemas.validate', 'pubsub.snapshots.create', 'pubsub.snapshots.delete', 'pubsub.snapshots.get', 'pubsub.snapshots.list', 'pubsub.snapshots.seek', 'pubsub.snapshots.update', 'pubsub.subscriptions.consume', 'pubsub.subscriptions.create', 'pubsub.subscriptions.delete', 'pubsub.subscriptions.get', 'pubsub.subscriptions.list', 'pubsub.subscriptions.update', 'pubsub.topics.attachSubscription', 'pubsub.topics.create', 'pubsub.topics.delete', 'pubsub.topics.detachSubscription', 'pubsub.topics.get', 'pubsub.topics.list', 'pubsub.topics.publish', 'pubsub.topics.update', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/container.hostServiceAgentUser
Allows the Kubernetes Engine service account in the host project to configure shared network resources for cluster management. Also gives access to inspect the firewall rules in the host project, and configure Cloud DNS resources.
Kubernetes Engine Host Service Agent User
['compute.firewalls.get', 'container.hostServiceAgent.use', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update']
Copy Permissions
GA
roles/container.serviceAgent
Gives Kubernetes Engine account access to manage cluster resources. Includes access to service accounts.
Kubernetes Engine Service Agent
['autoscaling.sites.readRecommendations', 'autoscaling.sites.writeMetrics', 'autoscaling.sites.writeState', 'backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.useForComputeInstance', 'bigquery.datasets.create', 'bigquery.datasets.get', 'bigquery.tables.create', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'binaryauthorization.policy.evaluatePolicy', 'certificatemanager.certmapentries.create', 'certificatemanager.certmapentries.delete', 'certificatemanager.certmapentries.get', 'certificatemanager.certmapentries.list', 'certificatemanager.certmapentries.update', 'certificatemanager.certmaps.create', 'certificatemanager.certmaps.delete', 'certificatemanager.certmaps.get', 'certificatemanager.certmaps.list', 'certificatemanager.certmaps.update', 'certificatemanager.certmaps.use', 'certificatemanager.certs.create', 'certificatemanager.certs.delete', 'certificatemanager.certs.get', 'certificatemanager.certs.list', 'certificatemanager.certs.update', 'certificatemanager.certs.use', 'certificatemanager.dnsauthorizations.create', 'certificatemanager.dnsauthorizations.delete', 'certificatemanager.dnsauthorizations.get', 'certificatemanager.dnsauthorizations.list', 'certificatemanager.dnsauthorizations.update', 'certificatemanager.dnsauthorizations.use', 'compute.acceleratorTypes.get', 'compute.acceleratorTypes.list', 'compute.addresses.create', 'compute.addresses.createInternal', 'compute.addresses.createTagBinding', 'compute.addresses.delete', 'compute.addresses.deleteInternal', 'compute.addresses.deleteTagBinding', 'compute.addresses.get', 'compute.addresses.list', 'compute.addresses.listEffectiveTags', 'compute.addresses.listTagBindings', 'compute.addresses.setLabels', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.autoscalers.get', 'compute.autoscalers.list', 'compute.autoscalers.update', 'compute.backendBuckets.addSignedUrlKey', 'compute.backendBuckets.create', 'compute.backendBuckets.createTagBinding', 'compute.backendBuckets.delete', 'compute.backendBuckets.deleteSignedUrlKey', 'compute.backendBuckets.deleteTagBinding', 'compute.backendBuckets.get', 'compute.backendBuckets.getIamPolicy', 'compute.backendBuckets.list', 'compute.backendBuckets.listEffectiveTags', 'compute.backendBuckets.listTagBindings', 'compute.backendBuckets.setIamPolicy', 'compute.backendBuckets.setSecurityPolicy', 'compute.backendBuckets.update', 'compute.backendBuckets.use', 'compute.backendServices.addSignedUrlKey', 'compute.backendServices.create', 'compute.backendServices.createTagBinding', 'compute.backendServices.delete', 'compute.backendServices.deleteSignedUrlKey', 'compute.backendServices.deleteTagBinding', 'compute.backendServices.get', 'compute.backendServices.getIamPolicy', 'compute.backendServices.list', 'compute.backendServices.listEffectiveTags', 'compute.backendServices.listTagBindings', 'compute.backendServices.setIamPolicy', 'compute.backendServices.setSecurityPolicy', 'compute.backendServices.update', 'compute.backendServices.use', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.addResourcePolicies', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.createTagBinding', 'compute.disks.delete', 'compute.disks.deleteTagBinding', 'compute.disks.get', 'compute.disks.getIamPolicy', 'compute.disks.list', 'compute.disks.listEffectiveTags', 'compute.disks.listTagBindings', 'compute.disks.removeResourcePolicies', 'compute.disks.resize', 'compute.disks.setIamPolicy', 'compute.disks.setLabels', 'compute.disks.startAsyncReplication', 'compute.disks.stopAsyncReplication', 'compute.disks.stopGroupAsyncReplication', 'compute.disks.update', 'compute.disks.use', 'compute.disks.useReadOnly', 'compute.externalVpnGateways.create', 'compute.externalVpnGateways.createTagBinding', 'compute.externalVpnGateways.delete', 'compute.externalVpnGateways.deleteTagBinding', 'compute.externalVpnGateways.get', 'compute.externalVpnGateways.list', 'compute.externalVpnGateways.listEffectiveTags', 'compute.externalVpnGateways.listTagBindings', 'compute.externalVpnGateways.setLabels', 'compute.externalVpnGateways.use', 'compute.firewallPolicies.cloneRules', 'compute.firewallPolicies.copyRules', 'compute.firewallPolicies.create', 'compute.firewallPolicies.createTagBinding', 'compute.firewallPolicies.delete', 'compute.firewallPolicies.deleteTagBinding', 'compute.firewallPolicies.get', 'compute.firewallPolicies.getIamPolicy', 'compute.firewallPolicies.list', 'compute.firewallPolicies.listEffectiveTags', 'compute.firewallPolicies.listTagBindings', 'compute.firewallPolicies.move', 'compute.firewallPolicies.setIamPolicy', 'compute.firewallPolicies.update', 'compute.firewallPolicies.use', 'compute.firewalls.create', 'compute.firewalls.createTagBinding', 'compute.firewalls.delete', 'compute.firewalls.deleteTagBinding', 'compute.firewalls.get', 'compute.firewalls.list', 'compute.firewalls.listEffectiveTags', 'compute.firewalls.listTagBindings', 'compute.firewalls.update', 'compute.forwardingRules.create', 'compute.forwardingRules.createTagBinding', 'compute.forwardingRules.delete', 'compute.forwardingRules.deleteTagBinding', 'compute.forwardingRules.get', 'compute.forwardingRules.list', 'compute.forwardingRules.listEffectiveTags', 'compute.forwardingRules.listTagBindings', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.forwardingRules.pscSetLabels', 'compute.forwardingRules.pscSetTarget', 'compute.forwardingRules.pscUpdate', 'compute.forwardingRules.setLabels', 'compute.forwardingRules.setTarget', 'compute.forwardingRules.update', 'compute.forwardingRules.use', 'compute.globalAddresses.create', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.createTagBinding', 'compute.globalAddresses.delete', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.deleteTagBinding', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalAddresses.listEffectiveTags', 'compute.globalAddresses.listTagBindings', 'compute.globalAddresses.setLabels', 'compute.globalAddresses.use', 'compute.globalForwardingRules.create', 'compute.globalForwardingRules.createTagBinding', 'compute.globalForwardingRules.delete', 'compute.globalForwardingRules.deleteTagBinding', 'compute.globalForwardingRules.get', 'compute.globalForwardingRules.list', 'compute.globalForwardingRules.listEffectiveTags', 'compute.globalForwardingRules.listTagBindings', 'compute.globalForwardingRules.pscCreate', 'compute.globalForwardingRules.pscDelete', 'compute.globalForwardingRules.pscGet', 'compute.globalForwardingRules.pscSetLabels', 'compute.globalForwardingRules.pscSetTarget', 'compute.globalForwardingRules.pscUpdate', 'compute.globalForwardingRules.setLabels', 'compute.globalForwardingRules.setTarget', 'compute.globalForwardingRules.update', 'compute.globalNetworkEndpointGroups.attachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.create', 'compute.globalNetworkEndpointGroups.createTagBinding', 'compute.globalNetworkEndpointGroups.delete', 'compute.globalNetworkEndpointGroups.deleteTagBinding', 'compute.globalNetworkEndpointGroups.detachNetworkEndpoints', 'compute.globalNetworkEndpointGroups.get', 'compute.globalNetworkEndpointGroups.list', 'compute.globalNetworkEndpointGroups.listEffectiveTags', 'compute.globalNetworkEndpointGroups.listTagBindings', 'compute.globalNetworkEndpointGroups.use', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.globalPublicDelegatedPrefixes.delete', 'compute.globalPublicDelegatedPrefixes.get', 'compute.globalPublicDelegatedPrefixes.list', 'compute.globalPublicDelegatedPrefixes.updatePolicy', 'compute.healthChecks.create', 'compute.healthChecks.createTagBinding', 'compute.healthChecks.delete', 'compute.healthChecks.deleteTagBinding', 'compute.healthChecks.get', 'compute.healthChecks.list', 'compute.healthChecks.listEffectiveTags', 'compute.healthChecks.listTagBindings', 'compute.healthChecks.update', 'compute.healthChecks.use', 'compute.healthChecks.useReadOnly', 'compute.httpHealthChecks.create', 'compute.httpHealthChecks.createTagBinding', 'compute.httpHealthChecks.delete', 'compute.httpHealthChecks.deleteTagBinding', 'compute.httpHealthChecks.get', 'compute.httpHealthChecks.list', 'compute.httpHealthChecks.listEffectiveTags', 'compute.httpHealthChecks.listTagBindings', 'compute.httpHealthChecks.update', 'compute.httpHealthChecks.use', 'compute.httpHealthChecks.useReadOnly', 'compute.httpsHealthChecks.create', 'compute.httpsHealthChecks.createTagBinding', 'compute.httpsHealthChecks.delete', 'compute.httpsHealthChecks.deleteTagBinding', 'compute.httpsHealthChecks.get', 'compute.httpsHealthChecks.list', 'compute.httpsHealthChecks.listEffectiveTags', 'compute.httpsHealthChecks.listTagBindings', 'compute.httpsHealthChecks.update', 'compute.httpsHealthChecks.use', 'compute.httpsHealthChecks.useReadOnly', 'compute.images.create', 'compute.images.createTagBinding', 'compute.images.delete', 'compute.images.deleteTagBinding', 'compute.images.deprecate', 'compute.images.get', 'compute.images.getFromFamily', 'compute.images.getIamPolicy', 'compute.images.list', 'compute.images.listEffectiveTags', 'compute.images.listTagBindings', 'compute.images.setIamPolicy', 'compute.images.setLabels', 'compute.images.update', 'compute.images.useReadOnly', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.createTagBinding', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.deleteTagBinding', 'compute.instanceGroupManagers.get', 'compute.instanceGroupManagers.list', 'compute.instanceGroupManagers.listEffectiveTags', 'compute.instanceGroupManagers.listTagBindings', 'compute.instanceGroupManagers.update', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.create', 'compute.instanceGroups.createTagBinding', 'compute.instanceGroups.delete', 'compute.instanceGroups.deleteTagBinding', 'compute.instanceGroups.get', 'compute.instanceGroups.list', 'compute.instanceGroups.listEffectiveTags', 'compute.instanceGroups.listTagBindings', 'compute.instanceGroups.update', 'compute.instanceGroups.use', 'compute.instanceSettings.get', 'compute.instanceSettings.update', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.getIamPolicy', 'compute.instanceTemplates.list', 'compute.instanceTemplates.setIamPolicy', 'compute.instanceTemplates.useReadOnly', 'compute.instances.addAccessConfig', 'compute.instances.addResourcePolicies', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.deleteAccessConfig', 'compute.instances.deleteTagBinding', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.getEffectiveFirewalls', 'compute.instances.getGuestAttributes', 'compute.instances.getIamPolicy', 'compute.instances.getScreenshot', 'compute.instances.getSerialPortOutput', 'compute.instances.getShieldedInstanceIdentity', 'compute.instances.getShieldedVmIdentity', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.listReferrers', 'compute.instances.listTagBindings', 'compute.instances.osAdminLogin', 'compute.instances.osLogin', 'compute.instances.pscInterfaceCreate', 'compute.instances.removeResourcePolicies', 'compute.instances.reset', 'compute.instances.resume', 'compute.instances.sendDiagnosticInterrupt', 'compute.instances.setDeletionProtection', 'compute.instances.setDiskAutoDelete', 'compute.instances.setIamPolicy', 'compute.instances.setLabels', 'compute.instances.setMachineResources', 'compute.instances.setMachineType', 'compute.instances.setMetadata', 'compute.instances.setMinCpuPlatform', 'compute.instances.setName', 'compute.instances.setScheduling', 'compute.instances.setSecurityPolicy', 'compute.instances.setServiceAccount', 'compute.instances.setShieldedInstanceIntegrityPolicy', 'compute.instances.setShieldedVmIntegrityPolicy', 'compute.instances.setTags', 'compute.instances.simulateMaintenanceEvent', 'compute.instances.start', 'compute.instances.startWithEncryptionKey', 'compute.instances.stop', 'compute.instances.suspend', 'compute.instances.update', 'compute.instances.updateAccessConfig', 'compute.instances.updateDisplayDevice', 'compute.instances.updateNetworkInterface', 'compute.instances.updateSecurity', 'compute.instances.updateShieldedInstanceConfig', 'compute.instances.updateShieldedVmConfig', 'compute.instances.use', 'compute.instances.useReadOnly', 'compute.instantSnapshots.create', 'compute.instantSnapshots.delete', 'compute.instantSnapshots.export', 'compute.instantSnapshots.get', 'compute.instantSnapshots.getIamPolicy', 'compute.instantSnapshots.list', 'compute.instantSnapshots.setIamPolicy', 'compute.instantSnapshots.setLabels', 'compute.instantSnapshots.useReadOnly', 'compute.interconnectAttachments.create', 'compute.interconnectAttachments.createTagBinding', 'compute.interconnectAttachments.delete', 'compute.interconnectAttachments.deleteTagBinding', 'compute.interconnectAttachments.get', 'compute.interconnectAttachments.list', 'compute.interconnectAttachments.listEffectiveTags', 'compute.interconnectAttachments.listTagBindings', 'compute.interconnectAttachments.setLabels', 'compute.interconnectAttachments.update', 'compute.interconnectAttachments.use', 'compute.interconnectLocations.get', 'compute.interconnectLocations.list', 'compute.interconnectRemoteLocations.get', 'compute.interconnectRemoteLocations.list', 'compute.interconnects.create', 'compute.interconnects.createTagBinding', 'compute.interconnects.delete', 'compute.interconnects.deleteTagBinding', 'compute.interconnects.get', 'compute.interconnects.getMacsecConfig', 'compute.interconnects.list', 'compute.interconnects.listEffectiveTags', 'compute.interconnects.listTagBindings', 'compute.interconnects.setLabels', 'compute.interconnects.update', 'compute.interconnects.use', 'compute.licenseCodes.get', 'compute.licenseCodes.getIamPolicy', 'compute.licenseCodes.list', 'compute.licenseCodes.setIamPolicy', 'compute.licenseCodes.update', 'compute.licenses.create', 'compute.licenses.delete', 'compute.licenses.get', 'compute.licenses.getIamPolicy', 'compute.licenses.list', 'compute.licenses.setIamPolicy', 'compute.machineImages.create', 'compute.machineImages.delete', 'compute.machineImages.get', 'compute.machineImages.getIamPolicy', 'compute.machineImages.list', 'compute.machineImages.setIamPolicy', 'compute.machineImages.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networkAttachments.create', 'compute.networkAttachments.createTagBinding', 'compute.networkAttachments.delete', 'compute.networkAttachments.deleteTagBinding', 'compute.networkAttachments.get', 'compute.networkAttachments.getIamPolicy', 'compute.networkAttachments.list', 'compute.networkAttachments.listEffectiveTags', 'compute.networkAttachments.listTagBindings', 'compute.networkAttachments.setIamPolicy', 'compute.networkAttachments.update', 'compute.networkEndpointGroups.attachNetworkEndpoints', 'compute.networkEndpointGroups.create', 'compute.networkEndpointGroups.createTagBinding', 'compute.networkEndpointGroups.delete', 'compute.networkEndpointGroups.deleteTagBinding', 'compute.networkEndpointGroups.detachNetworkEndpoints', 'compute.networkEndpointGroups.get', 'compute.networkEndpointGroups.list', 'compute.networkEndpointGroups.listEffectiveTags', 'compute.networkEndpointGroups.listTagBindings', 'compute.networkEndpointGroups.use', 'compute.networks.access', 'compute.networks.addPeering', 'compute.networks.create', 'compute.networks.createTagBinding', 'compute.networks.delete', 'compute.networks.deleteTagBinding', 'compute.networks.get', 'compute.networks.getEffectiveFirewalls', 'compute.networks.getRegionEffectiveFirewalls', 'compute.networks.list', 'compute.networks.listEffectiveTags', 'compute.networks.listPeeringRoutes', 'compute.networks.listTagBindings', 'compute.networks.mirror', 'compute.networks.removePeering', 'compute.networks.setFirewallPolicy', 'compute.networks.switchToCustomMode', 'compute.networks.update', 'compute.networks.updatePeering', 'compute.networks.updatePolicy', 'compute.networks.use', 'compute.networks.useExternalIp', 'compute.nodeGroups.get', 'compute.packetMirrorings.create', 'compute.packetMirrorings.createTagBinding', 'compute.packetMirrorings.delete', 'compute.packetMirrorings.deleteTagBinding', 'compute.packetMirrorings.get', 'compute.packetMirrorings.list', 'compute.packetMirrorings.listEffectiveTags', 'compute.packetMirrorings.listTagBindings', 'compute.packetMirrorings.update', 'compute.projects.get', 'compute.projects.setCommonInstanceMetadata', 'compute.publicDelegatedPrefixes.delete', 'compute.publicDelegatedPrefixes.get', 'compute.publicDelegatedPrefixes.list', 'compute.publicDelegatedPrefixes.listEffectiveTags', 'compute.publicDelegatedPrefixes.listTagBindings', 'compute.publicDelegatedPrefixes.update', 'compute.publicDelegatedPrefixes.updatePolicy', 'compute.regionBackendServices.create', 'compute.regionBackendServices.createTagBinding', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.deleteTagBinding', 'compute.regionBackendServices.get', 'compute.regionBackendServices.getIamPolicy', 'compute.regionBackendServices.list', 'compute.regionBackendServices.listEffectiveTags', 'compute.regionBackendServices.listTagBindings', 'compute.regionBackendServices.setIamPolicy', 'compute.regionBackendServices.setSecurityPolicy', 'compute.regionBackendServices.update', 'compute.regionBackendServices.use', 'compute.regionFirewallPolicies.cloneRules', 'compute.regionFirewallPolicies.create', 'compute.regionFirewallPolicies.createTagBinding', 'compute.regionFirewallPolicies.delete', 'compute.regionFirewallPolicies.deleteTagBinding', 'compute.regionFirewallPolicies.get', 'compute.regionFirewallPolicies.getIamPolicy', 'compute.regionFirewallPolicies.list', 'compute.regionFirewallPolicies.listEffectiveTags', 'compute.regionFirewallPolicies.listTagBindings', 'compute.regionFirewallPolicies.setIamPolicy', 'compute.regionFirewallPolicies.update', 'compute.regionFirewallPolicies.use', 'compute.regionHealthCheckServices.create', 'compute.regionHealthCheckServices.delete', 'compute.regionHealthCheckServices.get', 'compute.regionHealthCheckServices.list', 'compute.regionHealthCheckServices.update', 'compute.regionHealthCheckServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.createTagBinding', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.deleteTagBinding', 'compute.regionHealthChecks.get', 'compute.regionHealthChecks.list', 'compute.regionHealthChecks.listEffectiveTags', 'compute.regionHealthChecks.listTagBindings', 'compute.regionHealthChecks.update', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.regionNetworkEndpointGroups.attachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.create', 'compute.regionNetworkEndpointGroups.createTagBinding', 'compute.regionNetworkEndpointGroups.delete', 'compute.regionNetworkEndpointGroups.deleteTagBinding', 'compute.regionNetworkEndpointGroups.detachNetworkEndpoints', 'compute.regionNetworkEndpointGroups.get', 'compute.regionNetworkEndpointGroups.list', 'compute.regionNetworkEndpointGroups.listEffectiveTags', 'compute.regionNetworkEndpointGroups.listTagBindings', 'compute.regionNetworkEndpointGroups.use', 'compute.regionNotificationEndpoints.create', 'compute.regionNotificationEndpoints.delete', 'compute.regionNotificationEndpoints.get', 'compute.regionNotificationEndpoints.list', 'compute.regionNotificationEndpoints.update', 'compute.regionNotificationEndpoints.use', 'compute.regionOperations.get', 'compute.regionOperations.list', 'compute.regionSecurityPolicies.create', 'compute.regionSecurityPolicies.createTagBinding', 'compute.regionSecurityPolicies.delete', 'compute.regionSecurityPolicies.deleteTagBinding', 'compute.regionSecurityPolicies.get', 'compute.regionSecurityPolicies.list', 'compute.regionSecurityPolicies.listEffectiveTags', 'compute.regionSecurityPolicies.listTagBindings', 'compute.regionSecurityPolicies.update', 'compute.regionSecurityPolicies.use', 'compute.regionSslCertificates.create', 'compute.regionSslCertificates.createTagBinding', 'compute.regionSslCertificates.delete', 'compute.regionSslCertificates.deleteTagBinding', 'compute.regionSslCertificates.get', 'compute.regionSslCertificates.list', 'compute.regionSslCertificates.listEffectiveTags', 'compute.regionSslCertificates.listTagBindings', 'compute.regionSslPolicies.create', 'compute.regionSslPolicies.createTagBinding', 'compute.regionSslPolicies.delete', 'compute.regionSslPolicies.deleteTagBinding', 'compute.regionSslPolicies.get', 'compute.regionSslPolicies.list', 'compute.regionSslPolicies.listAvailableFeatures', 'compute.regionSslPolicies.listEffectiveTags', 'compute.regionSslPolicies.listTagBindings', 'compute.regionSslPolicies.update', 'compute.regionSslPolicies.use', 'compute.regionTargetHttpProxies.create', 'compute.regionTargetHttpProxies.createTagBinding', 'compute.regionTargetHttpProxies.delete', 'compute.regionTargetHttpProxies.deleteTagBinding', 'compute.regionTargetHttpProxies.get', 'compute.regionTargetHttpProxies.list', 'compute.regionTargetHttpProxies.listEffectiveTags', 'compute.regionTargetHttpProxies.listTagBindings', 'compute.regionTargetHttpProxies.setUrlMap', 'compute.regionTargetHttpProxies.use', 'compute.regionTargetHttpsProxies.create', 'compute.regionTargetHttpsProxies.createTagBinding', 'compute.regionTargetHttpsProxies.delete', 'compute.regionTargetHttpsProxies.deleteTagBinding', 'compute.regionTargetHttpsProxies.get', 'compute.regionTargetHttpsProxies.list', 'compute.regionTargetHttpsProxies.listEffectiveTags', 'compute.regionTargetHttpsProxies.listTagBindings', 'compute.regionTargetHttpsProxies.setSslCertificates', 'compute.regionTargetHttpsProxies.setUrlMap', 'compute.regionTargetHttpsProxies.update', 'compute.regionTargetHttpsProxies.use', 'compute.regionTargetTcpProxies.create', 'compute.regionTargetTcpProxies.createTagBinding', 'compute.regionTargetTcpProxies.delete', 'compute.regionTargetTcpProxies.deleteTagBinding', 'compute.regionTargetTcpProxies.get', 'compute.regionTargetTcpProxies.list', 'compute.regionTargetTcpProxies.listEffectiveTags', 'compute.regionTargetTcpProxies.listTagBindings', 'compute.regionTargetTcpProxies.use', 'compute.regionUrlMaps.create', 'compute.regionUrlMaps.createTagBinding', 'compute.regionUrlMaps.delete', 'compute.regionUrlMaps.deleteTagBinding', 'compute.regionUrlMaps.get', 'compute.regionUrlMaps.invalidateCache', 'compute.regionUrlMaps.list', 'compute.regionUrlMaps.listEffectiveTags', 'compute.regionUrlMaps.listTagBindings', 'compute.regionUrlMaps.update', 'compute.regionUrlMaps.use', 'compute.regionUrlMaps.validate', 'compute.regions.get', 'compute.regions.list', 'compute.reservations.get', 'compute.reservations.list', 'compute.resourcePolicies.create', 'compute.resourcePolicies.delete', 'compute.resourcePolicies.get', 'compute.resourcePolicies.getIamPolicy', 'compute.resourcePolicies.list', 'compute.resourcePolicies.setIamPolicy', 'compute.resourcePolicies.update', 'compute.resourcePolicies.use', 'compute.resourcePolicies.useReadOnly', 'compute.routers.create', 'compute.routers.createTagBinding', 'compute.routers.delete', 'compute.routers.deleteRoutePolicy', 'compute.routers.deleteTagBinding', 'compute.routers.get', 'compute.routers.getRoutePolicy', 'compute.routers.list', 'compute.routers.listBgpRoutes', 'compute.routers.listEffectiveTags', 'compute.routers.listRoutePolicies', 'compute.routers.listTagBindings', 'compute.routers.update', 'compute.routers.updateRoutePolicy', 'compute.routers.use', 'compute.routes.create', 'compute.routes.createTagBinding', 'compute.routes.delete', 'compute.routes.deleteTagBinding', 'compute.routes.get', 'compute.routes.list', 'compute.routes.listEffectiveTags', 'compute.routes.listTagBindings', 'compute.securityPolicies.addAssociation', 'compute.securityPolicies.copyRules', 'compute.securityPolicies.create', 'compute.securityPolicies.createTagBinding', 'compute.securityPolicies.delete', 'compute.securityPolicies.deleteTagBinding', 'compute.securityPolicies.get', 'compute.securityPolicies.list', 'compute.securityPolicies.listEffectiveTags', 'compute.securityPolicies.listTagBindings', 'compute.securityPolicies.move', 'compute.securityPolicies.removeAssociation', 'compute.securityPolicies.setLabels', 'compute.securityPolicies.update', 'compute.securityPolicies.use', 'compute.serviceAttachments.create', 'compute.serviceAttachments.createTagBinding', 'compute.serviceAttachments.delete', 'compute.serviceAttachments.deleteTagBinding', 'compute.serviceAttachments.get', 'compute.serviceAttachments.getIamPolicy', 'compute.serviceAttachments.list', 'compute.serviceAttachments.listEffectiveTags', 'compute.serviceAttachments.listTagBindings', 'compute.serviceAttachments.setIamPolicy', 'compute.serviceAttachments.update', 'compute.serviceAttachments.use', 'compute.snapshots.create', 'compute.snapshots.createTagBinding', 'compute.snapshots.delete', 'compute.snapshots.deleteTagBinding', 'compute.snapshots.get', 'compute.snapshots.getIamPolicy', 'compute.snapshots.list', 'compute.snapshots.listEffectiveTags', 'compute.snapshots.listTagBindings', 'compute.snapshots.setIamPolicy', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.sslCertificates.create', 'compute.sslCertificates.createTagBinding', 'compute.sslCertificates.delete', 'compute.sslCertificates.deleteTagBinding', 'compute.sslCertificates.get', 'compute.sslCertificates.list', 'compute.sslCertificates.listEffectiveTags', 'compute.sslCertificates.listTagBindings', 'compute.sslPolicies.create', 'compute.sslPolicies.createTagBinding', 'compute.sslPolicies.delete', 'compute.sslPolicies.deleteTagBinding', 'compute.sslPolicies.get', 'compute.sslPolicies.list', 'compute.sslPolicies.listAvailableFeatures', 'compute.sslPolicies.listEffectiveTags', 'compute.sslPolicies.listTagBindings', 'compute.sslPolicies.update', 'compute.sslPolicies.use', 'compute.storagePools.create', 'compute.storagePools.delete', 'compute.storagePools.get', 'compute.storagePools.getIamPolicy', 'compute.storagePools.list', 'compute.storagePools.setIamPolicy', 'compute.storagePools.update', 'compute.storagePools.use', 'compute.subnetworks.create', 'compute.subnetworks.createTagBinding', 'compute.subnetworks.delete', 'compute.subnetworks.deleteTagBinding', 'compute.subnetworks.expandIpCidrRange', 'compute.subnetworks.get', 'compute.subnetworks.getIamPolicy', 'compute.subnetworks.list', 'compute.subnetworks.listEffectiveTags', 'compute.subnetworks.listTagBindings', 'compute.subnetworks.mirror', 'compute.subnetworks.setIamPolicy', 'compute.subnetworks.setPrivateIpGoogleAccess', 'compute.subnetworks.update', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.targetGrpcProxies.create', 'compute.targetGrpcProxies.createTagBinding', 'compute.targetGrpcProxies.delete', 'compute.targetGrpcProxies.deleteTagBinding', 'compute.targetGrpcProxies.get', 'compute.targetGrpcProxies.list', 'compute.targetGrpcProxies.listEffectiveTags', 'compute.targetGrpcProxies.listTagBindings', 'compute.targetGrpcProxies.update', 'compute.targetGrpcProxies.use', 'compute.targetHttpProxies.create', 'compute.targetHttpProxies.createTagBinding', 'compute.targetHttpProxies.delete', 'compute.targetHttpProxies.deleteTagBinding', 'compute.targetHttpProxies.get', 'compute.targetHttpProxies.list', 'compute.targetHttpProxies.listEffectiveTags', 'compute.targetHttpProxies.listTagBindings', 'compute.targetHttpProxies.setUrlMap', 'compute.targetHttpProxies.update', 'compute.targetHttpProxies.use', 'compute.targetHttpsProxies.create', 'compute.targetHttpsProxies.createTagBinding', 'compute.targetHttpsProxies.delete', 'compute.targetHttpsProxies.deleteTagBinding', 'compute.targetHttpsProxies.get', 'compute.targetHttpsProxies.list', 'compute.targetHttpsProxies.listEffectiveTags', 'compute.targetHttpsProxies.listTagBindings', 'compute.targetHttpsProxies.setCertificateMap', 'compute.targetHttpsProxies.setQuicOverride', 'compute.targetHttpsProxies.setSslCertificates', 'compute.targetHttpsProxies.setSslPolicy', 'compute.targetHttpsProxies.setUrlMap', 'compute.targetHttpsProxies.update', 'compute.targetHttpsProxies.use', 'compute.targetInstances.create', 'compute.targetInstances.createTagBinding', 'compute.targetInstances.delete', 'compute.targetInstances.deleteTagBinding', 'compute.targetInstances.get', 'compute.targetInstances.list', 'compute.targetInstances.listEffectiveTags', 'compute.targetInstances.listTagBindings', 'compute.targetInstances.setSecurityPolicy', 'compute.targetInstances.use', 'compute.targetPools.addHealthCheck', 'compute.targetPools.addInstance', 'compute.targetPools.create', 'compute.targetPools.createTagBinding', 'compute.targetPools.delete', 'compute.targetPools.deleteTagBinding', 'compute.targetPools.get', 'compute.targetPools.list', 'compute.targetPools.listEffectiveTags', 'compute.targetPools.listTagBindings', 'compute.targetPools.removeHealthCheck', 'compute.targetPools.removeInstance', 'compute.targetPools.setSecurityPolicy', 'compute.targetPools.update', 'compute.targetPools.use', 'compute.targetSslProxies.create', 'compute.targetSslProxies.createTagBinding', 'compute.targetSslProxies.delete', 'compute.targetSslProxies.deleteTagBinding', 'compute.targetSslProxies.get', 'compute.targetSslProxies.list', 'compute.targetSslProxies.listEffectiveTags', 'compute.targetSslProxies.listTagBindings', 'compute.targetSslProxies.setBackendService', 'compute.targetSslProxies.setCertificateMap', 'compute.targetSslProxies.setProxyHeader', 'compute.targetSslProxies.setSslCertificates', 'compute.targetSslProxies.setSslPolicy', 'compute.targetSslProxies.update', 'compute.targetSslProxies.use', 'compute.targetTcpProxies.create', 'compute.targetTcpProxies.createTagBinding', 'compute.targetTcpProxies.delete', 'compute.targetTcpProxies.deleteTagBinding', 'compute.targetTcpProxies.get', 'compute.targetTcpProxies.list', 'compute.targetTcpProxies.listEffectiveTags', 'compute.targetTcpProxies.listTagBindings', 'compute.targetTcpProxies.update', 'compute.targetTcpProxies.use', 'compute.targetVpnGateways.create', 'compute.targetVpnGateways.createTagBinding', 'compute.targetVpnGateways.delete', 'compute.targetVpnGateways.deleteTagBinding', 'compute.targetVpnGateways.get', 'compute.targetVpnGateways.list', 'compute.targetVpnGateways.listEffectiveTags', 'compute.targetVpnGateways.listTagBindings', 'compute.targetVpnGateways.setLabels', 'compute.targetVpnGateways.use', 'compute.urlMaps.create', 'compute.urlMaps.createTagBinding', 'compute.urlMaps.delete', 'compute.urlMaps.deleteTagBinding', 'compute.urlMaps.get', 'compute.urlMaps.invalidateCache', 'compute.urlMaps.list', 'compute.urlMaps.listEffectiveTags', 'compute.urlMaps.listTagBindings', 'compute.urlMaps.update', 'compute.urlMaps.use', 'compute.urlMaps.validate', 'compute.vpnGateways.create', 'compute.vpnGateways.createTagBinding', 'compute.vpnGateways.delete', 'compute.vpnGateways.deleteTagBinding', 'compute.vpnGateways.get', 'compute.vpnGateways.list', 'compute.vpnGateways.listEffectiveTags', 'compute.vpnGateways.listTagBindings', 'compute.vpnGateways.setLabels', 'compute.vpnGateways.use', 'compute.vpnTunnels.create', 'compute.vpnTunnels.createTagBinding', 'compute.vpnTunnels.delete', 'compute.vpnTunnels.deleteTagBinding', 'compute.vpnTunnels.get', 'compute.vpnTunnels.list', 'compute.vpnTunnels.listEffectiveTags', 'compute.vpnTunnels.listTagBindings', 'compute.vpnTunnels.setLabels', 'compute.zoneOperations.get', 'compute.zoneOperations.list', 'compute.zones.get', 'compute.zones.list', 'container.apiServices.create', 'container.apiServices.delete', 'container.apiServices.get', 'container.apiServices.getStatus', 'container.apiServices.list', 'container.apiServices.update', 'container.apiServices.updateStatus', 'container.auditSinks.create', 'container.auditSinks.delete', 'container.auditSinks.get', 'container.auditSinks.list', 'container.auditSinks.update', 'container.backendConfigs.create', 'container.backendConfigs.delete', 'container.backendConfigs.get', 'container.backendConfigs.list', 'container.backendConfigs.update', 'container.bindings.create', 'container.bindings.delete', 'container.bindings.get', 'container.bindings.list', 'container.bindings.update', 'container.certificateSigningRequests.approve', 'container.certificateSigningRequests.create', 'container.certificateSigningRequests.delete', 'container.certificateSigningRequests.get', 'container.certificateSigningRequests.getStatus', 'container.certificateSigningRequests.list', 'container.certificateSigningRequests.update', 'container.certificateSigningRequests.updateStatus', 'container.clusterRoleBindings.create', 'container.clusterRoleBindings.delete', 'container.clusterRoleBindings.get', 'container.clusterRoleBindings.list', 'container.clusterRoleBindings.update', 'container.clusterRoles.bind', 'container.clusterRoles.create', 'container.clusterRoles.delete', 'container.clusterRoles.escalate', 'container.clusterRoles.get', 'container.clusterRoles.list', 'container.clusterRoles.update', 'container.clusters.connect', 'container.clusters.create', 'container.clusters.createTagBinding', 'container.clusters.delete', 'container.clusters.deleteTagBinding', 'container.clusters.get', 'container.clusters.getCredentials', 'container.clusters.impersonate', 'container.clusters.list', 'container.clusters.listEffectiveTags', 'container.clusters.listTagBindings', 'container.clusters.update', 'container.componentStatuses.get', 'container.componentStatuses.list', 'container.configMaps.create', 'container.configMaps.delete', 'container.configMaps.get', 'container.configMaps.list', 'container.configMaps.update', 'container.controllerRevisions.create', 'container.controllerRevisions.delete', 'container.controllerRevisions.get', 'container.controllerRevisions.list', 'container.controllerRevisions.update', 'container.cronJobs.create', 'container.cronJobs.delete', 'container.cronJobs.get', 'container.cronJobs.getStatus', 'container.cronJobs.list', 'container.cronJobs.update', 'container.cronJobs.updateStatus', 'container.csiDrivers.create', 'container.csiDrivers.delete', 'container.csiDrivers.get', 'container.csiDrivers.list', 'container.csiDrivers.update', 'container.csiNodeInfos.create', 'container.csiNodeInfos.delete', 'container.csiNodeInfos.get', 'container.csiNodeInfos.list', 'container.csiNodeInfos.update', 'container.csiNodes.create', 'container.csiNodes.delete', 'container.csiNodes.get', 'container.csiNodes.list', 'container.csiNodes.update', 'container.customResourceDefinitions.create', 'container.customResourceDefinitions.delete', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.getStatus', 'container.customResourceDefinitions.list', 'container.customResourceDefinitions.update', 'container.customResourceDefinitions.updateStatus', 'container.daemonSets.create', 'container.daemonSets.delete', 'container.daemonSets.get', 'container.daemonSets.getStatus', 'container.daemonSets.list', 'container.daemonSets.update', 'container.daemonSets.updateStatus', 'container.deployments.create', 'container.deployments.delete', 'container.deployments.get', 'container.deployments.getScale', 'container.deployments.getStatus', 'container.deployments.list', 'container.deployments.rollback', 'container.deployments.update', 'container.deployments.updateScale', 'container.deployments.updateStatus', 'container.endpointSlices.create', 'container.endpointSlices.delete', 'container.endpointSlices.get', 'container.endpointSlices.list', 'container.endpointSlices.update', 'container.endpoints.create', 'container.endpoints.delete', 'container.endpoints.get', 'container.endpoints.list', 'container.endpoints.update', 'container.events.create', 'container.events.delete', 'container.events.get', 'container.events.list', 'container.events.update', 'container.frontendConfigs.create', 'container.frontendConfigs.delete', 'container.frontendConfigs.get', 'container.frontendConfigs.list', 'container.frontendConfigs.update', 'container.horizontalPodAutoscalers.create', 'container.horizontalPodAutoscalers.delete', 'container.horizontalPodAutoscalers.get', 'container.horizontalPodAutoscalers.getStatus', 'container.horizontalPodAutoscalers.list', 'container.horizontalPodAutoscalers.update', 'container.horizontalPodAutoscalers.updateStatus', 'container.hostServiceAgent.use', 'container.ingresses.create', 'container.ingresses.delete', 'container.ingresses.get', 'container.ingresses.getStatus', 'container.ingresses.list', 'container.ingresses.update', 'container.ingresses.updateStatus', 'container.initializerConfigurations.create', 'container.initializerConfigurations.delete', 'container.initializerConfigurations.get', 'container.initializerConfigurations.list', 'container.initializerConfigurations.update', 'container.jobs.create', 'container.jobs.delete', 'container.jobs.get', 'container.jobs.getStatus', 'container.jobs.list', 'container.jobs.update', 'container.jobs.updateStatus', 'container.leases.create', 'container.leases.delete', 'container.leases.get', 'container.leases.list', 'container.leases.update', 'container.limitRanges.create', 'container.limitRanges.delete', 'container.limitRanges.get', 'container.limitRanges.list', 'container.limitRanges.update', 'container.localSubjectAccessReviews.create', 'container.localSubjectAccessReviews.list', 'container.managedCertificates.create', 'container.managedCertificates.delete', 'container.managedCertificates.get', 'container.managedCertificates.list', 'container.managedCertificates.update', 'container.mutatingWebhookConfigurations.create', 'container.mutatingWebhookConfigurations.delete', 'container.mutatingWebhookConfigurations.get', 'container.mutatingWebhookConfigurations.list', 'container.mutatingWebhookConfigurations.update', 'container.namespaces.create', 'container.namespaces.delete', 'container.namespaces.finalize', 'container.namespaces.get', 'container.namespaces.getStatus', 'container.namespaces.list', 'container.namespaces.update', 'container.namespaces.updateStatus', 'container.networkPolicies.create', 'container.networkPolicies.delete', 'container.networkPolicies.get', 'container.networkPolicies.list', 'container.networkPolicies.update', 'container.nodes.create', 'container.nodes.delete', 'container.nodes.get', 'container.nodes.getStatus', 'container.nodes.list', 'container.nodes.proxy', 'container.nodes.update', 'container.nodes.updateStatus', 'container.operations.get', 'container.operations.list', 'container.persistentVolumeClaims.create', 'container.persistentVolumeClaims.delete', 'container.persistentVolumeClaims.get', 'container.persistentVolumeClaims.getStatus', 'container.persistentVolumeClaims.list', 'container.persistentVolumeClaims.update', 'container.persistentVolumeClaims.updateStatus', 'container.persistentVolumes.create', 'container.persistentVolumes.delete', 'container.persistentVolumes.get', 'container.persistentVolumes.getStatus', 'container.persistentVolumes.list', 'container.persistentVolumes.update', 'container.persistentVolumes.updateStatus', 'container.petSets.create', 'container.petSets.delete', 'container.petSets.get', 'container.petSets.list', 'container.petSets.update', 'container.petSets.updateStatus', 'container.podDisruptionBudgets.create', 'container.podDisruptionBudgets.delete', 'container.podDisruptionBudgets.get', 'container.podDisruptionBudgets.getStatus', 'container.podDisruptionBudgets.list', 'container.podDisruptionBudgets.update', 'container.podDisruptionBudgets.updateStatus', 'container.podPresets.create', 'container.podPresets.delete', 'container.podPresets.get', 'container.podPresets.list', 'container.podPresets.update', 'container.podSecurityPolicies.create', 'container.podSecurityPolicies.delete', 'container.podSecurityPolicies.get', 'container.podSecurityPolicies.list', 'container.podSecurityPolicies.update', 'container.podSecurityPolicies.use', 'container.podTemplates.create', 'container.podTemplates.delete', 'container.podTemplates.get', 'container.podTemplates.list', 'container.podTemplates.update', 'container.pods.attach', 'container.pods.create', 'container.pods.delete', 'container.pods.evict', 'container.pods.exec', 'container.pods.get', 'container.pods.getLogs', 'container.pods.getStatus', 'container.pods.initialize', 'container.pods.list', 'container.pods.portForward', 'container.pods.proxy', 'container.pods.update', 'container.pods.updateStatus', 'container.priorityClasses.create', 'container.priorityClasses.delete', 'container.priorityClasses.get', 'container.priorityClasses.list', 'container.priorityClasses.update', 'container.replicaSets.create', 'container.replicaSets.delete', 'container.replicaSets.get', 'container.replicaSets.getScale', 'container.replicaSets.getStatus', 'container.replicaSets.list', 'container.replicaSets.update', 'container.replicaSets.updateScale', 'container.replicaSets.updateStatus', 'container.replicationControllers.create', 'container.replicationControllers.delete', 'container.replicationControllers.get', 'container.replicationControllers.getScale', 'container.replicationControllers.getStatus', 'container.replicationControllers.list', 'container.replicationControllers.update', 'container.replicationControllers.updateScale', 'container.replicationControllers.updateStatus', 'container.resourceQuotas.create', 'container.resourceQuotas.delete', 'container.resourceQuotas.get', 'container.resourceQuotas.getStatus', 'container.resourceQuotas.list', 'container.resourceQuotas.update', 'container.resourceQuotas.updateStatus', 'container.roleBindings.create', 'container.roleBindings.delete', 'container.roleBindings.get', 'container.roleBindings.list', 'container.roleBindings.update', 'container.roles.bind', 'container.roles.create', 'container.roles.delete', 'container.roles.escalate', 'container.roles.get', 'container.roles.list', 'container.roles.update', 'container.runtimeClasses.create', 'container.runtimeClasses.delete', 'container.runtimeClasses.get', 'container.runtimeClasses.list', 'container.runtimeClasses.update', 'container.scheduledJobs.create', 'container.scheduledJobs.delete', 'container.scheduledJobs.get', 'container.scheduledJobs.list', 'container.scheduledJobs.update', 'container.scheduledJobs.updateStatus', 'container.secrets.create', 'container.secrets.delete', 'container.secrets.get', 'container.secrets.list', 'container.secrets.update', 'container.selfSubjectAccessReviews.create', 'container.selfSubjectAccessReviews.list', 'container.selfSubjectRulesReviews.create', 'container.serviceAccounts.create', 'container.serviceAccounts.createToken', 'container.serviceAccounts.delete', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.serviceAccounts.update', 'container.services.create', 'container.services.delete', 'container.services.get', 'container.services.getStatus', 'container.services.list', 'container.services.proxy', 'container.services.update', 'container.services.updateStatus', 'container.statefulSets.create', 'container.statefulSets.delete', 'container.statefulSets.get', 'container.statefulSets.getScale', 'container.statefulSets.getStatus', 'container.statefulSets.list', 'container.statefulSets.update', 'container.statefulSets.updateScale', 'container.statefulSets.updateStatus', 'container.storageClasses.create', 'container.storageClasses.delete', 'container.storageClasses.get', 'container.storageClasses.list', 'container.storageClasses.update', 'container.storageStates.create', 'container.storageStates.delete', 'container.storageStates.get', 'container.storageStates.getStatus', 'container.storageStates.list', 'container.storageStates.update', 'container.storageStates.updateStatus', 'container.storageVersionMigrations.create', 'container.storageVersionMigrations.delete', 'container.storageVersionMigrations.get', 'container.storageVersionMigrations.getStatus', 'container.storageVersionMigrations.list', 'container.storageVersionMigrations.update', 'container.storageVersionMigrations.updateStatus', 'container.subjectAccessReviews.create', 'container.subjectAccessReviews.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'container.thirdPartyResources.create', 'container.thirdPartyResources.delete', 'container.thirdPartyResources.get', 'container.thirdPartyResources.list', 'container.thirdPartyResources.update', 'container.tokenReviews.create', 'container.updateInfos.create', 'container.updateInfos.delete', 'container.updateInfos.get', 'container.updateInfos.list', 'container.updateInfos.update', 'container.validatingWebhookConfigurations.create', 'container.validatingWebhookConfigurations.delete', 'container.validatingWebhookConfigurations.get', 'container.validatingWebhookConfigurations.list', 'container.validatingWebhookConfigurations.update', 'container.volumeAttachments.create', 'container.volumeAttachments.delete', 'container.volumeAttachments.get', 'container.volumeAttachments.getStatus', 'container.volumeAttachments.list', 'container.volumeAttachments.update', 'container.volumeAttachments.updateStatus', 'container.volumeSnapshotClasses.create', 'container.volumeSnapshotClasses.delete', 'container.volumeSnapshotClasses.get', 'container.volumeSnapshotClasses.list', 'container.volumeSnapshotClasses.update', 'container.volumeSnapshotContents.create', 'container.volumeSnapshotContents.delete', 'container.volumeSnapshotContents.get', 'container.volumeSnapshotContents.getStatus', 'container.volumeSnapshotContents.list', 'container.volumeSnapshotContents.update', 'container.volumeSnapshotContents.updateStatus', 'container.volumeSnapshots.create', 'container.volumeSnapshots.delete', 'container.volumeSnapshots.get', 'container.volumeSnapshots.getStatus', 'container.volumeSnapshots.list', 'container.volumeSnapshots.update', 'container.volumeSnapshots.updateStatus', 'dns.changes.create', 'dns.changes.get', 'dns.changes.list', 'dns.dnsKeys.get', 'dns.dnsKeys.list', 'dns.gkeClusters.bindDNSResponsePolicy', 'dns.gkeClusters.bindPrivateDNSZone', 'dns.managedZoneOperations.get', 'dns.managedZoneOperations.list', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.getIamPolicy', 'dns.managedZones.list', 'dns.managedZones.update', 'dns.networks.bindDNSResponsePolicy', 'dns.networks.bindPrivateDNSPolicy', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.networks.useHealthSignals', 'dns.policies.create', 'dns.policies.delete', 'dns.policies.get', 'dns.policies.getIamPolicy', 'dns.policies.list', 'dns.policies.update', 'dns.projects.get', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'dns.responsePolicies.create', 'dns.responsePolicies.delete', 'dns.responsePolicies.get', 'dns.responsePolicies.list', 'dns.responsePolicies.update', 'dns.responsePolicyRules.create', 'dns.responsePolicyRules.delete', 'dns.responsePolicyRules.get', 'dns.responsePolicyRules.list', 'dns.responsePolicyRules.update', 'file.backups.create', 'file.backups.createTagBinding', 'file.backups.delete', 'file.backups.deleteTagBinding', 'file.backups.get', 'file.backups.list', 'file.backups.listEffectiveTags', 'file.backups.listTagBindings', 'file.backups.update', 'file.instances.create', 'file.instances.createTagBinding', 'file.instances.delete', 'file.instances.deleteTagBinding', 'file.instances.get', 'file.instances.list', 'file.instances.listEffectiveTags', 'file.instances.listTagBindings', 'file.instances.restore', 'file.instances.revert', 'file.instances.update', 'file.locations.get', 'file.locations.list', 'file.operations.cancel', 'file.operations.delete', 'file.operations.get', 'file.operations.list', 'file.snapshots.create', 'file.snapshots.createTagBinding', 'file.snapshots.delete', 'file.snapshots.deleteTagBinding', 'file.snapshots.get', 'file.snapshots.list', 'file.snapshots.listEffectiveTags', 'file.snapshots.listTagBindings', 'file.snapshots.update', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'logging.logEntries.create', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'networkconnectivity.internalRanges.create', 'networkconnectivity.internalRanges.delete', 'networkconnectivity.internalRanges.get', 'networkconnectivity.internalRanges.getIamPolicy', 'networkconnectivity.internalRanges.list', 'networkconnectivity.internalRanges.setIamPolicy', 'networkconnectivity.internalRanges.update', 'networkconnectivity.locations.get', 'networkconnectivity.locations.list', 'networkconnectivity.operations.cancel', 'networkconnectivity.operations.delete', 'networkconnectivity.operations.get', 'networkconnectivity.operations.list', 'networkconnectivity.policyBasedRoutes.create', 'networkconnectivity.policyBasedRoutes.delete', 'networkconnectivity.policyBasedRoutes.get', 'networkconnectivity.policyBasedRoutes.getIamPolicy', 'networkconnectivity.policyBasedRoutes.list', 'networkconnectivity.policyBasedRoutes.setIamPolicy', 'networkconnectivity.regionalEndpoints.create', 'networkconnectivity.regionalEndpoints.delete', 'networkconnectivity.regionalEndpoints.get', 'networkconnectivity.regionalEndpoints.list', 'networkconnectivity.serviceClasses.create', 'networkconnectivity.serviceClasses.delete', 'networkconnectivity.serviceClasses.get', 'networkconnectivity.serviceClasses.list', 'networkconnectivity.serviceClasses.update', 'networkconnectivity.serviceClasses.use', 'networkconnectivity.serviceConnectionMaps.create', 'networkconnectivity.serviceConnectionMaps.delete', 'networkconnectivity.serviceConnectionMaps.get', 'networkconnectivity.serviceConnectionMaps.list', 'networkconnectivity.serviceConnectionMaps.update', 'networkconnectivity.serviceConnectionPolicies.create', 'networkconnectivity.serviceConnectionPolicies.delete', 'networkconnectivity.serviceConnectionPolicies.get', 'networkconnectivity.serviceConnectionPolicies.list', 'networkconnectivity.serviceConnectionPolicies.update', 'networkmanagement.connectivitytests.get', 'networkmanagement.connectivitytests.list', 'networksecurity.addressGroups.create', 'networksecurity.addressGroups.delete', 'networksecurity.addressGroups.get', 'networksecurity.addressGroups.getIamPolicy', 'networksecurity.addressGroups.list', 'networksecurity.addressGroups.setIamPolicy', 'networksecurity.addressGroups.update', 'networksecurity.addressGroups.use', 'networksecurity.authorizationPolicies.create', 'networksecurity.authorizationPolicies.delete', 'networksecurity.authorizationPolicies.get', 'networksecurity.authorizationPolicies.getIamPolicy', 'networksecurity.authorizationPolicies.list', 'networksecurity.authorizationPolicies.setIamPolicy', 'networksecurity.authorizationPolicies.update', 'networksecurity.authorizationPolicies.use', 'networksecurity.authzPolicies.create', 'networksecurity.authzPolicies.delete', 'networksecurity.authzPolicies.get', 'networksecurity.authzPolicies.getIamPolicy', 'networksecurity.authzPolicies.list', 'networksecurity.authzPolicies.setIamPolicy', 'networksecurity.authzPolicies.update', 'networksecurity.clientTlsPolicies.create', 'networksecurity.clientTlsPolicies.delete', 'networksecurity.clientTlsPolicies.get', 'networksecurity.clientTlsPolicies.getIamPolicy', 'networksecurity.clientTlsPolicies.list', 'networksecurity.clientTlsPolicies.setIamPolicy', 'networksecurity.clientTlsPolicies.update', 'networksecurity.clientTlsPolicies.use', 'networksecurity.firewallEndpointAssociations.create', 'networksecurity.firewallEndpointAssociations.delete', 'networksecurity.firewallEndpointAssociations.get', 'networksecurity.firewallEndpointAssociations.list', 'networksecurity.firewallEndpointAssociations.update', 'networksecurity.firewallEndpoints.create', 'networksecurity.firewallEndpoints.delete', 'networksecurity.firewallEndpoints.get', 'networksecurity.firewallEndpoints.list', 'networksecurity.firewallEndpoints.update', 'networksecurity.firewallEndpoints.use', 'networksecurity.gatewaySecurityPolicies.create', 'networksecurity.gatewaySecurityPolicies.delete', 'networksecurity.gatewaySecurityPolicies.get', 'networksecurity.gatewaySecurityPolicies.list', 'networksecurity.gatewaySecurityPolicies.update', 'networksecurity.gatewaySecurityPolicies.use', 'networksecurity.gatewaySecurityPolicyRules.create', 'networksecurity.gatewaySecurityPolicyRules.delete', 'networksecurity.gatewaySecurityPolicyRules.get', 'networksecurity.gatewaySecurityPolicyRules.list', 'networksecurity.gatewaySecurityPolicyRules.update', 'networksecurity.gatewaySecurityPolicyRules.use', 'networksecurity.locations.get', 'networksecurity.locations.list', 'networksecurity.operations.cancel', 'networksecurity.operations.delete', 'networksecurity.operations.get', 'networksecurity.operations.list', 'networksecurity.securityProfileGroups.create', 'networksecurity.securityProfileGroups.delete', 'networksecurity.securityProfileGroups.get', 'networksecurity.securityProfileGroups.list', 'networksecurity.securityProfileGroups.update', 'networksecurity.securityProfileGroups.use', 'networksecurity.securityProfiles.create', 'networksecurity.securityProfiles.delete', 'networksecurity.securityProfiles.get', 'networksecurity.securityProfiles.list', 'networksecurity.securityProfiles.update', 'networksecurity.securityProfiles.use', 'networksecurity.serverTlsPolicies.create', 'networksecurity.serverTlsPolicies.delete', 'networksecurity.serverTlsPolicies.get', 'networksecurity.serverTlsPolicies.getIamPolicy', 'networksecurity.serverTlsPolicies.list', 'networksecurity.serverTlsPolicies.setIamPolicy', 'networksecurity.serverTlsPolicies.update', 'networksecurity.serverTlsPolicies.use', 'networksecurity.tlsInspectionPolicies.create', 'networksecurity.tlsInspectionPolicies.delete', 'networksecurity.tlsInspectionPolicies.get', 'networksecurity.tlsInspectionPolicies.list', 'networksecurity.tlsInspectionPolicies.update', 'networksecurity.tlsInspectionPolicies.use', 'networksecurity.urlLists.create', 'networksecurity.urlLists.delete', 'networksecurity.urlLists.get', 'networksecurity.urlLists.list', 'networksecurity.urlLists.update', 'networksecurity.urlLists.use', 'networkservices.authzExtensions.create', 'networkservices.authzExtensions.delete', 'networkservices.authzExtensions.get', 'networkservices.authzExtensions.list', 'networkservices.authzExtensions.update', 'networkservices.authzExtensions.use', 'networkservices.endpointPolicies.create', 'networkservices.endpointPolicies.delete', 'networkservices.endpointPolicies.get', 'networkservices.endpointPolicies.list', 'networkservices.endpointPolicies.update', 'networkservices.gateways.create', 'networkservices.gateways.delete', 'networkservices.gateways.get', 'networkservices.gateways.list', 'networkservices.gateways.update', 'networkservices.gateways.use', 'networkservices.grpcRoutes.create', 'networkservices.grpcRoutes.delete', 'networkservices.grpcRoutes.get', 'networkservices.grpcRoutes.list', 'networkservices.grpcRoutes.update', 'networkservices.httpFilters.create', 'networkservices.httpFilters.delete', 'networkservices.httpFilters.get', 'networkservices.httpFilters.list', 'networkservices.httpFilters.update', 'networkservices.httpRoutes.create', 'networkservices.httpRoutes.delete', 'networkservices.httpRoutes.get', 'networkservices.httpRoutes.list', 'networkservices.httpRoutes.update', 'networkservices.httpfilters.create', 'networkservices.httpfilters.delete', 'networkservices.httpfilters.get', 'networkservices.httpfilters.getIamPolicy', 'networkservices.httpfilters.list', 'networkservices.httpfilters.setIamPolicy', 'networkservices.httpfilters.update', 'networkservices.httpfilters.use', 'networkservices.lbRouteExtensions.create', 'networkservices.lbRouteExtensions.delete', 'networkservices.lbRouteExtensions.get', 'networkservices.lbRouteExtensions.list', 'networkservices.lbRouteExtensions.update', 'networkservices.lbTrafficExtensions.create', 'networkservices.lbTrafficExtensions.delete', 'networkservices.lbTrafficExtensions.get', 'networkservices.lbTrafficExtensions.list', 'networkservices.lbTrafficExtensions.update', 'networkservices.locations.get', 'networkservices.locations.list', 'networkservices.meshes.create', 'networkservices.meshes.delete', 'networkservices.meshes.get', 'networkservices.meshes.list', 'networkservices.meshes.update', 'networkservices.meshes.use', 'networkservices.operations.cancel', 'networkservices.operations.delete', 'networkservices.operations.get', 'networkservices.operations.list', 'networkservices.route_views.get', 'networkservices.route_views.list', 'networkservices.serviceBindings.create', 'networkservices.serviceBindings.delete', 'networkservices.serviceBindings.get', 'networkservices.serviceBindings.list', 'networkservices.serviceBindings.update', 'networkservices.serviceLbPolicies.create', 'networkservices.serviceLbPolicies.delete', 'networkservices.serviceLbPolicies.get', 'networkservices.serviceLbPolicies.list', 'networkservices.serviceLbPolicies.update', 'networkservices.tcpRoutes.create', 'networkservices.tcpRoutes.delete', 'networkservices.tcpRoutes.get', 'networkservices.tcpRoutes.list', 'networkservices.tcpRoutes.update', 'networkservices.tlsRoutes.create', 'networkservices.tlsRoutes.delete', 'networkservices.tlsRoutes.get', 'networkservices.tlsRoutes.list', 'networkservices.tlsRoutes.update', 'pubsub.topics.create', 'pubsub.topics.get', 'pubsub.topics.publish', 'recommender.containerDiagnosisInsights.get', 'recommender.containerDiagnosisInsights.list', 'recommender.containerDiagnosisInsights.update', 'recommender.containerDiagnosisRecommendations.get', 'recommender.containerDiagnosisRecommendations.list', 'recommender.containerDiagnosisRecommendations.update', 'recommender.locations.get', 'recommender.locations.list', 'recommender.networkAnalyzerGkeConnectivityInsights.get', 'recommender.networkAnalyzerGkeConnectivityInsights.list', 'recommender.networkAnalyzerGkeConnectivityInsights.update', 'recommender.networkAnalyzerGkeIpAddressInsights.get', 'recommender.networkAnalyzerGkeIpAddressInsights.list', 'recommender.networkAnalyzerGkeIpAddressInsights.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'servicenetworking.operations.get', 'servicenetworking.services.addPeering', 'servicenetworking.services.createPeeredDnsDomain', 'servicenetworking.services.deleteConnection', 'servicenetworking.services.deletePeeredDnsDomain', 'servicenetworking.services.disableVpcServiceControls', 'servicenetworking.services.enableVpcServiceControls', 'servicenetworking.services.get', 'servicenetworking.services.listPeeredDnsDomains', 'serviceusage.quotas.get', 'serviceusage.services.get', 'serviceusage.services.list', 'serviceusage.services.use', 'tpu.locations.get', 'tpu.locations.list', 'tpu.nodes.create', 'tpu.nodes.delete', 'tpu.nodes.get', 'tpu.nodes.list', 'tpu.operations.get', 'tpu.operations.list', 'trafficdirector.networks.getConfigs', 'trafficdirector.networks.reportMetrics']
Copy Permissions
GA
roles/container.clusterViewer
Get and list access to GKE Clusters.
Kubernetes Engine Cluster Viewer
['container.clusters.get', 'container.clusters.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA