| roles/gkemulticloud.controlPlaneMachineServiceAgent |
Grants the Anthos Multi-Cloud Control Plane Machine Service Account access to manage resources. |
Anthos Multi-Cloud Control Plane Machine Service Agent |
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use'] |
|
GA |
| roles/gkemulticloud.nodePoolMachineServiceAgent |
Grants the Anthos Multi-Cloud Node Pool Machine Service Account access to manage resources. |
Anthos Multi-Cloud Node Pool Machine Service Agent |
['artifactregistry.dockerimages.get', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'serviceusage.services.use'] |
|
GA |
| roles/gkemulticloud.containerServiceAgent |
Grants the Anthos Multi-Cloud Container Service Account access to manage resources. |
Anthos Multi-Cloud Container Service Agent |
['binaryauthorization.platformPolicies.evaluatePolicy', 'binaryauthorization.platformPolicies.get', 'binaryauthorization.platformPolicies.list', 'binaryauthorization.policy.evaluatePolicy', 'binaryauthorization.policy.get', 'cloudnotifications.activities.list', 'kubernetesmetadata.metadata.config', 'kubernetesmetadata.metadata.publish', 'kubernetesmetadata.metadata.snapshot', 'logging.logEntries.create', 'logging.logEntries.route', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.dashboards.get', 'monitoring.dashboards.list', 'monitoring.groups.get', 'monitoring.groups.list', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.notificationChannelDescriptors.get', 'monitoring.notificationChannelDescriptors.list', 'monitoring.notificationChannels.get', 'monitoring.notificationChannels.list', 'monitoring.services.get', 'monitoring.services.list', 'monitoring.slos.get', 'monitoring.slos.list', 'monitoring.snoozes.get', 'monitoring.snoozes.list', 'monitoring.timeSeries.create', 'monitoring.timeSeries.list', 'monitoring.uptimeCheckConfigs.get', 'monitoring.uptimeCheckConfigs.list', 'opsconfigmonitoring.resourceMetadata.list', 'opsconfigmonitoring.resourceMetadata.write', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'serviceusage.services.use', 'stackdriver.projects.get', 'stackdriver.resourceMetadata.list'] |
|
GA |
| roles/gkemulticloud.admin |
Admin access to Anthos Multi-cloud resources. |
Anthos Multi-cloud Admin |
['gkemulticloud.attachedClusters.create', 'gkemulticloud.attachedClusters.delete', 'gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.import', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedClusters.update', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.create', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.getAdminKubeconfig', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsClusters.update', 'gkemulticloud.awsNodePools.create', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsNodePools.update', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.create', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.create', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.getAdminKubeconfig', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureClusters.update', 'gkemulticloud.azureNodePools.create', 'gkemulticloud.azureNodePools.delete', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureNodePools.update', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.cancel', 'gkemulticloud.operations.delete', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/gkemulticloud.telemetryWriter |
Grant access to write cluster telemetry data such as logs, metrics, and resource metadata. |
Anthos Multi-cloud Telemetry Writer |
['logging.logEntries.create', 'logging.logEntries.route', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'opsconfigmonitoring.resourceMetadata.write'] |
|
GA |
| roles/gkemulticloud.viewer |
Viewer access to Anthos Multi-cloud resources. |
Anthos Multi-cloud Viewer |
['gkemulticloud.attachedClusters.generateInstallManifest', 'gkemulticloud.attachedClusters.get', 'gkemulticloud.attachedClusters.list', 'gkemulticloud.attachedServerConfigs.get', 'gkemulticloud.awsClusters.generateAccessToken', 'gkemulticloud.awsClusters.get', 'gkemulticloud.awsClusters.list', 'gkemulticloud.awsNodePools.get', 'gkemulticloud.awsNodePools.list', 'gkemulticloud.awsServerConfigs.get', 'gkemulticloud.azureClients.get', 'gkemulticloud.azureClients.list', 'gkemulticloud.azureClusters.generateAccessToken', 'gkemulticloud.azureClusters.get', 'gkemulticloud.azureClusters.list', 'gkemulticloud.azureNodePools.get', 'gkemulticloud.azureNodePools.list', 'gkemulticloud.azureServerConfigs.get', 'gkemulticloud.operations.get', 'gkemulticloud.operations.list', 'gkemulticloud.operations.wait', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/gkemulticloud.serviceAgent |
Grants the Anthos Multi-Cloud Service Account access to manage resources. |
Anthos Multi-Cloud Service Agent |
['gkehub.features.create', 'gkehub.features.delete', 'gkehub.features.get', 'gkehub.features.getIamPolicy', 'gkehub.features.list', 'gkehub.features.setIamPolicy', 'gkehub.features.update', 'gkehub.fleet.create', 'gkehub.fleet.createFreeTrial', 'gkehub.fleet.delete', 'gkehub.fleet.get', 'gkehub.fleet.getFreeTrial', 'gkehub.fleet.update', 'gkehub.fleet.updateFreeTrial', 'gkehub.locations.get', 'gkehub.locations.list', 'gkehub.membershipbindings.create', 'gkehub.membershipbindings.delete', 'gkehub.membershipbindings.get', 'gkehub.membershipbindings.list', 'gkehub.membershipbindings.update', 'gkehub.memberships.create', 'gkehub.memberships.delete', 'gkehub.memberships.generateConnectManifest', 'gkehub.memberships.get', 'gkehub.memberships.getIamPolicy', 'gkehub.memberships.list', 'gkehub.memberships.setIamPolicy', 'gkehub.memberships.update', 'gkehub.namespaces.create', 'gkehub.namespaces.delete', 'gkehub.namespaces.get', 'gkehub.namespaces.list', 'gkehub.namespaces.update', 'gkehub.operations.cancel', 'gkehub.operations.delete', 'gkehub.operations.get', 'gkehub.operations.list', 'gkehub.rbacrolebindings.create', 'gkehub.rbacrolebindings.delete', 'gkehub.rbacrolebindings.get', 'gkehub.rbacrolebindings.list', 'gkehub.rbacrolebindings.update', 'gkehub.scopes.create', 'gkehub.scopes.delete', 'gkehub.scopes.get', 'gkehub.scopes.getIamPolicy', 'gkehub.scopes.list', 'gkehub.scopes.listBoundMemberships', 'gkehub.scopes.update', 'gkemulticloud.awsClusters.delete', 'gkemulticloud.awsNodePools.delete', 'gkemulticloud.azureClients.delete', 'gkemulticloud.azureClusters.delete', 'gkemulticloud.azureNodePools.delete', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |