Tier
AdminCategoria
KubernetesEscopo
project
Privilégios
5
Role ID
roles/container.adminEsta é uma role privilegiada — concede capacidades de controle elevado. Aplique o princípio do menor privilégio e monitore atribuições via Cloud Audit Logs.
Admin
Administrative control over a service, may include IAM
Descrição
Full access to all Kubernetes Engine resources, including cluster IAM management.
Privilégios / Capacidades(5)
Create, update, and delete GKE clusters
Manage Kubernetes RBAC
Access Kubernetes API
Set IAM policies on clusters
Manage node pools and autoscaling
Role Definition (JSON)
{
"name": "roles/container.admin",
"title": "Kubernetes Engine Admin",
"description": "Full access to all Kubernetes Engine resources, including cluster IAM management.",
"stage": "GA",
"includedPermissions": [
"Create, update, and delete GKE clusters",
"Manage Kubernetes RBAC",
"Access Kubernetes API",
"Set IAM policies on clusters",
"Manage node pools and autoscaling"
]Roles relacionadasKubernetes
Kubernetes Engine Cluster Admin
Manage Kubernetes clusters and node pools, without accessing deployed workloads.
Kubernetes Engine Developer
Full access to Kubernetes objects inside clusters. Deploy and manage workloads.
Kubernetes Engine Cluster Viewer
Read-only access to GKE cluster metadata. Cannot access Kubernetes objects inside the cluster.
Kubernetes Engine Viewer
Read-only access to all Kubernetes Engine resources and cluster configuration.
Kubernetes Engine Node Service Account
Minimum permissions for a GKE node pool service account to function correctly.