GKE clusterrolebinding for cluster-admin fails with permission error

Question

I\'ve just created a new cluster using Google Container Engine running Kubernetes 1.7.5, with the new RBAC permissions enabled. I\'ve run into a problem allocating permissio

Answer 1

Janos's answer will work for GKE clusters that have been created with a password, but I'd recommend avoiding using that password wherever possible (or creating your GKE clusters without a password).

Using IAM: To create that ClusterRoleBinding, the caller must have the container.clusterRoleBindings.create permission. Only the OWNER and Kubernetes Engine Admin IAM Roles contain that permission (because it allows modification of access control on your GKE clusters).

So, to allow person@company.com to run that command, they must be granted one of those roles. E.g.:

gcloud projects add-iam-policy-binding $PROJECT \
  --member=user:person@company.com \
  --role=roles/container.admin