Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Kubernetes Metadata API roles and permissions

This page lists the IAM roles and permissions for Kubernetes Metadata API. To search through all roles and permissions, see the role and permission index.

Kubernetes Metadata API roles

Role Permissions

Role	Permissions
Kubernetesmetadata Admin (`roles/kubernetesmetadata.admin`) Admin role for kubernetesmetadata	`kubernetesmetadata.*` `kubernetesmetadata.metadata.config` `kubernetesmetadata.metadata.publish` `kubernetesmetadata.metadata.snapshot` `resourcemanager.projects.get` `resourcemanager.projects.list`
Kubernetesmetadata Viewer (`roles/kubernetesmetadata.viewer`) Viewer role for kubernetesmetadata	`kubernetesmetadata.metadata.config` `resourcemanager.projects.get` `resourcemanager.projects.list`
Metadata Publisher (`roles/kubernetesmetadata.publisher`) Publisher of Kubernetes clusters metadata	`kubernetesmetadata.*` `kubernetesmetadata.metadata.config` `kubernetesmetadata.metadata.publish` `kubernetesmetadata.metadata.snapshot`

Kubernetesmetadata Admin

(roles/kubernetesmetadata.admin)

Admin role for kubernetesmetadata

kubernetesmetadata.*

kubernetesmetadata.metadata.config
kubernetesmetadata.metadata.publish
kubernetesmetadata.metadata.snapshot

resourcemanager.projects.get

resourcemanager.projects.list

Kubernetesmetadata Viewer

(roles/kubernetesmetadata.viewer)

Viewer role for kubernetesmetadata

kubernetesmetadata.metadata.config

resourcemanager.projects.get

resourcemanager.projects.list

Metadata Publisher

(roles/kubernetesmetadata.publisher)

Publisher of Kubernetes clusters metadata

kubernetesmetadata.*

kubernetesmetadata.metadata.config
kubernetesmetadata.metadata.publish
kubernetesmetadata.metadata.snapshot

Kubernetes Metadata API permissions

Permission Included in roles

Permission	Included in roles
`kubernetesmetadata.metadata.config`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Kubernetesmetadata Admin (`roles/kubernetesmetadata.admin`) Kubernetesmetadata Viewer (`roles/kubernetesmetadata.viewer`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Support User (`roles/iam.supportUser`) Metadata Publisher (`roles/kubernetesmetadata.publisher`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`)
`kubernetesmetadata.metadata.publish`	Owner (`roles/owner`) Editor (`roles/editor`) Kubernetesmetadata Admin (`roles/kubernetesmetadata.admin`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Metadata Publisher (`roles/kubernetesmetadata.publisher`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`)
`kubernetesmetadata.metadata.snapshot`	Owner (`roles/owner`) Editor (`roles/editor`) Kubernetesmetadata Admin (`roles/kubernetesmetadata.admin`) Anthos Multi-cloud Telemetry Writer (`roles/gkemulticloud.telemetryWriter`) Metadata Publisher (`roles/kubernetesmetadata.publisher`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Edge Container Cluster Service Agent (`roles/edgecontainer.clusterServiceAgent`) Anthos Multi-Cloud Container Service Agent (`roles/gkemulticloud.containerServiceAgent`)

`kubernetesmetadata.metadata.config`

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Kubernetesmetadata Admin (roles/kubernetesmetadata.admin)

Kubernetesmetadata Viewer (roles/kubernetesmetadata.viewer)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Support User (roles/iam.supportUser)

Metadata Publisher (roles/kubernetesmetadata.publisher)

Service agent roles

Edge Container Cluster Service Agent (roles/edgecontainer.clusterServiceAgent)
Anthos Multi-Cloud Container Service Agent (roles/gkemulticloud.containerServiceAgent)

`kubernetesmetadata.metadata.publish`

Owner (roles/owner)

Editor (roles/editor)

Kubernetesmetadata Admin (roles/kubernetesmetadata.admin)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Metadata Publisher (roles/kubernetesmetadata.publisher)

Service agent roles

Edge Container Cluster Service Agent (roles/edgecontainer.clusterServiceAgent)
Anthos Multi-Cloud Container Service Agent (roles/gkemulticloud.containerServiceAgent)

`kubernetesmetadata.metadata.snapshot`

Owner (roles/owner)

Editor (roles/editor)

Kubernetesmetadata Admin (roles/kubernetesmetadata.admin)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Metadata Publisher (roles/kubernetesmetadata.publisher)

Service agent roles

Edge Container Cluster Service Agent (roles/edgecontainer.clusterServiceAgent)
Anthos Multi-Cloud Container Service Agent (roles/gkemulticloud.containerServiceAgent)