גרסה 2.7

גרסאות זמינות

‫2.11 – הגרסה העדכנית
2.10
2.9
2.8 – סוף החיים (EOL) / לא נתמכת
2.7 – סוף החיים (EOL) / לא נתמכת
2.6 – סוף החיים (EOL) / לא נתמכת
2.5 – סוף החיים (EOL) / לא נתמכת
2.4 – סוף החיים (EOL) / לא נתמכת
2.3 – סוף החיים (EOL) / לא נתמכת
2.2 – סוף החיים (EOL) / לא נתמכת
2.1 – סוף החיים (EOL) / לא נתמכת

סקירה כללית על בקרת גישה מבוססת-תפקידים

‫Kf מספקת קבוצה של תפקידי Kubernetes שמאפשרים למספר צוותים לשתף אשכול Kf. בדף הזה מתוארים התפקידים והשיטות המומלצות לשימוש בהם.

מתי כדאי להשתמש בתפקידי Kf

תפקידי Kf מאפשרים לכמה צוותים לשתף אשכול Kubernetes עם Kf מותקן. התפקידים מספקים גישה למרחבי Kf ספציפיים.

אפשר להשתמש בתפקידי Kf כדי לשתף גישה לאשכול אם התנאים הבאים מתקיימים:

האשכול משמש צוותים מהימנים.
עומסי העבודה באשכול חולקים את אותן הנחות לגבי רמת האבטחה שמספקת הסביבה.
האשכול קיים בפרויקט ב- Google Cloud שנמצא תחת בקרה הדוקה.

תפקידי Kf לא:

הגנה על האשכול מפני מפתחים או עומסי עבודה לא מהימנים. מידע נוסף זמין במאמר בנושא מודל האחריות המשותפת ב-GKE.
בידוד של עומסי העבודה. מידע נוסף זמין במדריך להקשחת האשכול.
מניעה של הגדרה של תפקידי Kubernetes נוספים שפועלים באינטראקציה עם Kf.
מניעת גישה מאדמינים שיש להם גישה לפרויקט או לאשכול. Google Cloud

תפקידים ב-Kf

בקטעים הבאים מוסבר על תפקידי RBAC ב-Kubernetes שסופקו על ידי Kf ואיך הם פועלים עם IAM ב-Google Kubernetes Engine ‏ (GKE).

תפקידים מוגדרים מראש

ב-Kf יש כמה תפקידים מוגדרים מראש ב-Kubernetes שעוזרים לכם להעניק גישה לנושאים שונים שמבצעים תפקידים שונים. כל תפקיד מוגדר מראש יכול להיות מקושר לנושא במרחב שמות של Kubernetes שמנוהל על ידי מרחב Kf.

כשנושא מקושר לתפקיד במרחב שמות של Kubernetes, הגישה שלו מוגבלת לאובייקטים שקיימים במרחב השמות שתואמים להרשאות שמופיעות בתפקיד. ב-Kf, חלק מהמשאבים מוגדרים בהיקף האשכול. ‫Kf עוקב אחרי שינויים בנושאים במרחב השמות ומעניק תפקידים נוספים ומוגבלים בהיקף האשכול.

תפקיד	שם	תיאור	היקף
`space-auditor`	מבקר/ת של המרחב	מאפשר גישה לקריאה בלבד למרחב.	רווח
`space-developer`	מפתח/ת מרחבים	מאפשר למפתחי אפליקציות לפרוס ולנהל אפליקציות במרחב.	רווח
`space-manager`	מנהל מרחב	מאפשרת ניהול של המרחב ושל המבקרים, המפתחים והמנהלים בו.	רווח
`SPACE_NAME-manager`	מנהל מרחב דינמי	מספק הרשאת כתיבה לאובייקט Space יחיד, שמוענקת באופן אוטומטי לכל הנושאים עם התפקיד `space-manager` בתוך החלל המשותף שצוין.	אשכול
`kf-cluster-reader`	הרשאת קריאה באשכול	מאפשר גישת קריאה בלבד לאובייקטים של Kf בהיקף אשכול, ומוענק אוטומטית לכל `space-auditor`, `space-developer` ו-`space-manager`.	אשכול

מידע על כללי המדיניות שמרכיבים כל תפקיד מוגדר מראש מופיע במסמכי העזר של תפקידי Kf.

תפקידי IAM

תפקידי Kf מספקים בקרת גישה לאובייקטים בתוך אשכול Kubernetes. בנוסף, צריך להקצות לסובייקטים תפקיד ב-IAM כדי לאמת אותם באשכול:

צריך להעניק לאדמינים של הפלטפורמה את תפקיד ה-IAM‏ roles/container.admin. כך הם יוכלו להתקין, לשדרג ולמחוק את Kf, וגם ליצור ולמחוק אובייקטים של Kf בהיקף אשכול כמו Spaces או ClusterServiceBrokers.
צריך להעניק למשתמשי קצה ב-Kf את תפקיד ה-IAM‏ roles/container.viewer. התפקיד הזה יאפשר להם לבצע אימות לאשכול עם הרשאות מוגבלות שאפשר להרחיב באמצעות תפקידים ב-Kf.

ב-IAM יש תפקידים מוגדרים מראש נוספים ל-GKE כדי לפתור תרחישים מתקדמים יותר:

Role Permissions

Role	Permissions
Kubernetes Engine Admin (`roles/container.admin`) Provides access to full management of clusters and their Kubernetes API objects. To set a service account on nodes, you must also have the Service Account User role (`roles/iam.serviceAccountUser`) on the user-managed service account that your nodes will use. Lowest-level resources where you can grant this role: Project	`container.` `container.apiServices.create` `container.apiServices.delete` `container.apiServices.get` `container.apiServices.getStatus` `container.apiServices.list` `container.apiServices.update` `container.apiServices.updateStatus` `container.auditSinks.create` `container.auditSinks.delete` `container.auditSinks.get` `container.auditSinks.list` `container.auditSinks.update` `container.backendConfigs.create` `container.backendConfigs.delete` `container.backendConfigs.get` `container.backendConfigs.list` `container.backendConfigs.update` `container.bindings.create` `container.bindings.delete` `container.bindings.get` `container.bindings.list` `container.bindings.update` `container.certificateSigningRequests.approve` `container.certificateSigningRequests.create` `container.certificateSigningRequests.delete` `container.certificateSigningRequests.get` `container.certificateSigningRequests.getStatus` `container.certificateSigningRequests.list` `container.certificateSigningRequests.update` `container.certificateSigningRequests.updateStatus` `container.clusterRoleBindings.create` `container.clusterRoleBindings.delete` `container.clusterRoleBindings.get` `container.clusterRoleBindings.list` `container.clusterRoleBindings.update` `container.clusterRoles.bind` `container.clusterRoles.create` `container.clusterRoles.delete` `container.clusterRoles.escalate` `container.clusterRoles.get` `container.clusterRoles.list` `container.clusterRoles.update` `container.clusters.connect` `container.clusters.create` `container.clusters.createTagBinding` `container.clusters.delete` `container.clusters.deleteTagBinding` `container.clusters.get` `container.clusters.getCredentials` `container.clusters.impersonate` `container.clusters.list` `container.clusters.listEffectiveTags` `container.clusters.listTagBindings` `container.clusters.update` `container.componentStatuses.get` `container.componentStatuses.list` `container.configMaps.create` `container.configMaps.delete` `container.configMaps.get` `container.configMaps.list` `container.configMaps.update` `container.controllerRevisions.create` `container.controllerRevisions.delete` `container.controllerRevisions.get` `container.controllerRevisions.list` `container.controllerRevisions.update` `container.cronJobs.create` `container.cronJobs.delete` `container.cronJobs.get` `container.cronJobs.getStatus` `container.cronJobs.list` `container.cronJobs.update` `container.cronJobs.updateStatus` `container.csiDrivers.create` `container.csiDrivers.delete` `container.csiDrivers.get` `container.csiDrivers.list` `container.csiDrivers.update` `container.csiNodeInfos.create` `container.csiNodeInfos.delete` `container.csiNodeInfos.get` `container.csiNodeInfos.list` `container.csiNodeInfos.update` `container.csiNodes.create` `container.csiNodes.delete` `container.csiNodes.get` `container.csiNodes.list` `container.csiNodes.update` `container.customResourceDefinitions.create` `container.customResourceDefinitions.delete` `container.customResourceDefinitions.get` `container.customResourceDefinitions.getStatus` `container.customResourceDefinitions.list` `container.customResourceDefinitions.update` `container.customResourceDefinitions.updateStatus` `container.daemonSets.create` `container.daemonSets.delete` `container.daemonSets.get` `container.daemonSets.getStatus` `container.daemonSets.list` `container.daemonSets.update` `container.daemonSets.updateStatus` `container.deployments.create` `container.deployments.delete` `container.deployments.get` `container.deployments.getScale` `container.deployments.getStatus` `container.deployments.list` `container.deployments.rollback` `container.deployments.update` `container.deployments.updateScale` `container.deployments.updateStatus` `container.endpointSlices.create` `container.endpointSlices.delete` `container.endpointSlices.get` `container.endpointSlices.list` `container.endpointSlices.update` `container.endpoints.create` `container.endpoints.delete` `container.endpoints.get` `container.endpoints.list` `container.endpoints.update` `container.events.create` `container.events.delete` `container.events.get` `container.events.list` `container.events.update` `container.frontendConfigs.create` `container.frontendConfigs.delete` `container.frontendConfigs.get` `container.frontendConfigs.list` `container.frontendConfigs.update` `container.horizontalPodAutoscalers.create` `container.horizontalPodAutoscalers.delete` `container.horizontalPodAutoscalers.get` `container.horizontalPodAutoscalers.getStatus` `container.horizontalPodAutoscalers.list` `container.horizontalPodAutoscalers.update` `container.horizontalPodAutoscalers.updateStatus` `container.hostServiceAgent.use` `container.ingresses.create` `container.ingresses.delete` `container.ingresses.get` `container.ingresses.getStatus` `container.ingresses.list` `container.ingresses.update` `container.ingresses.updateStatus` `container.initializerConfigurations.create` `container.initializerConfigurations.delete` `container.initializerConfigurations.get` `container.initializerConfigurations.list` `container.initializerConfigurations.update` `container.jobs.create` `container.jobs.delete` `container.jobs.get` `container.jobs.getStatus` `container.jobs.list` `container.jobs.update` `container.jobs.updateStatus` `container.leases.create` `container.leases.delete` `container.leases.get` `container.leases.list` `container.leases.update` `container.limitRanges.create` `container.limitRanges.delete` `container.limitRanges.get` `container.limitRanges.list` `container.limitRanges.update` `container.localSubjectAccessReviews.create` `container.localSubjectAccessReviews.list` `container.managedCertificates.create` `container.managedCertificates.delete` `container.managedCertificates.get` `container.managedCertificates.list` `container.managedCertificates.update` `container.mutatingWebhookConfigurations.create` `container.mutatingWebhookConfigurations.delete` `container.mutatingWebhookConfigurations.get` `container.mutatingWebhookConfigurations.list` `container.mutatingWebhookConfigurations.update` `container.namespaces.create` `container.namespaces.delete` `container.namespaces.finalize` `container.namespaces.get` `container.namespaces.getStatus` `container.namespaces.list` `container.namespaces.update` `container.namespaces.updateStatus` `container.networkPolicies.create` `container.networkPolicies.delete` `container.networkPolicies.get` `container.networkPolicies.list` `container.networkPolicies.update` `container.nodes.create` `container.nodes.delete` `container.nodes.get` `container.nodes.getStatus` `container.nodes.list` `container.nodes.proxy` `container.nodes.update` `container.nodes.updateStatus` `container.operations.get` `container.operations.list` `container.persistentVolumeClaims.create` `container.persistentVolumeClaims.delete` `container.persistentVolumeClaims.get` `container.persistentVolumeClaims.getStatus` `container.persistentVolumeClaims.list` `container.persistentVolumeClaims.update` `container.persistentVolumeClaims.updateStatus` `container.persistentVolumes.create` `container.persistentVolumes.delete` `container.persistentVolumes.get` `container.persistentVolumes.getStatus` `container.persistentVolumes.list` `container.persistentVolumes.update` `container.persistentVolumes.updateStatus` `container.petSets.create` `container.petSets.delete` `container.petSets.get` `container.petSets.list` `container.petSets.update` `container.petSets.updateStatus` `container.podDisruptionBudgets.create` `container.podDisruptionBudgets.delete` `container.podDisruptionBudgets.get` `container.podDisruptionBudgets.getStatus` `container.podDisruptionBudgets.list` `container.podDisruptionBudgets.update` `container.podDisruptionBudgets.updateStatus` `container.podPresets.create` `container.podPresets.delete` `container.podPresets.get` `container.podPresets.list` `container.podPresets.update` `container.podSecurityPolicies.create` `container.podSecurityPolicies.delete` `container.podSecurityPolicies.get` `container.podSecurityPolicies.list` `container.podSecurityPolicies.update` `container.podSecurityPolicies.use` `container.podTemplates.create` `container.podTemplates.delete` `container.podTemplates.get` `container.podTemplates.list` `container.podTemplates.update` `container.pods.attach` `container.pods.create` `container.pods.delete` `container.pods.evict` `container.pods.exec` `container.pods.get` `container.pods.getLogs` `container.pods.getStatus` `container.pods.initialize` `container.pods.list` `container.pods.portForward` `container.pods.proxy` `container.pods.update` `container.pods.updateStatus` `container.priorityClasses.create` `container.priorityClasses.delete` `container.priorityClasses.get` `container.priorityClasses.list` `container.priorityClasses.update` `container.replicaSets.create` `container.replicaSets.delete` `container.replicaSets.get` `container.replicaSets.getScale` `container.replicaSets.getStatus` `container.replicaSets.list` `container.replicaSets.update` `container.replicaSets.updateScale` `container.replicaSets.updateStatus` `container.replicationControllers.create` `container.replicationControllers.delete` `container.replicationControllers.get` `container.replicationControllers.getScale` `container.replicationControllers.getStatus` `container.replicationControllers.list` `container.replicationControllers.update` `container.replicationControllers.updateScale` `container.replicationControllers.updateStatus` `container.resourceQuotas.create` `container.resourceQuotas.delete` `container.resourceQuotas.get` `container.resourceQuotas.getStatus` `container.resourceQuotas.list` `container.resourceQuotas.update` `container.resourceQuotas.updateStatus` `container.roleBindings.create` `container.roleBindings.delete` `container.roleBindings.get` `container.roleBindings.list` `container.roleBindings.update` `container.roles.bind` `container.roles.create` `container.roles.delete` `container.roles.escalate` `container.roles.get` `container.roles.list` `container.roles.update` `container.runtimeClasses.create` `container.runtimeClasses.delete` `container.runtimeClasses.get` `container.runtimeClasses.list` `container.runtimeClasses.update` `container.scheduledJobs.create` `container.scheduledJobs.delete` `container.scheduledJobs.get` `container.scheduledJobs.list` `container.scheduledJobs.update` `container.scheduledJobs.updateStatus` `container.secrets.create` `container.secrets.delete` `container.secrets.get` `container.secrets.list` `container.secrets.update` `container.selfSubjectAccessReviews.create` `container.selfSubjectAccessReviews.list` `container.selfSubjectRulesReviews.create` `container.serviceAccounts.create` `container.serviceAccounts.createToken` `container.serviceAccounts.delete` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.serviceAccounts.update` `container.services.create` `container.services.delete` `container.services.get` `container.services.getStatus` `container.services.list` `container.services.proxy` `container.services.update` `container.services.updateStatus` `container.statefulSets.create` `container.statefulSets.delete` `container.statefulSets.get` `container.statefulSets.getScale` `container.statefulSets.getStatus` `container.statefulSets.list` `container.statefulSets.update` `container.statefulSets.updateScale` `container.statefulSets.updateStatus` `container.storageClasses.create` `container.storageClasses.delete` `container.storageClasses.get` `container.storageClasses.list` `container.storageClasses.update` `container.storageStates.create` `container.storageStates.delete` `container.storageStates.get` `container.storageStates.getStatus` `container.storageStates.list` `container.storageStates.update` `container.storageStates.updateStatus` `container.storageVersionMigrations.create` `container.storageVersionMigrations.delete` `container.storageVersionMigrations.get` `container.storageVersionMigrations.getStatus` `container.storageVersionMigrations.list` `container.storageVersionMigrations.update` `container.storageVersionMigrations.updateStatus` `container.subjectAccessReviews.create` `container.subjectAccessReviews.list` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyObjects.update` `container.thirdPartyResources.create` `container.thirdPartyResources.delete` `container.thirdPartyResources.get` `container.thirdPartyResources.list` `container.thirdPartyResources.update` `container.tokenReviews.create` `container.updateInfos.create` `container.updateInfos.delete` `container.updateInfos.get` `container.updateInfos.list` `container.updateInfos.update` `container.validatingWebhookConfigurations.create` `container.validatingWebhookConfigurations.delete` `container.validatingWebhookConfigurations.get` `container.validatingWebhookConfigurations.list` `container.validatingWebhookConfigurations.update` `container.volumeAttachments.create` `container.volumeAttachments.delete` `container.volumeAttachments.get` `container.volumeAttachments.getStatus` `container.volumeAttachments.list` `container.volumeAttachments.update` `container.volumeAttachments.updateStatus` `container.volumeSnapshotClasses.create` `container.volumeSnapshotClasses.delete` `container.volumeSnapshotClasses.get` `container.volumeSnapshotClasses.list` `container.volumeSnapshotClasses.update` `container.volumeSnapshotContents.create` `container.volumeSnapshotContents.delete` `container.volumeSnapshotContents.get` `container.volumeSnapshotContents.getStatus` `container.volumeSnapshotContents.list` `container.volumeSnapshotContents.update` `container.volumeSnapshotContents.updateStatus` `container.volumeSnapshots.create` `container.volumeSnapshots.delete` `container.volumeSnapshots.get` `container.volumeSnapshots.getStatus` `container.volumeSnapshots.list` `container.volumeSnapshots.update` `container.volumeSnapshots.updateStatus` `recommender.containerDiagnosisInsights.` `recommender.containerDiagnosisInsights.get` `recommender.containerDiagnosisInsights.list` `recommender.containerDiagnosisInsights.update` `recommender.containerDiagnosisRecommendations.` `recommender.containerDiagnosisRecommendations.get` `recommender.containerDiagnosisRecommendations.list` `recommender.containerDiagnosisRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.networkAnalyzerGkeConnectivityInsights.` `recommender.networkAnalyzerGkeConnectivityInsights.get` `recommender.networkAnalyzerGkeConnectivityInsights.list` `recommender.networkAnalyzerGkeConnectivityInsights.update` `recommender.networkAnalyzerGkeIpAddressInsights.` `recommender.networkAnalyzerGkeIpAddressInsights.get` `recommender.networkAnalyzerGkeIpAddressInsights.list` `recommender.networkAnalyzerGkeIpAddressInsights.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Kubernetes Engine KMS Crypto Key User (`roles/container.cloudKmsKeyUser`) Allow the Kubernetes Engine service agent in the cluster project to call KMS with user provided crypto keys to sign payloads.	`cloudkms.cryptoKeyVersions.get` `cloudkms.cryptoKeyVersions.useToSign` `cloudkms.cryptoKeyVersions.useToVerify` `cloudkms.cryptoKeyVersions.viewPublicKey` `cloudkms.cryptoKeys.get` `cloudkms.locations.get` `cloudkms.locations.list` `resourcemanager.projects.get`
Kubernetes Engine Cluster Admin (`roles/container.clusterAdmin`) Provides access to management of clusters. To set a service account on nodes, you must also have the Service Account User role (`roles/iam.serviceAccountUser`) on the user-managed service account that your nodes will use. Lowest-level resources where you can grant this role: Project	`container.clusters.connect` `container.clusters.create` `container.clusters.delete` `container.clusters.get` `container.clusters.list` `container.clusters.update` `container.operations.*` `container.operations.get` `container.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Kubernetes Engine Cluster Viewer (`roles/container.clusterViewer`) Provides access to get and list GKE clusters.	`container.clusters.connect` `container.clusters.get` `container.clusters.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Kubernetes Engine Default Node Service Account (`roles/container.defaultNodeServiceAccount`) Least privilege role to use as the default service account for GKE Nodes.	`autoscaling.sites.writeMetrics` `logging.logEntries.create` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.list` `monitoring.timeSeries.*` `monitoring.timeSeries.create` `monitoring.timeSeries.list`
Kubernetes Engine Default Node Service Agent (`roles/container.defaultNodeServiceAgent`) Minimal set of permissions required by a GKE node to support standard capabilities such as logging and monitoring. Replaces the container.nodeServiceAgent role with a reduced permission set. Warning: Do not grant service agent roles to any principals except service agents.	`autoscaling.sites.writeMetrics` `logging.logEntries.create` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.list` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `serviceusage.services.use` `telemetry.metrics.write` `telemetry.traces.write` `trafficdirector.` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`
Kubernetes Engine Developer (`roles/container.developer`) Provides access to Kubernetes API objects inside clusters. Lowest-level resources where you can grant this role: Project	`container.apiServices.` `container.apiServices.create` `container.apiServices.delete` `container.apiServices.get` `container.apiServices.getStatus` `container.apiServices.list` `container.apiServices.update` `container.apiServices.updateStatus` `container.auditSinks.` `container.auditSinks.create` `container.auditSinks.delete` `container.auditSinks.get` `container.auditSinks.list` `container.auditSinks.update` `container.backendConfigs.` `container.backendConfigs.create` `container.backendConfigs.delete` `container.backendConfigs.get` `container.backendConfigs.list` `container.backendConfigs.update` `container.bindings.` `container.bindings.create` `container.bindings.delete` `container.bindings.get` `container.bindings.list` `container.bindings.update` `container.certificateSigningRequests.create` `container.certificateSigningRequests.delete` `container.certificateSigningRequests.get` `container.certificateSigningRequests.list` `container.certificateSigningRequests.update` `container.certificateSigningRequests.updateStatus` `container.clusterRoleBindings.get` `container.clusterRoleBindings.list` `container.clusterRoles.get` `container.clusterRoles.list` `container.clusters.connect` `container.clusters.get` `container.clusters.list` `container.componentStatuses.` `container.componentStatuses.get` `container.componentStatuses.list` `container.configMaps.` `container.configMaps.create` `container.configMaps.delete` `container.configMaps.get` `container.configMaps.list` `container.configMaps.update` `container.controllerRevisions.get` `container.controllerRevisions.list` `container.cronJobs.` `container.cronJobs.create` `container.cronJobs.delete` `container.cronJobs.get` `container.cronJobs.getStatus` `container.cronJobs.list` `container.cronJobs.update` `container.cronJobs.updateStatus` `container.csiDrivers.` `container.csiDrivers.create` `container.csiDrivers.delete` `container.csiDrivers.get` `container.csiDrivers.list` `container.csiDrivers.update` `container.csiNodeInfos.` `container.csiNodeInfos.create` `container.csiNodeInfos.delete` `container.csiNodeInfos.get` `container.csiNodeInfos.list` `container.csiNodeInfos.update` `container.csiNodes.` `container.csiNodes.create` `container.csiNodes.delete` `container.csiNodes.get` `container.csiNodes.list` `container.csiNodes.update` `container.customResourceDefinitions.` `container.customResourceDefinitions.create` `container.customResourceDefinitions.delete` `container.customResourceDefinitions.get` `container.customResourceDefinitions.getStatus` `container.customResourceDefinitions.list` `container.customResourceDefinitions.update` `container.customResourceDefinitions.updateStatus` `container.daemonSets.` `container.daemonSets.create` `container.daemonSets.delete` `container.daemonSets.get` `container.daemonSets.getStatus` `container.daemonSets.list` `container.daemonSets.update` `container.daemonSets.updateStatus` `container.deployments.` `container.deployments.create` `container.deployments.delete` `container.deployments.get` `container.deployments.getScale` `container.deployments.getStatus` `container.deployments.list` `container.deployments.rollback` `container.deployments.update` `container.deployments.updateScale` `container.deployments.updateStatus` `container.endpointSlices.` `container.endpointSlices.create` `container.endpointSlices.delete` `container.endpointSlices.get` `container.endpointSlices.list` `container.endpointSlices.update` `container.endpoints.` `container.endpoints.create` `container.endpoints.delete` `container.endpoints.get` `container.endpoints.list` `container.endpoints.update` `container.events.` `container.events.create` `container.events.delete` `container.events.get` `container.events.list` `container.events.update` `container.frontendConfigs.` `container.frontendConfigs.create` `container.frontendConfigs.delete` `container.frontendConfigs.get` `container.frontendConfigs.list` `container.frontendConfigs.update` `container.horizontalPodAutoscalers.` `container.horizontalPodAutoscalers.create` `container.horizontalPodAutoscalers.delete` `container.horizontalPodAutoscalers.get` `container.horizontalPodAutoscalers.getStatus` `container.horizontalPodAutoscalers.list` `container.horizontalPodAutoscalers.update` `container.horizontalPodAutoscalers.updateStatus` `container.ingresses.` `container.ingresses.create` `container.ingresses.delete` `container.ingresses.get` `container.ingresses.getStatus` `container.ingresses.list` `container.ingresses.update` `container.ingresses.updateStatus` `container.initializerConfigurations.` `container.initializerConfigurations.create` `container.initializerConfigurations.delete` `container.initializerConfigurations.get` `container.initializerConfigurations.list` `container.initializerConfigurations.update` `container.jobs.` `container.jobs.create` `container.jobs.delete` `container.jobs.get` `container.jobs.getStatus` `container.jobs.list` `container.jobs.update` `container.jobs.updateStatus` `container.leases.` `container.leases.create` `container.leases.delete` `container.leases.get` `container.leases.list` `container.leases.update` `container.limitRanges.` `container.limitRanges.create` `container.limitRanges.delete` `container.limitRanges.get` `container.limitRanges.list` `container.limitRanges.update` `container.localSubjectAccessReviews.` `container.localSubjectAccessReviews.create` `container.localSubjectAccessReviews.list` `container.managedCertificates.` `container.managedCertificates.create` `container.managedCertificates.delete` `container.managedCertificates.get` `container.managedCertificates.list` `container.managedCertificates.update` `container.mutatingWebhookConfigurations.get` `container.mutatingWebhookConfigurations.list` `container.namespaces.` `container.namespaces.create` `container.namespaces.delete` `container.namespaces.finalize` `container.namespaces.get` `container.namespaces.getStatus` `container.namespaces.list` `container.namespaces.update` `container.namespaces.updateStatus` `container.networkPolicies.` `container.networkPolicies.create` `container.networkPolicies.delete` `container.networkPolicies.get` `container.networkPolicies.list` `container.networkPolicies.update` `container.nodes.` `container.nodes.create` `container.nodes.delete` `container.nodes.get` `container.nodes.getStatus` `container.nodes.list` `container.nodes.proxy` `container.nodes.update` `container.nodes.updateStatus` `container.persistentVolumeClaims.` `container.persistentVolumeClaims.create` `container.persistentVolumeClaims.delete` `container.persistentVolumeClaims.get` `container.persistentVolumeClaims.getStatus` `container.persistentVolumeClaims.list` `container.persistentVolumeClaims.update` `container.persistentVolumeClaims.updateStatus` `container.persistentVolumes.` `container.persistentVolumes.create` `container.persistentVolumes.delete` `container.persistentVolumes.get` `container.persistentVolumes.getStatus` `container.persistentVolumes.list` `container.persistentVolumes.update` `container.persistentVolumes.updateStatus` `container.petSets.` `container.petSets.create` `container.petSets.delete` `container.petSets.get` `container.petSets.list` `container.petSets.update` `container.petSets.updateStatus` `container.podDisruptionBudgets.` `container.podDisruptionBudgets.create` `container.podDisruptionBudgets.delete` `container.podDisruptionBudgets.get` `container.podDisruptionBudgets.getStatus` `container.podDisruptionBudgets.list` `container.podDisruptionBudgets.update` `container.podDisruptionBudgets.updateStatus` `container.podPresets.` `container.podPresets.create` `container.podPresets.delete` `container.podPresets.get` `container.podPresets.list` `container.podPresets.update` `container.podSecurityPolicies.get` `container.podSecurityPolicies.list` `container.podTemplates.` `container.podTemplates.create` `container.podTemplates.delete` `container.podTemplates.get` `container.podTemplates.list` `container.podTemplates.update` `container.pods.` `container.pods.attach` `container.pods.create` `container.pods.delete` `container.pods.evict` `container.pods.exec` `container.pods.get` `container.pods.getLogs` `container.pods.getStatus` `container.pods.initialize` `container.pods.list` `container.pods.portForward` `container.pods.proxy` `container.pods.update` `container.pods.updateStatus` `container.priorityClasses.` `container.priorityClasses.create` `container.priorityClasses.delete` `container.priorityClasses.get` `container.priorityClasses.list` `container.priorityClasses.update` `container.replicaSets.` `container.replicaSets.create` `container.replicaSets.delete` `container.replicaSets.get` `container.replicaSets.getScale` `container.replicaSets.getStatus` `container.replicaSets.list` `container.replicaSets.update` `container.replicaSets.updateScale` `container.replicaSets.updateStatus` `container.replicationControllers.` `container.replicationControllers.create` `container.replicationControllers.delete` `container.replicationControllers.get` `container.replicationControllers.getScale` `container.replicationControllers.getStatus` `container.replicationControllers.list` `container.replicationControllers.update` `container.replicationControllers.updateScale` `container.replicationControllers.updateStatus` `container.resourceQuotas.` `container.resourceQuotas.create` `container.resourceQuotas.delete` `container.resourceQuotas.get` `container.resourceQuotas.getStatus` `container.resourceQuotas.list` `container.resourceQuotas.update` `container.resourceQuotas.updateStatus` `container.roleBindings.get` `container.roleBindings.list` `container.roles.get` `container.roles.list` `container.runtimeClasses.` `container.runtimeClasses.create` `container.runtimeClasses.delete` `container.runtimeClasses.get` `container.runtimeClasses.list` `container.runtimeClasses.update` `container.scheduledJobs.` `container.scheduledJobs.create` `container.scheduledJobs.delete` `container.scheduledJobs.get` `container.scheduledJobs.list` `container.scheduledJobs.update` `container.scheduledJobs.updateStatus` `container.secrets.` `container.secrets.create` `container.secrets.delete` `container.secrets.get` `container.secrets.list` `container.secrets.update` `container.selfSubjectAccessReviews.` `container.selfSubjectAccessReviews.create` `container.selfSubjectAccessReviews.list` `container.selfSubjectRulesReviews.create` `container.serviceAccounts.` `container.serviceAccounts.create` `container.serviceAccounts.createToken` `container.serviceAccounts.delete` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.serviceAccounts.update` `container.services.` `container.services.create` `container.services.delete` `container.services.get` `container.services.getStatus` `container.services.list` `container.services.proxy` `container.services.update` `container.services.updateStatus` `container.statefulSets.` `container.statefulSets.create` `container.statefulSets.delete` `container.statefulSets.get` `container.statefulSets.getScale` `container.statefulSets.getStatus` `container.statefulSets.list` `container.statefulSets.update` `container.statefulSets.updateScale` `container.statefulSets.updateStatus` `container.storageClasses.` `container.storageClasses.create` `container.storageClasses.delete` `container.storageClasses.get` `container.storageClasses.list` `container.storageClasses.update` `container.storageStates.` `container.storageStates.create` `container.storageStates.delete` `container.storageStates.get` `container.storageStates.getStatus` `container.storageStates.list` `container.storageStates.update` `container.storageStates.updateStatus` `container.storageVersionMigrations.` `container.storageVersionMigrations.create` `container.storageVersionMigrations.delete` `container.storageVersionMigrations.get` `container.storageVersionMigrations.getStatus` `container.storageVersionMigrations.list` `container.storageVersionMigrations.update` `container.storageVersionMigrations.updateStatus` `container.subjectAccessReviews.` `container.subjectAccessReviews.create` `container.subjectAccessReviews.list` `container.thirdPartyObjects.` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyObjects.update` `container.thirdPartyResources.` `container.thirdPartyResources.create` `container.thirdPartyResources.delete` `container.thirdPartyResources.get` `container.thirdPartyResources.list` `container.thirdPartyResources.update` `container.tokenReviews.create` `container.updateInfos.` `container.updateInfos.create` `container.updateInfos.delete` `container.updateInfos.get` `container.updateInfos.list` `container.updateInfos.update` `container.validatingWebhookConfigurations.get` `container.validatingWebhookConfigurations.list` `container.volumeAttachments.` `container.volumeAttachments.create` `container.volumeAttachments.delete` `container.volumeAttachments.get` `container.volumeAttachments.getStatus` `container.volumeAttachments.list` `container.volumeAttachments.update` `container.volumeAttachments.updateStatus` `container.volumeSnapshotClasses.` `container.volumeSnapshotClasses.create` `container.volumeSnapshotClasses.delete` `container.volumeSnapshotClasses.get` `container.volumeSnapshotClasses.list` `container.volumeSnapshotClasses.update` `container.volumeSnapshotContents.` `container.volumeSnapshotContents.create` `container.volumeSnapshotContents.delete` `container.volumeSnapshotContents.get` `container.volumeSnapshotContents.getStatus` `container.volumeSnapshotContents.list` `container.volumeSnapshotContents.update` `container.volumeSnapshotContents.updateStatus` `container.volumeSnapshots.` `container.volumeSnapshots.create` `container.volumeSnapshots.delete` `container.volumeSnapshots.get` `container.volumeSnapshots.getStatus` `container.volumeSnapshots.list` `container.volumeSnapshots.update` `container.volumeSnapshots.updateStatus` `recommender.containerDiagnosisInsights.` `recommender.containerDiagnosisInsights.get` `recommender.containerDiagnosisInsights.list` `recommender.containerDiagnosisInsights.update` `recommender.containerDiagnosisRecommendations.` `recommender.containerDiagnosisRecommendations.get` `recommender.containerDiagnosisRecommendations.list` `recommender.containerDiagnosisRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.networkAnalyzerGkeConnectivityInsights.` `recommender.networkAnalyzerGkeConnectivityInsights.get` `recommender.networkAnalyzerGkeConnectivityInsights.list` `recommender.networkAnalyzerGkeConnectivityInsights.update` `recommender.networkAnalyzerGkeIpAddressInsights.` `recommender.networkAnalyzerGkeIpAddressInsights.get` `recommender.networkAnalyzerGkeIpAddressInsights.list` `recommender.networkAnalyzerGkeIpAddressInsights.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Kubernetes Engine Host Service Agent User (`roles/container.hostServiceAgentUser`) Allows the Kubernetes Engine service account in the host project to configure shared network resources for cluster management. Also gives access to inspect the firewall rules in the host project.	`compute.firewalls.get` `compute.networks.get` `container.hostServiceAgent.use` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update`
[Deprecated] Kubernetes Engine Node Service Agent (`roles/container.nodeServiceAgent`) Minimal set of permission required by a GKE node to support standard capabilities such as logging and monitoring export, and image pulls. Warning: Do not grant service agent roles to any principals except service agents.	`autoscaling.sites.writeMetrics` `logging.logEntries.create` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.list` `monitoring.timeSeries.*` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.services.use` `storage.objects.get` `storage.objects.list`
Kubernetes Engine Service Agent (`roles/container.serviceAgent`) Gives Kubernetes Engine account access to manage cluster resources. Includes access to service accounts. Warning: Do not grant service agent roles to any principals except service agents.	`autoscaling.sites.readRecommendations` `autoscaling.sites.writeMetrics` `autoscaling.sites.writeState` `backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.createForFilestoreInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.deleteForFilestoreInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.fetchForFilestoreInstance` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.getForFilestoreInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlanAssociations.updateForFilestoreInstance` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupPlans.useForFilestoreInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.useReadOnlyForFilestoreInstance` `backupdr.dataSourceReferences.fetchForFilestoreInstance` `backupdr.dataSourceReferences.getForFilestoreInstance` `backupdr.locations.list` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `bigquery.datasets.create` `bigquery.datasets.get` `bigquery.tables.create` `bigquery.tables.get` `bigquery.tables.update` `bigquery.tables.updateData` `binaryauthorization.policy.evaluatePolicy` `certificatemanager.certissuanceconfigs.create` `certificatemanager.certissuanceconfigs.delete` `certificatemanager.certissuanceconfigs.get` `certificatemanager.certissuanceconfigs.list` `certificatemanager.certissuanceconfigs.listEffectiveTags` `certificatemanager.certissuanceconfigs.listTagBindings` `certificatemanager.certissuanceconfigs.update` `certificatemanager.certissuanceconfigs.use` `certificatemanager.certmapentries.create` `certificatemanager.certmapentries.delete` `certificatemanager.certmapentries.get` `certificatemanager.certmapentries.list` `certificatemanager.certmapentries.listEffectiveTags` `certificatemanager.certmapentries.listTagBindings` `certificatemanager.certmapentries.update` `certificatemanager.certmaps.create` `certificatemanager.certmaps.delete` `certificatemanager.certmaps.get` `certificatemanager.certmaps.list` `certificatemanager.certmaps.listEffectiveTags` `certificatemanager.certmaps.listTagBindings` `certificatemanager.certmaps.update` `certificatemanager.certmaps.use` `certificatemanager.certs.create` `certificatemanager.certs.delete` `certificatemanager.certs.get` `certificatemanager.certs.list` `certificatemanager.certs.listEffectiveTags` `certificatemanager.certs.listTagBindings` `certificatemanager.certs.update` `certificatemanager.certs.use` `certificatemanager.dnsauthorizations.create` `certificatemanager.dnsauthorizations.delete` `certificatemanager.dnsauthorizations.get` `certificatemanager.dnsauthorizations.list` `certificatemanager.dnsauthorizations.listEffectiveTags` `certificatemanager.dnsauthorizations.listTagBindings` `certificatemanager.dnsauthorizations.update` `certificatemanager.dnsauthorizations.use` `certificatemanager.trustconfigs.create` `certificatemanager.trustconfigs.delete` `certificatemanager.trustconfigs.get` `certificatemanager.trustconfigs.list` `certificatemanager.trustconfigs.listEffectiveTags` `certificatemanager.trustconfigs.listTagBindings` `certificatemanager.trustconfigs.update` `certificatemanager.trustconfigs.use` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.crossSiteNetworks.` `compute.crossSiteNetworks.create` `compute.crossSiteNetworks.delete` `compute.crossSiteNetworks.get` `compute.crossSiteNetworks.list` `compute.crossSiteNetworks.update` `compute.diskSettings.` `compute.diskSettings.get` `compute.diskSettings.update` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.updateKmsKey` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.` `compute.firewallPolicies.cloneRules` `compute.firewallPolicies.copyRules` `compute.firewallPolicies.create` `compute.firewallPolicies.createTagBinding` `compute.firewallPolicies.delete` `compute.firewallPolicies.deleteTagBinding` `compute.firewallPolicies.get` `compute.firewallPolicies.getIamPolicy` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.move` `compute.firewallPolicies.setIamPolicy` `compute.firewallPolicies.update` `compute.firewallPolicies.use` `compute.firewalls.` `compute.firewalls.create` `compute.firewalls.createTagBinding` `compute.firewalls.delete` `compute.firewalls.deleteTagBinding` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.firewalls.update` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.futureReservations.list` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addNetworkInterface` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteNetworkInterface` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshotGroups.` `compute.instantSnapshotGroups.create` `compute.instantSnapshotGroups.delete` `compute.instantSnapshotGroups.get` `compute.instantSnapshotGroups.getIamPolicy` `compute.instantSnapshotGroups.list` `compute.instantSnapshotGroups.setIamPolicy` `compute.instantSnapshotGroups.useReadOnly` `compute.instantSnapshots.create` `compute.instantSnapshots.delete` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.listEffectiveTags` `compute.instantSnapshots.listTagBindings` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachmentGroups.` `compute.interconnectAttachmentGroups.create` `compute.interconnectAttachmentGroups.delete` `compute.interconnectAttachmentGroups.get` `compute.interconnectAttachmentGroups.list` `compute.interconnectAttachmentGroups.patch` `compute.interconnectAttachments.` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectGroups.` `compute.interconnectGroups.create` `compute.interconnectGroups.delete` `compute.interconnectGroups.get` `compute.interconnectGroups.list` `compute.interconnectGroups.patch` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenses.create` `compute.licenses.delete` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.listEffectiveTags` `compute.licenses.listTagBindings` `compute.licenses.setIamPolicy` `compute.licenses.update` `compute.machineImages.create` `compute.machineImages.delete` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.listEffectiveTags` `compute.machineImages.listTagBindings` `compute.machineImages.setIamPolicy` `compute.machineImages.setLabels` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.multiMig.` `compute.multiMig.create` `compute.multiMig.delete` `compute.multiMig.get` `compute.multiMig.list` `compute.multiMigMembers.` `compute.multiMigMembers.get` `compute.multiMigMembers.list` `compute.networkAttachments.` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkAttachments.use` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networkProfiles.` `compute.networkProfiles.get` `compute.networkProfiles.list` `compute.networks.` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.setNetworkPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.nodeGroups.get` `compute.packetMirrorings.` `compute.packetMirrorings.create` `compute.packetMirrorings.createTagBinding` `compute.packetMirrorings.delete` `compute.packetMirrorings.deleteTagBinding` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.packetMirrorings.update` `compute.projects.get` `compute.projects.setCommonInstanceMetadata` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.regionBackendBuckets.` `compute.regionBackendBuckets.create` `compute.regionBackendBuckets.createTagBinding` `compute.regionBackendBuckets.delete` `compute.regionBackendBuckets.deleteTagBinding` `compute.regionBackendBuckets.get` `compute.regionBackendBuckets.getIamPolicy` `compute.regionBackendBuckets.list` `compute.regionBackendBuckets.listEffectiveTags` `compute.regionBackendBuckets.listTagBindings` `compute.regionBackendBuckets.setIamPolicy` `compute.regionBackendBuckets.update` `compute.regionBackendBuckets.use` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionCompositeHealthChecks.` `compute.regionCompositeHealthChecks.create` `compute.regionCompositeHealthChecks.delete` `compute.regionCompositeHealthChecks.get` `compute.regionCompositeHealthChecks.list` `compute.regionCompositeHealthChecks.update` `compute.regionFirewallPolicies.` `compute.regionFirewallPolicies.cloneRules` `compute.regionFirewallPolicies.create` `compute.regionFirewallPolicies.createTagBinding` `compute.regionFirewallPolicies.delete` `compute.regionFirewallPolicies.deleteTagBinding` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.getIamPolicy` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.setIamPolicy` `compute.regionFirewallPolicies.update` `compute.regionFirewallPolicies.use` `compute.regionHealthAggregationPolicies.` `compute.regionHealthAggregationPolicies.create` `compute.regionHealthAggregationPolicies.delete` `compute.regionHealthAggregationPolicies.get` `compute.regionHealthAggregationPolicies.list` `compute.regionHealthAggregationPolicies.update` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionHealthSources.` `compute.regionHealthSources.create` `compute.regionHealthSources.delete` `compute.regionHealthSources.get` `compute.regionHealthSources.list` `compute.regionHealthSources.update` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNetworkPolicies.` `compute.regionNetworkPolicies.create` `compute.regionNetworkPolicies.delete` `compute.regionNetworkPolicies.get` `compute.regionNetworkPolicies.list` `compute.regionNetworkPolicies.update` `compute.regionNetworkPolicies.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.` `compute.regionSecurityPolicies.create` `compute.regionSecurityPolicies.createTagBinding` `compute.regionSecurityPolicies.delete` `compute.regionSecurityPolicies.deleteTagBinding` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.update` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.` `compute.regionSslCertificates.create` `compute.regionSslCertificates.createTagBinding` `compute.regionSslCertificates.delete` `compute.regionSslCertificates.deleteTagBinding` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.attach` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservationBlocks.get` `compute.reservationBlocks.list` `compute.reservationSubBlocks.` `compute.reservationSubBlocks.get` `compute.reservationSubBlocks.list` `compute.reservationSubBlocks.performMaintenance` `compute.reservationSubBlocks.reportFaulty` `compute.reservations.get` `compute.reservations.list` `compute.reservations.listEffectiveTags` `compute.reservations.listTagBindings` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.routers.` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.` `compute.securityPolicies.addAssociation` `compute.securityPolicies.copyRules` `compute.securityPolicies.create` `compute.securityPolicies.createTagBinding` `compute.securityPolicies.delete` `compute.securityPolicies.deleteTagBinding` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.move` `compute.securityPolicies.removeAssociation` `compute.securityPolicies.setLabels` `compute.securityPolicies.update` `compute.securityPolicies.use` `compute.serviceAttachments.` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshotGroups.` `compute.snapshotGroups.create` `compute.snapshotGroups.delete` `compute.snapshotGroups.get` `compute.snapshotGroups.getIamPolicy` `compute.snapshotGroups.list` `compute.snapshotGroups.setIamPolicy` `compute.snapshotGroups.useReadOnly` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.updateKmsKey` `compute.snapshots.useReadOnly` `compute.spotAssistants.get` `compute.sslCertificates.` `compute.sslCertificates.create` `compute.sslCertificates.createTagBinding` `compute.sslCertificates.delete` `compute.sslCertificates.deleteTagBinding` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.storagePools.create` `compute.storagePools.delete` `compute.storagePools.get` `compute.storagePools.getIamPolicy` `compute.storagePools.list` `compute.storagePools.listEffectiveTags` `compute.storagePools.listTagBindings` `compute.storagePools.setIamPolicy` `compute.storagePools.update` `compute.storagePools.use` `compute.subnetworks.` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.subnetworks.usePeerMigration` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.attach` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vpnGateways.` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.wireGroups.` `compute.wireGroups.create` `compute.wireGroups.delete` `compute.wireGroups.get` `compute.wireGroups.list` `compute.wireGroups.update` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `container.` `container.apiServices.create` `container.apiServices.delete` `container.apiServices.get` `container.apiServices.getStatus` `container.apiServices.list` `container.apiServices.update` `container.apiServices.updateStatus` `container.auditSinks.create` `container.auditSinks.delete` `container.auditSinks.get` `container.auditSinks.list` `container.auditSinks.update` `container.backendConfigs.create` `container.backendConfigs.delete` `container.backendConfigs.get` `container.backendConfigs.list` `container.backendConfigs.update` `container.bindings.create` `container.bindings.delete` `container.bindings.get` `container.bindings.list` `container.bindings.update` `container.certificateSigningRequests.approve` `container.certificateSigningRequests.create` `container.certificateSigningRequests.delete` `container.certificateSigningRequests.get` `container.certificateSigningRequests.getStatus` `container.certificateSigningRequests.list` `container.certificateSigningRequests.update` `container.certificateSigningRequests.updateStatus` `container.clusterRoleBindings.create` `container.clusterRoleBindings.delete` `container.clusterRoleBindings.get` `container.clusterRoleBindings.list` `container.clusterRoleBindings.update` `container.clusterRoles.bind` `container.clusterRoles.create` `container.clusterRoles.delete` `container.clusterRoles.escalate` `container.clusterRoles.get` `container.clusterRoles.list` `container.clusterRoles.update` `container.clusters.connect` `container.clusters.create` `container.clusters.createTagBinding` `container.clusters.delete` `container.clusters.deleteTagBinding` `container.clusters.get` `container.clusters.getCredentials` `container.clusters.impersonate` `container.clusters.list` `container.clusters.listEffectiveTags` `container.clusters.listTagBindings` `container.clusters.update` `container.componentStatuses.get` `container.componentStatuses.list` `container.configMaps.create` `container.configMaps.delete` `container.configMaps.get` `container.configMaps.list` `container.configMaps.update` `container.controllerRevisions.create` `container.controllerRevisions.delete` `container.controllerRevisions.get` `container.controllerRevisions.list` `container.controllerRevisions.update` `container.cronJobs.create` `container.cronJobs.delete` `container.cronJobs.get` `container.cronJobs.getStatus` `container.cronJobs.list` `container.cronJobs.update` `container.cronJobs.updateStatus` `container.csiDrivers.create` `container.csiDrivers.delete` `container.csiDrivers.get` `container.csiDrivers.list` `container.csiDrivers.update` `container.csiNodeInfos.create` `container.csiNodeInfos.delete` `container.csiNodeInfos.get` `container.csiNodeInfos.list` `container.csiNodeInfos.update` `container.csiNodes.create` `container.csiNodes.delete` `container.csiNodes.get` `container.csiNodes.list` `container.csiNodes.update` `container.customResourceDefinitions.create` `container.customResourceDefinitions.delete` `container.customResourceDefinitions.get` `container.customResourceDefinitions.getStatus` `container.customResourceDefinitions.list` `container.customResourceDefinitions.update` `container.customResourceDefinitions.updateStatus` `container.daemonSets.create` `container.daemonSets.delete` `container.daemonSets.get` `container.daemonSets.getStatus` `container.daemonSets.list` `container.daemonSets.update` `container.daemonSets.updateStatus` `container.deployments.create` `container.deployments.delete` `container.deployments.get` `container.deployments.getScale` `container.deployments.getStatus` `container.deployments.list` `container.deployments.rollback` `container.deployments.update` `container.deployments.updateScale` `container.deployments.updateStatus` `container.endpointSlices.create` `container.endpointSlices.delete` `container.endpointSlices.get` `container.endpointSlices.list` `container.endpointSlices.update` `container.endpoints.create` `container.endpoints.delete` `container.endpoints.get` `container.endpoints.list` `container.endpoints.update` `container.events.create` `container.events.delete` `container.events.get` `container.events.list` `container.events.update` `container.frontendConfigs.create` `container.frontendConfigs.delete` `container.frontendConfigs.get` `container.frontendConfigs.list` `container.frontendConfigs.update` `container.horizontalPodAutoscalers.create` `container.horizontalPodAutoscalers.delete` `container.horizontalPodAutoscalers.get` `container.horizontalPodAutoscalers.getStatus` `container.horizontalPodAutoscalers.list` `container.horizontalPodAutoscalers.update` `container.horizontalPodAutoscalers.updateStatus` `container.hostServiceAgent.use` `container.ingresses.create` `container.ingresses.delete` `container.ingresses.get` `container.ingresses.getStatus` `container.ingresses.list` `container.ingresses.update` `container.ingresses.updateStatus` `container.initializerConfigurations.create` `container.initializerConfigurations.delete` `container.initializerConfigurations.get` `container.initializerConfigurations.list` `container.initializerConfigurations.update` `container.jobs.create` `container.jobs.delete` `container.jobs.get` `container.jobs.getStatus` `container.jobs.list` `container.jobs.update` `container.jobs.updateStatus` `container.leases.create` `container.leases.delete` `container.leases.get` `container.leases.list` `container.leases.update` `container.limitRanges.create` `container.limitRanges.delete` `container.limitRanges.get` `container.limitRanges.list` `container.limitRanges.update` `container.localSubjectAccessReviews.create` `container.localSubjectAccessReviews.list` `container.managedCertificates.create` `container.managedCertificates.delete` `container.managedCertificates.get` `container.managedCertificates.list` `container.managedCertificates.update` `container.mutatingWebhookConfigurations.create` `container.mutatingWebhookConfigurations.delete` `container.mutatingWebhookConfigurations.get` `container.mutatingWebhookConfigurations.list` `container.mutatingWebhookConfigurations.update` `container.namespaces.create` `container.namespaces.delete` `container.namespaces.finalize` `container.namespaces.get` `container.namespaces.getStatus` `container.namespaces.list` `container.namespaces.update` `container.namespaces.updateStatus` `container.networkPolicies.create` `container.networkPolicies.delete` `container.networkPolicies.get` `container.networkPolicies.list` `container.networkPolicies.update` `container.nodes.create` `container.nodes.delete` `container.nodes.get` `container.nodes.getStatus` `container.nodes.list` `container.nodes.proxy` `container.nodes.update` `container.nodes.updateStatus` `container.operations.get` `container.operations.list` `container.persistentVolumeClaims.create` `container.persistentVolumeClaims.delete` `container.persistentVolumeClaims.get` `container.persistentVolumeClaims.getStatus` `container.persistentVolumeClaims.list` `container.persistentVolumeClaims.update` `container.persistentVolumeClaims.updateStatus` `container.persistentVolumes.create` `container.persistentVolumes.delete` `container.persistentVolumes.get` `container.persistentVolumes.getStatus` `container.persistentVolumes.list` `container.persistentVolumes.update` `container.persistentVolumes.updateStatus` `container.petSets.create` `container.petSets.delete` `container.petSets.get` `container.petSets.list` `container.petSets.update` `container.petSets.updateStatus` `container.podDisruptionBudgets.create` `container.podDisruptionBudgets.delete` `container.podDisruptionBudgets.get` `container.podDisruptionBudgets.getStatus` `container.podDisruptionBudgets.list` `container.podDisruptionBudgets.update` `container.podDisruptionBudgets.updateStatus` `container.podPresets.create` `container.podPresets.delete` `container.podPresets.get` `container.podPresets.list` `container.podPresets.update` `container.podSecurityPolicies.create` `container.podSecurityPolicies.delete` `container.podSecurityPolicies.get` `container.podSecurityPolicies.list` `container.podSecurityPolicies.update` `container.podSecurityPolicies.use` `container.podTemplates.create` `container.podTemplates.delete` `container.podTemplates.get` `container.podTemplates.list` `container.podTemplates.update` `container.pods.attach` `container.pods.create` `container.pods.delete` `container.pods.evict` `container.pods.exec` `container.pods.get` `container.pods.getLogs` `container.pods.getStatus` `container.pods.initialize` `container.pods.list` `container.pods.portForward` `container.pods.proxy` `container.pods.update` `container.pods.updateStatus` `container.priorityClasses.create` `container.priorityClasses.delete` `container.priorityClasses.get` `container.priorityClasses.list` `container.priorityClasses.update` `container.replicaSets.create` `container.replicaSets.delete` `container.replicaSets.get` `container.replicaSets.getScale` `container.replicaSets.getStatus` `container.replicaSets.list` `container.replicaSets.update` `container.replicaSets.updateScale` `container.replicaSets.updateStatus` `container.replicationControllers.create` `container.replicationControllers.delete` `container.replicationControllers.get` `container.replicationControllers.getScale` `container.replicationControllers.getStatus` `container.replicationControllers.list` `container.replicationControllers.update` `container.replicationControllers.updateScale` `container.replicationControllers.updateStatus` `container.resourceQuotas.create` `container.resourceQuotas.delete` `container.resourceQuotas.get` `container.resourceQuotas.getStatus` `container.resourceQuotas.list` `container.resourceQuotas.update` `container.resourceQuotas.updateStatus` `container.roleBindings.create` `container.roleBindings.delete` `container.roleBindings.get` `container.roleBindings.list` `container.roleBindings.update` `container.roles.bind` `container.roles.create` `container.roles.delete` `container.roles.escalate` `container.roles.get` `container.roles.list` `container.roles.update` `container.runtimeClasses.create` `container.runtimeClasses.delete` `container.runtimeClasses.get` `container.runtimeClasses.list` `container.runtimeClasses.update` `container.scheduledJobs.create` `container.scheduledJobs.delete` `container.scheduledJobs.get` `container.scheduledJobs.list` `container.scheduledJobs.update` `container.scheduledJobs.updateStatus` `container.secrets.create` `container.secrets.delete` `container.secrets.get` `container.secrets.list` `container.secrets.update` `container.selfSubjectAccessReviews.create` `container.selfSubjectAccessReviews.list` `container.selfSubjectRulesReviews.create` `container.serviceAccounts.create` `container.serviceAccounts.createToken` `container.serviceAccounts.delete` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.serviceAccounts.update` `container.services.create` `container.services.delete` `container.services.get` `container.services.getStatus` `container.services.list` `container.services.proxy` `container.services.update` `container.services.updateStatus` `container.statefulSets.create` `container.statefulSets.delete` `container.statefulSets.get` `container.statefulSets.getScale` `container.statefulSets.getStatus` `container.statefulSets.list` `container.statefulSets.update` `container.statefulSets.updateScale` `container.statefulSets.updateStatus` `container.storageClasses.create` `container.storageClasses.delete` `container.storageClasses.get` `container.storageClasses.list` `container.storageClasses.update` `container.storageStates.create` `container.storageStates.delete` `container.storageStates.get` `container.storageStates.getStatus` `container.storageStates.list` `container.storageStates.update` `container.storageStates.updateStatus` `container.storageVersionMigrations.create` `container.storageVersionMigrations.delete` `container.storageVersionMigrations.get` `container.storageVersionMigrations.getStatus` `container.storageVersionMigrations.list` `container.storageVersionMigrations.update` `container.storageVersionMigrations.updateStatus` `container.subjectAccessReviews.create` `container.subjectAccessReviews.list` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyObjects.update` `container.thirdPartyResources.create` `container.thirdPartyResources.delete` `container.thirdPartyResources.get` `container.thirdPartyResources.list` `container.thirdPartyResources.update` `container.tokenReviews.create` `container.updateInfos.create` `container.updateInfos.delete` `container.updateInfos.get` `container.updateInfos.list` `container.updateInfos.update` `container.validatingWebhookConfigurations.create` `container.validatingWebhookConfigurations.delete` `container.validatingWebhookConfigurations.get` `container.validatingWebhookConfigurations.list` `container.validatingWebhookConfigurations.update` `container.volumeAttachments.create` `container.volumeAttachments.delete` `container.volumeAttachments.get` `container.volumeAttachments.getStatus` `container.volumeAttachments.list` `container.volumeAttachments.update` `container.volumeAttachments.updateStatus` `container.volumeSnapshotClasses.create` `container.volumeSnapshotClasses.delete` `container.volumeSnapshotClasses.get` `container.volumeSnapshotClasses.list` `container.volumeSnapshotClasses.update` `container.volumeSnapshotContents.create` `container.volumeSnapshotContents.delete` `container.volumeSnapshotContents.get` `container.volumeSnapshotContents.getStatus` `container.volumeSnapshotContents.list` `container.volumeSnapshotContents.update` `container.volumeSnapshotContents.updateStatus` `container.volumeSnapshots.create` `container.volumeSnapshots.delete` `container.volumeSnapshots.get` `container.volumeSnapshots.getStatus` `container.volumeSnapshots.list` `container.volumeSnapshots.update` `container.volumeSnapshots.updateStatus` `dns.changes.` `dns.changes.create` `dns.changes.get` `dns.changes.list` `dns.dnsKeys.` `dns.dnsKeys.get` `dns.dnsKeys.list` `dns.gkeClusters.` `dns.gkeClusters.bindDNSResponsePolicy` `dns.gkeClusters.bindPrivateDNSZone` `dns.managedZoneOperations.` `dns.managedZoneOperations.get` `dns.managedZoneOperations.list` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.getIamPolicy` `dns.managedZones.list` `dns.managedZones.update` `dns.networks.` `dns.networks.bindDNSResponsePolicy` `dns.networks.bindPrivateDNSPolicy` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.networks.useHealthSignals` `dns.policies.` `dns.policies.create` `dns.policies.createTagBinding` `dns.policies.delete` `dns.policies.deleteTagBinding` `dns.policies.get` `dns.policies.list` `dns.policies.listEffectiveTags` `dns.policies.listTagBindings` `dns.policies.update` `dns.projects.get` `dns.resourceRecordSets.` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `dns.responsePolicies.` `dns.responsePolicies.create` `dns.responsePolicies.delete` `dns.responsePolicies.get` `dns.responsePolicies.list` `dns.responsePolicies.update` `dns.responsePolicyRules.` `dns.responsePolicyRules.create` `dns.responsePolicyRules.delete` `dns.responsePolicyRules.get` `dns.responsePolicyRules.list` `dns.responsePolicyRules.update` `file.` `file.backups.create` `file.backups.createTagBinding` `file.backups.delete` `file.backups.deleteTagBinding` `file.backups.get` `file.backups.list` `file.backups.listEffectiveTags` `file.backups.listTagBindings` `file.backups.update` `file.backups.useReadOnly` `file.instances.create` `file.instances.createCrossProjectBackup` `file.instances.createTagBinding` `file.instances.delete` `file.instances.deleteTagBinding` `file.instances.get` `file.instances.list` `file.instances.listEffectiveTags` `file.instances.listTagBindings` `file.instances.restore` `file.instances.revert` `file.instances.update` `file.locations.get` `file.locations.list` `file.operations.cancel` `file.operations.delete` `file.operations.get` `file.operations.list` `file.snapshots.createTagBinding` `file.snapshots.deleteTagBinding` `file.snapshots.listEffectiveTags` `file.snapshots.listTagBindings` `iam.serviceAccounts.actAs` `iam.serviceAccounts.get` `logging.logEntries.create` `lustre.instances.create` `lustre.instances.delete` `lustre.instances.get` `lustre.instances.importData` `lustre.instances.list` `lustre.instances.update` `lustre.locations.` `lustre.locations.get` `lustre.locations.list` `lustre.operations.` `lustre.operations.cancel` `lustre.operations.delete` `lustre.operations.get` `lustre.operations.list` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `networkconnectivity.internalRanges.` `networkconnectivity.internalRanges.create` `networkconnectivity.internalRanges.delete` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.getIamPolicy` `networkconnectivity.internalRanges.list` `networkconnectivity.internalRanges.setIamPolicy` `networkconnectivity.internalRanges.update` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.` `networkconnectivity.operations.cancel` `networkconnectivity.operations.delete` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.` `networkconnectivity.policyBasedRoutes.create` `networkconnectivity.policyBasedRoutes.delete` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.getIamPolicy` `networkconnectivity.policyBasedRoutes.list` `networkconnectivity.policyBasedRoutes.setIamPolicy` `networkconnectivity.regionalEndpoints.` `networkconnectivity.regionalEndpoints.create` `networkconnectivity.regionalEndpoints.delete` `networkconnectivity.regionalEndpoints.get` `networkconnectivity.regionalEndpoints.list` `networkconnectivity.serviceClasses.` `networkconnectivity.serviceClasses.create` `networkconnectivity.serviceClasses.delete` `networkconnectivity.serviceClasses.get` `networkconnectivity.serviceClasses.list` `networkconnectivity.serviceClasses.update` `networkconnectivity.serviceClasses.use` `networkconnectivity.serviceConnectionMaps.` `networkconnectivity.serviceConnectionMaps.create` `networkconnectivity.serviceConnectionMaps.delete` `networkconnectivity.serviceConnectionMaps.get` `networkconnectivity.serviceConnectionMaps.list` `networkconnectivity.serviceConnectionMaps.update` `networkconnectivity.serviceConnectionPolicies.` `networkconnectivity.serviceConnectionPolicies.create` `networkconnectivity.serviceConnectionPolicies.delete` `networkconnectivity.serviceConnectionPolicies.get` `networkconnectivity.serviceConnectionPolicies.list` `networkconnectivity.serviceConnectionPolicies.update` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.` `networksecurity.addressGroups.create` `networksecurity.addressGroups.delete` `networksecurity.addressGroups.get` `networksecurity.addressGroups.getIamPolicy` `networksecurity.addressGroups.list` `networksecurity.addressGroups.setIamPolicy` `networksecurity.addressGroups.update` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.` `networksecurity.authorizationPolicies.create` `networksecurity.authorizationPolicies.delete` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.getIamPolicy` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.setIamPolicy` `networksecurity.authorizationPolicies.update` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.` `networksecurity.authzPolicies.create` `networksecurity.authzPolicies.delete` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.getIamPolicy` `networksecurity.authzPolicies.list` `networksecurity.authzPolicies.setIamPolicy` `networksecurity.authzPolicies.update` `networksecurity.backendAuthenticationConfigs.` `networksecurity.backendAuthenticationConfigs.create` `networksecurity.backendAuthenticationConfigs.delete` `networksecurity.backendAuthenticationConfigs.get` `networksecurity.backendAuthenticationConfigs.list` `networksecurity.backendAuthenticationConfigs.update` `networksecurity.backendAuthenticationConfigs.use` `networksecurity.clientTlsPolicies.` `networksecurity.clientTlsPolicies.create` `networksecurity.clientTlsPolicies.delete` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.getIamPolicy` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.setIamPolicy` `networksecurity.clientTlsPolicies.update` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.` `networksecurity.firewallEndpointAssociations.create` `networksecurity.firewallEndpointAssociations.delete` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpointAssociations.update` `networksecurity.firewallEndpoints.` `networksecurity.firewallEndpoints.create` `networksecurity.firewallEndpoints.delete` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.update` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.` `networksecurity.gatewaySecurityPolicies.create` `networksecurity.gatewaySecurityPolicies.delete` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.update` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.` `networksecurity.gatewaySecurityPolicyRules.create` `networksecurity.gatewaySecurityPolicyRules.delete` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.update` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.` `networksecurity.operations.cancel` `networksecurity.operations.delete` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.sacAttachments.` `networksecurity.sacAttachments.create` `networksecurity.sacAttachments.delete` `networksecurity.sacAttachments.get` `networksecurity.sacAttachments.list` `networksecurity.sacRealms.` `networksecurity.sacRealms.create` `networksecurity.sacRealms.delete` `networksecurity.sacRealms.get` `networksecurity.sacRealms.list` `networksecurity.securityProfileGroups.` `networksecurity.securityProfileGroups.create` `networksecurity.securityProfileGroups.delete` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.update` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.` `networksecurity.securityProfiles.create` `networksecurity.securityProfiles.delete` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.update` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.` `networksecurity.serverTlsPolicies.create` `networksecurity.serverTlsPolicies.delete` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.getIamPolicy` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.setIamPolicy` `networksecurity.serverTlsPolicies.update` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.` `networksecurity.tlsInspectionPolicies.create` `networksecurity.tlsInspectionPolicies.delete` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.update` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.` `networksecurity.urlLists.create` `networksecurity.urlLists.delete` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.update` `networksecurity.urlLists.use` `networkservices.` `networkservices.authzExtensions.create` `networkservices.authzExtensions.delete` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.update` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.create` `networkservices.endpointPolicies.delete` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.endpointPolicies.update` `networkservices.gateways.create` `networkservices.gateways.delete` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.update` `networkservices.gateways.use` `networkservices.grpcRoutes.create` `networkservices.grpcRoutes.delete` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.grpcRoutes.update` `networkservices.httpFilters.create` `networkservices.httpFilters.delete` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpFilters.update` `networkservices.httpRoutes.create` `networkservices.httpRoutes.delete` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpRoutes.update` `networkservices.httpfilters.create` `networkservices.httpfilters.delete` `networkservices.httpfilters.get` `networkservices.httpfilters.getIamPolicy` `networkservices.httpfilters.list` `networkservices.httpfilters.setIamPolicy` `networkservices.httpfilters.update` `networkservices.httpfilters.use` `networkservices.lbEdgeExtensions.create` `networkservices.lbEdgeExtensions.delete` `networkservices.lbEdgeExtensions.get` `networkservices.lbEdgeExtensions.list` `networkservices.lbEdgeExtensions.update` `networkservices.lbRouteExtensions.create` `networkservices.lbRouteExtensions.delete` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbRouteExtensions.update` `networkservices.lbTcpExtensions.createForNetwork` `networkservices.lbTcpExtensions.deleteForNetwork` `networkservices.lbTcpExtensions.getForNetwork` `networkservices.lbTcpExtensions.listForNetwork` `networkservices.lbTcpExtensions.updateForNetwork` `networkservices.lbTrafficExtensions.create` `networkservices.lbTrafficExtensions.delete` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.lbTrafficExtensions.update` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.create` `networkservices.meshes.delete` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.update` `networkservices.meshes.use` `networkservices.operations.cancel` `networkservices.operations.delete` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.create` `networkservices.serviceBindings.delete` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceBindings.update` `networkservices.serviceLbPolicies.create` `networkservices.serviceLbPolicies.delete` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.serviceLbPolicies.update` `networkservices.swpSecurityExtensions.create` `networkservices.swpSecurityExtensions.delete` `networkservices.swpSecurityExtensions.get` `networkservices.swpSecurityExtensions.list` `networkservices.swpSecurityExtensions.update` `networkservices.tcpRoutes.create` `networkservices.tcpRoutes.delete` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tcpRoutes.update` `networkservices.tlsRoutes.create` `networkservices.tlsRoutes.delete` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.tlsRoutes.update` `networkservices.wasmPlugins.create` `networkservices.wasmPlugins.delete` `networkservices.wasmPlugins.get` `networkservices.wasmPlugins.list` `networkservices.wasmPlugins.update` `networkservices.wasmPlugins.use` `parallelstore.instances.create` `parallelstore.instances.delete` `parallelstore.instances.get` `parallelstore.instances.importData` `parallelstore.instances.list` `parallelstore.instances.update` `parallelstore.locations.` `parallelstore.locations.get` `parallelstore.locations.list` `parallelstore.operations.` `parallelstore.operations.cancel` `parallelstore.operations.delete` `parallelstore.operations.get` `parallelstore.operations.list` `pubsub.topics.create` `pubsub.topics.get` `pubsub.topics.publish` `recommender.containerDiagnosisInsights.` `recommender.containerDiagnosisInsights.get` `recommender.containerDiagnosisInsights.list` `recommender.containerDiagnosisInsights.update` `recommender.containerDiagnosisRecommendations.` `recommender.containerDiagnosisRecommendations.get` `recommender.containerDiagnosisRecommendations.list` `recommender.containerDiagnosisRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.networkAnalyzerGkeConnectivityInsights.` `recommender.networkAnalyzerGkeConnectivityInsights.get` `recommender.networkAnalyzerGkeConnectivityInsights.list` `recommender.networkAnalyzerGkeConnectivityInsights.update` `recommender.networkAnalyzerGkeIpAddressInsights.` `recommender.networkAnalyzerGkeIpAddressInsights.get` `recommender.networkAnalyzerGkeIpAddressInsights.list` `recommender.networkAnalyzerGkeIpAddressInsights.update` `resourcemanager.projects.get` `resourcemanager.projects.list` `resourcemanager.tagHolds.` `resourcemanager.tagHolds.create` `resourcemanager.tagHolds.delete` `resourcemanager.tagHolds.list` `resourcemanager.tagValueBindings.create` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `servicenetworking.operations.get` `servicenetworking.services.addPeering` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.getVpcServiceControls` `servicenetworking.services.listPeeredDnsDomains` `serviceusage.consumerpolicy.analyze` `serviceusage.consumerpolicy.get` `serviceusage.effectivepolicy.get` `serviceusage.groups.` `serviceusage.groups.list` `serviceusage.groups.listExpandedMembers` `serviceusage.groups.listMembers` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `serviceusage.services.use` `serviceusage.values.test` `tpu.locations.` `tpu.locations.get` `tpu.locations.list` `tpu.nodes.create` `tpu.nodes.delete` `tpu.nodes.get` `tpu.nodes.list` `tpu.operations.` `tpu.operations.get` `tpu.operations.list` `trafficdirector.*` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`
Kubernetes Engine Viewer (`roles/container.viewer`) Provides read-only access to resources within GKE clusters, such as nodes, pods, and GKE API objects. Lowest-level resources where you can grant this role: Project	`container.apiServices.get` `container.apiServices.getStatus` `container.apiServices.list` `container.auditSinks.get` `container.auditSinks.list` `container.backendConfigs.get` `container.backendConfigs.list` `container.bindings.get` `container.bindings.list` `container.certificateSigningRequests.get` `container.certificateSigningRequests.getStatus` `container.certificateSigningRequests.list` `container.clusterRoleBindings.get` `container.clusterRoleBindings.list` `container.clusterRoles.get` `container.clusterRoles.list` `container.clusters.connect` `container.clusters.get` `container.clusters.list` `container.componentStatuses.` `container.componentStatuses.get` `container.componentStatuses.list` `container.configMaps.get` `container.configMaps.list` `container.controllerRevisions.get` `container.controllerRevisions.list` `container.cronJobs.get` `container.cronJobs.getStatus` `container.cronJobs.list` `container.csiDrivers.get` `container.csiDrivers.list` `container.csiNodeInfos.get` `container.csiNodeInfos.list` `container.csiNodes.get` `container.csiNodes.list` `container.customResourceDefinitions.get` `container.customResourceDefinitions.getStatus` `container.customResourceDefinitions.list` `container.daemonSets.get` `container.daemonSets.getStatus` `container.daemonSets.list` `container.deployments.get` `container.deployments.getScale` `container.deployments.getStatus` `container.deployments.list` `container.endpointSlices.get` `container.endpointSlices.list` `container.endpoints.get` `container.endpoints.list` `container.events.get` `container.events.list` `container.frontendConfigs.get` `container.frontendConfigs.list` `container.horizontalPodAutoscalers.get` `container.horizontalPodAutoscalers.getStatus` `container.horizontalPodAutoscalers.list` `container.ingresses.get` `container.ingresses.getStatus` `container.ingresses.list` `container.initializerConfigurations.get` `container.initializerConfigurations.list` `container.jobs.get` `container.jobs.getStatus` `container.jobs.list` `container.leases.get` `container.leases.list` `container.limitRanges.get` `container.limitRanges.list` `container.managedCertificates.get` `container.managedCertificates.list` `container.mutatingWebhookConfigurations.get` `container.mutatingWebhookConfigurations.list` `container.namespaces.get` `container.namespaces.getStatus` `container.namespaces.list` `container.networkPolicies.get` `container.networkPolicies.list` `container.nodes.get` `container.nodes.getStatus` `container.nodes.list` `container.operations.` `container.operations.get` `container.operations.list` `container.persistentVolumeClaims.get` `container.persistentVolumeClaims.getStatus` `container.persistentVolumeClaims.list` `container.persistentVolumes.get` `container.persistentVolumes.getStatus` `container.persistentVolumes.list` `container.petSets.get` `container.petSets.list` `container.podDisruptionBudgets.get` `container.podDisruptionBudgets.getStatus` `container.podDisruptionBudgets.list` `container.podPresets.get` `container.podPresets.list` `container.podSecurityPolicies.get` `container.podSecurityPolicies.list` `container.podTemplates.get` `container.podTemplates.list` `container.pods.get` `container.pods.getStatus` `container.pods.list` `container.priorityClasses.get` `container.priorityClasses.list` `container.replicaSets.get` `container.replicaSets.getScale` `container.replicaSets.getStatus` `container.replicaSets.list` `container.replicationControllers.get` `container.replicationControllers.getScale` `container.replicationControllers.getStatus` `container.replicationControllers.list` `container.resourceQuotas.get` `container.resourceQuotas.getStatus` `container.resourceQuotas.list` `container.roleBindings.get` `container.roleBindings.list` `container.roles.get` `container.roles.list` `container.runtimeClasses.get` `container.runtimeClasses.list` `container.scheduledJobs.get` `container.scheduledJobs.list` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.services.get` `container.services.getStatus` `container.services.list` `container.statefulSets.get` `container.statefulSets.getScale` `container.statefulSets.getStatus` `container.statefulSets.list` `container.storageClasses.get` `container.storageClasses.list` `container.storageStates.get` `container.storageStates.getStatus` `container.storageStates.list` `container.storageVersionMigrations.get` `container.storageVersionMigrations.getStatus` `container.storageVersionMigrations.list` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyResources.get` `container.thirdPartyResources.list` `container.tokenReviews.create` `container.updateInfos.get` `container.updateInfos.list` `container.validatingWebhookConfigurations.get` `container.validatingWebhookConfigurations.list` `container.volumeAttachments.get` `container.volumeAttachments.getStatus` `container.volumeAttachments.list` `container.volumeSnapshotClasses.get` `container.volumeSnapshotClasses.list` `container.volumeSnapshotContents.get` `container.volumeSnapshotContents.getStatus` `container.volumeSnapshotContents.list` `container.volumeSnapshots.get` `container.volumeSnapshots.list` `recommender.containerDiagnosisInsights.get` `recommender.containerDiagnosisInsights.list` `recommender.containerDiagnosisRecommendations.get` `recommender.containerDiagnosisRecommendations.list` `recommender.locations.*` `recommender.locations.get` `recommender.locations.list` `recommender.networkAnalyzerGkeConnectivityInsights.get` `recommender.networkAnalyzerGkeConnectivityInsights.list` `recommender.networkAnalyzerGkeIpAddressInsights.get` `recommender.networkAnalyzerGkeIpAddressInsights.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Kubernetes Engine Admin

(roles/container.admin)

Provides access to full management of clusters and their Kubernetes API objects.

To set a service account on nodes, you must also have the Service Account User role (roles/iam.serviceAccountUser) on the user-managed service account that your nodes will use.

Lowest-level resources where you can grant this role:

Project

container.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update
container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update
container.certificateSigningRequests.approve
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.getStatus
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.certificateSigningRequests.updateStatus
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.connect
container.clusters.create
container.clusters.createTagBinding
container.clusters.delete
container.clusters.deleteTagBinding
container.clusters.get
container.clusters.getCredentials
container.clusters.impersonate
container.clusters.list
container.clusters.listEffectiveTags
container.clusters.listTagBindings
container.clusters.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus
container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update
container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update
container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.hostServiceAgent.use
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus
container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list
container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.delete
container.mutatingWebhookConfigurations.get
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus
container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus
container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update
container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list
container.selfSubjectRulesReviews.create
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus
container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus
container.subjectAccessReviews.create
container.subjectAccessReviews.list
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update
container.tokenReviews.create
container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.delete
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update
container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus
container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

resourcemanager.projects.get

resourcemanager.projects.list

Kubernetes Engine KMS Crypto Key User

(roles/container.cloudKmsKeyUser)

Allow the Kubernetes Engine service agent in the cluster project to call KMS with user provided crypto keys to sign payloads.

cloudkms.cryptoKeyVersions.get

cloudkms.cryptoKeyVersions.useToSign

cloudkms.cryptoKeyVersions.useToVerify

cloudkms.cryptoKeyVersions.viewPublicKey

cloudkms.cryptoKeys.get

cloudkms.locations.get

cloudkms.locations.list

resourcemanager.projects.get

Kubernetes Engine Cluster Admin

(roles/container.clusterAdmin)

Provides access to management of clusters.

To set a service account on nodes, you must also have the Service Account User role (roles/iam.serviceAccountUser) on the user-managed service account that your nodes will use.

Lowest-level resources where you can grant this role:

Project

container.clusters.connect

container.clusters.create

container.clusters.delete

container.clusters.get

container.clusters.list

container.clusters.update

container.operations.*

container.operations.get
container.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Kubernetes Engine Cluster Viewer

(roles/container.clusterViewer)

Provides access to get and list GKE clusters.

container.clusters.connect

container.clusters.get

container.clusters.list

resourcemanager.projects.get

resourcemanager.projects.list

Kubernetes Engine Default Node Service Account

(roles/container.defaultNodeServiceAccount)

Least privilege role to use as the default service account for GKE Nodes.

autoscaling.sites.writeMetrics

logging.logEntries.create

monitoring.metricDescriptors.create

monitoring.metricDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

Kubernetes Engine Default Node Service Agent

(roles/container.defaultNodeServiceAgent)

Minimal set of permissions required by a GKE node to support standard capabilities such as logging and monitoring. Replaces the container.nodeServiceAgent role with a reduced permission set.

autoscaling.sites.writeMetrics

logging.logEntries.create

monitoring.metricDescriptors.create

monitoring.metricDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

serviceusage.services.use

telemetry.metrics.write

telemetry.traces.write

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Kubernetes Engine Developer

(roles/container.developer)

Provides access to Kubernetes API objects inside clusters.

Lowest-level resources where you can grant this role:

Project

container.apiServices.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus

container.auditSinks.*

container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update

container.backendConfigs.*

container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update

container.bindings.*

container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update

container.certificateSigningRequests.create

container.certificateSigningRequests.delete

container.certificateSigningRequests.get

container.certificateSigningRequests.list

container.certificateSigningRequests.update

container.certificateSigningRequests.updateStatus

container.clusterRoleBindings.get

container.clusterRoleBindings.list

container.clusterRoles.get

container.clusterRoles.list

container.clusters.connect

container.clusters.get

container.clusters.list

container.componentStatuses.*

container.componentStatuses.get
container.componentStatuses.list

container.configMaps.*

container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update

container.controllerRevisions.get

container.controllerRevisions.list

container.cronJobs.*

container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus

container.csiDrivers.*

container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update

container.csiNodeInfos.*

container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update

container.csiNodes.*

container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update

container.customResourceDefinitions.*

container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus

container.daemonSets.*

container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus

container.deployments.*

container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus

container.endpointSlices.*

container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update

container.endpoints.*

container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update

container.events.*

container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update

container.frontendConfigs.*

container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update

container.horizontalPodAutoscalers.*

container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus

container.ingresses.*

container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus

container.initializerConfigurations.*

container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update

container.jobs.*

container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus

container.leases.*

container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update

container.limitRanges.*

container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update

container.localSubjectAccessReviews.*

container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list

container.managedCertificates.*

container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update

container.mutatingWebhookConfigurations.get

container.mutatingWebhookConfigurations.list

container.namespaces.*

container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus

container.networkPolicies.*

container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update

container.nodes.*

container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus

container.persistentVolumeClaims.*

container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus

container.persistentVolumes.*

container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus

container.petSets.*

container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus

container.podDisruptionBudgets.*

container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus

container.podPresets.*

container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update

container.podSecurityPolicies.get

container.podSecurityPolicies.list

container.podTemplates.*

container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update

container.pods.*

container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus

container.priorityClasses.*

container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update

container.replicaSets.*

container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus

container.replicationControllers.*

container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus

container.resourceQuotas.*

container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus

container.roleBindings.get

container.roleBindings.list

container.roles.get

container.roles.list

container.runtimeClasses.*

container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update

container.scheduledJobs.*

container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus

container.secrets.*

container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update

container.selfSubjectAccessReviews.*

container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list

container.selfSubjectRulesReviews.create

container.serviceAccounts.*

container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update

container.services.*

container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus

container.statefulSets.*

container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus

container.storageClasses.*

container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update

container.storageStates.*

container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus

container.storageVersionMigrations.*

container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus

container.subjectAccessReviews.*

container.subjectAccessReviews.create
container.subjectAccessReviews.list

container.thirdPartyObjects.*

container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update

container.thirdPartyResources.*

container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update

container.tokenReviews.create

container.updateInfos.*

container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update

container.validatingWebhookConfigurations.get

container.validatingWebhookConfigurations.list

container.volumeAttachments.*

container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus

container.volumeSnapshotClasses.*

container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update

container.volumeSnapshotContents.*

container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus

container.volumeSnapshots.*

container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

resourcemanager.projects.get

resourcemanager.projects.list

Kubernetes Engine Host Service Agent User

(roles/container.hostServiceAgentUser)

Allows the Kubernetes Engine service account in the host project to configure shared network resources for cluster management. Also gives access to inspect the firewall rules in the host project.

compute.firewalls.get

compute.networks.get

container.hostServiceAgent.use

dns.networks.bindDNSResponsePolicy

dns.networks.bindPrivateDNSPolicy

dns.networks.bindPrivateDNSZone

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

[Deprecated] Kubernetes Engine Node Service Agent

(roles/container.nodeServiceAgent)

Minimal set of permission required by a GKE node to support standard capabilities such as logging and monitoring export, and image pulls.

autoscaling.sites.writeMetrics

logging.logEntries.create

monitoring.metricDescriptors.create

monitoring.metricDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

storage.objects.get

storage.objects.list

Kubernetes Engine Service Agent

(roles/container.serviceAgent)

Gives Kubernetes Engine account access to manage cluster resources. Includes access to service accounts.

autoscaling.sites.readRecommendations

autoscaling.sites.writeMetrics

autoscaling.sites.writeState

backupdr.backupPlanAssociations.createForComputeDisk

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.createForFilestoreInstance

backupdr.backupPlanAssociations.deleteForComputeDisk

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.deleteForFilestoreInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanAssociations.triggerBackupForComputeDisk

backupdr.backupPlanAssociations.triggerBackupForComputeInstance

backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance

backupdr.backupPlanAssociations.updateForComputeDisk

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.dataSourceReferences.fetchForFilestoreInstance

backupdr.dataSourceReferences.getForFilestoreInstance

backupdr.locations.list

backupdr.operations.get

backupdr.operations.list

backupdr.serviceConfig.initialize

bigquery.datasets.create

bigquery.datasets.get

bigquery.tables.create

bigquery.tables.get

bigquery.tables.update

bigquery.tables.updateData

binaryauthorization.policy.evaluatePolicy

certificatemanager.certissuanceconfigs.create

certificatemanager.certissuanceconfigs.delete

certificatemanager.certissuanceconfigs.get

certificatemanager.certissuanceconfigs.list

certificatemanager.certissuanceconfigs.listEffectiveTags

certificatemanager.certissuanceconfigs.listTagBindings

certificatemanager.certissuanceconfigs.update

certificatemanager.certissuanceconfigs.use

certificatemanager.certmapentries.create

certificatemanager.certmapentries.delete

certificatemanager.certmapentries.get

certificatemanager.certmapentries.list

certificatemanager.certmapentries.listEffectiveTags

certificatemanager.certmapentries.listTagBindings

certificatemanager.certmapentries.update

certificatemanager.certmaps.create

certificatemanager.certmaps.delete

certificatemanager.certmaps.get

certificatemanager.certmaps.list

certificatemanager.certmaps.listEffectiveTags

certificatemanager.certmaps.listTagBindings

certificatemanager.certmaps.update

certificatemanager.certmaps.use

certificatemanager.certs.create

certificatemanager.certs.delete

certificatemanager.certs.get

certificatemanager.certs.list

certificatemanager.certs.listEffectiveTags

certificatemanager.certs.listTagBindings

certificatemanager.certs.update

certificatemanager.certs.use

certificatemanager.dnsauthorizations.create

certificatemanager.dnsauthorizations.delete

certificatemanager.dnsauthorizations.get

certificatemanager.dnsauthorizations.list

certificatemanager.dnsauthorizations.listEffectiveTags

certificatemanager.dnsauthorizations.listTagBindings

certificatemanager.dnsauthorizations.update

certificatemanager.dnsauthorizations.use

certificatemanager.trustconfigs.create

certificatemanager.trustconfigs.delete

certificatemanager.trustconfigs.get

certificatemanager.trustconfigs.list

certificatemanager.trustconfigs.listEffectiveTags

certificatemanager.trustconfigs.listTagBindings

certificatemanager.trustconfigs.update

certificatemanager.trustconfigs.use

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.crossSiteNetworks.*

compute.crossSiteNetworks.create
compute.crossSiteNetworks.delete
compute.crossSiteNetworks.get
compute.crossSiteNetworks.list
compute.crossSiteNetworks.update

compute.diskSettings.*

compute.diskSettings.get
compute.diskSettings.update

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.updateKmsKey
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.*

compute.firewallPolicies.cloneRules
compute.firewallPolicies.copyRules
compute.firewallPolicies.create
compute.firewallPolicies.createTagBinding
compute.firewallPolicies.delete
compute.firewallPolicies.deleteTagBinding
compute.firewallPolicies.get
compute.firewallPolicies.getIamPolicy
compute.firewallPolicies.list
compute.firewallPolicies.listEffectiveTags
compute.firewallPolicies.listTagBindings
compute.firewallPolicies.move
compute.firewallPolicies.setIamPolicy
compute.firewallPolicies.update
compute.firewallPolicies.use

compute.firewalls.*

compute.firewalls.create
compute.firewalls.createTagBinding
compute.firewalls.delete
compute.firewalls.deleteTagBinding
compute.firewalls.get
compute.firewalls.list
compute.firewalls.listEffectiveTags
compute.firewalls.listTagBindings
compute.firewalls.update

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.futureReservations.list

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.*

compute.instanceSettings.get
compute.instanceSettings.update

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addNetworkInterface
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteNetworkInterface
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshotGroups.*

compute.instantSnapshotGroups.create
compute.instantSnapshotGroups.delete
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshotGroups.setIamPolicy
compute.instantSnapshotGroups.useReadOnly

compute.instantSnapshots.create

compute.instantSnapshots.delete

compute.instantSnapshots.export

compute.instantSnapshots.get

compute.instantSnapshots.getIamPolicy

compute.instantSnapshots.list

compute.instantSnapshots.listEffectiveTags

compute.instantSnapshots.listTagBindings

compute.instantSnapshots.setIamPolicy

compute.instantSnapshots.setLabels

compute.instantSnapshots.useReadOnly

compute.interconnectAttachmentGroups.*

compute.interconnectAttachmentGroups.create
compute.interconnectAttachmentGroups.delete
compute.interconnectAttachmentGroups.get
compute.interconnectAttachmentGroups.list
compute.interconnectAttachmentGroups.patch

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectGroups.*

compute.interconnectGroups.create
compute.interconnectGroups.delete
compute.interconnectGroups.get
compute.interconnectGroups.list
compute.interconnectGroups.patch

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy

compute.licenses.create

compute.licenses.delete

compute.licenses.get

compute.licenses.getIamPolicy

compute.licenses.list

compute.licenses.listEffectiveTags

compute.licenses.listTagBindings

compute.licenses.setIamPolicy

compute.licenses.update

compute.machineImages.create

compute.machineImages.delete

compute.machineImages.get

compute.machineImages.getIamPolicy

compute.machineImages.list

compute.machineImages.listEffectiveTags

compute.machineImages.listTagBindings

compute.machineImages.setIamPolicy

compute.machineImages.setLabels

compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.multiMig.*

compute.multiMig.create
compute.multiMig.delete
compute.multiMig.get
compute.multiMig.list

compute.multiMigMembers.*

compute.multiMigMembers.get
compute.multiMigMembers.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update
compute.networkAttachments.use

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networkProfiles.*

compute.networkProfiles.get
compute.networkProfiles.list

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.setNetworkPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.nodeGroups.get

compute.packetMirrorings.*

compute.packetMirrorings.create
compute.packetMirrorings.createTagBinding
compute.packetMirrorings.delete
compute.packetMirrorings.deleteTagBinding
compute.packetMirrorings.get
compute.packetMirrorings.list
compute.packetMirrorings.listEffectiveTags
compute.packetMirrorings.listTagBindings
compute.packetMirrorings.update

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendBuckets.*

compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionCompositeHealthChecks.*

compute.regionCompositeHealthChecks.create
compute.regionCompositeHealthChecks.delete
compute.regionCompositeHealthChecks.get
compute.regionCompositeHealthChecks.list
compute.regionCompositeHealthChecks.update

compute.regionFirewallPolicies.*

compute.regionFirewallPolicies.cloneRules
compute.regionFirewallPolicies.create
compute.regionFirewallPolicies.createTagBinding
compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding
compute.regionFirewallPolicies.get
compute.regionFirewallPolicies.getIamPolicy
compute.regionFirewallPolicies.list
compute.regionFirewallPolicies.listEffectiveTags
compute.regionFirewallPolicies.listTagBindings
compute.regionFirewallPolicies.setIamPolicy
compute.regionFirewallPolicies.update
compute.regionFirewallPolicies.use

compute.regionHealthAggregationPolicies.*

compute.regionHealthAggregationPolicies.create
compute.regionHealthAggregationPolicies.delete
compute.regionHealthAggregationPolicies.get
compute.regionHealthAggregationPolicies.list
compute.regionHealthAggregationPolicies.update

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionHealthSources.*

compute.regionHealthSources.create
compute.regionHealthSources.delete
compute.regionHealthSources.get
compute.regionHealthSources.list
compute.regionHealthSources.update

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNetworkPolicies.*

compute.regionNetworkPolicies.create
compute.regionNetworkPolicies.delete
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.update
compute.regionNetworkPolicies.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.*

compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.createTagBinding
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.deleteTagBinding
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.listEffectiveTags
compute.regionSecurityPolicies.listTagBindings
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use

compute.regionSslCertificates.*

compute.regionSslCertificates.create
compute.regionSslCertificates.createTagBinding
compute.regionSslCertificates.delete
compute.regionSslCertificates.deleteTagBinding
compute.regionSslCertificates.get
compute.regionSslCertificates.list
compute.regionSslCertificates.listEffectiveTags
compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.attach
compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservationBlocks.get

compute.reservationBlocks.list

compute.reservationSubBlocks.*

compute.reservationSubBlocks.get
compute.reservationSubBlocks.list
compute.reservationSubBlocks.performMaintenance
compute.reservationSubBlocks.reportFaulty

compute.reservations.get

compute.reservations.list

compute.reservations.listEffectiveTags

compute.reservations.listTagBindings

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.*

compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings

compute.securityPolicies.*

compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.create
compute.securityPolicies.createTagBinding
compute.securityPolicies.delete
compute.securityPolicies.deleteTagBinding
compute.securityPolicies.get
compute.securityPolicies.list
compute.securityPolicies.listEffectiveTags
compute.securityPolicies.listTagBindings
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
compute.securityPolicies.setLabels
compute.securityPolicies.update
compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshotGroups.*

compute.snapshotGroups.create
compute.snapshotGroups.delete
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotGroups.setIamPolicy
compute.snapshotGroups.useReadOnly

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.updateKmsKey
compute.snapshots.useReadOnly

compute.spotAssistants.get

compute.sslCertificates.*

compute.sslCertificates.create
compute.sslCertificates.createTagBinding
compute.sslCertificates.delete
compute.sslCertificates.deleteTagBinding
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslCertificates.listEffectiveTags
compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.storagePools.create

compute.storagePools.delete

compute.storagePools.get

compute.storagePools.getIamPolicy

compute.storagePools.list

compute.storagePools.listEffectiveTags

compute.storagePools.listTagBindings

compute.storagePools.setIamPolicy

compute.storagePools.update

compute.storagePools.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.subnetworks.usePeerMigration

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.attach
compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels

compute.wireGroups.*

compute.wireGroups.create
compute.wireGroups.delete
compute.wireGroups.get
compute.wireGroups.list
compute.wireGroups.update

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

container.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update
container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update
container.certificateSigningRequests.approve
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.getStatus
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.certificateSigningRequests.updateStatus
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.connect
container.clusters.create
container.clusters.createTagBinding
container.clusters.delete
container.clusters.deleteTagBinding
container.clusters.get
container.clusters.getCredentials
container.clusters.impersonate
container.clusters.list
container.clusters.listEffectiveTags
container.clusters.listTagBindings
container.clusters.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus
container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update
container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update
container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.hostServiceAgent.use
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus
container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list
container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.delete
container.mutatingWebhookConfigurations.get
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus
container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus
container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update
container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list
container.selfSubjectRulesReviews.create
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus
container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus
container.subjectAccessReviews.create
container.subjectAccessReviews.list
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update
container.tokenReviews.create
container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.delete
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update
container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus
container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

dns.changes.*

dns.changes.create
dns.changes.get
dns.changes.list

dns.dnsKeys.*

dns.dnsKeys.get
dns.dnsKeys.list

dns.gkeClusters.*

dns.gkeClusters.bindDNSResponsePolicy
dns.gkeClusters.bindPrivateDNSZone

dns.managedZoneOperations.*

dns.managedZoneOperations.get
dns.managedZoneOperations.list

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.getIamPolicy

dns.managedZones.list

dns.managedZones.update

dns.networks.*

dns.networks.bindDNSResponsePolicy
dns.networks.bindPrivateDNSPolicy
dns.networks.bindPrivateDNSZone
dns.networks.targetWithPeeringZone
dns.networks.useHealthSignals

dns.policies.*

dns.policies.create
dns.policies.createTagBinding
dns.policies.delete
dns.policies.deleteTagBinding
dns.policies.get
dns.policies.list
dns.policies.listEffectiveTags
dns.policies.listTagBindings
dns.policies.update

dns.projects.get

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

dns.responsePolicies.*

dns.responsePolicies.create
dns.responsePolicies.delete
dns.responsePolicies.get
dns.responsePolicies.list
dns.responsePolicies.update

dns.responsePolicyRules.*

dns.responsePolicyRules.create
dns.responsePolicyRules.delete
dns.responsePolicyRules.get
dns.responsePolicyRules.list
dns.responsePolicyRules.update

file.*

file.backups.create
file.backups.createTagBinding
file.backups.delete
file.backups.deleteTagBinding
file.backups.get
file.backups.list
file.backups.listEffectiveTags
file.backups.listTagBindings
file.backups.update
file.backups.useReadOnly
file.instances.create
file.instances.createCrossProjectBackup
file.instances.createTagBinding
file.instances.delete
file.instances.deleteTagBinding
file.instances.get
file.instances.list
file.instances.listEffectiveTags
file.instances.listTagBindings
file.instances.restore
file.instances.revert
file.instances.update
file.locations.get
file.locations.list
file.operations.cancel
file.operations.delete
file.operations.get
file.operations.list
file.snapshots.createTagBinding
file.snapshots.deleteTagBinding
file.snapshots.listEffectiveTags
file.snapshots.listTagBindings

iam.serviceAccounts.actAs

iam.serviceAccounts.get

logging.logEntries.create

lustre.instances.create

lustre.instances.delete

lustre.instances.get

lustre.instances.importData

lustre.instances.list

lustre.instances.update

lustre.locations.*

lustre.locations.get
lustre.locations.list

lustre.operations.*

lustre.operations.cancel
lustre.operations.delete
lustre.operations.get
lustre.operations.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.regionalEndpoints.*

networkconnectivity.regionalEndpoints.create
networkconnectivity.regionalEndpoints.delete
networkconnectivity.regionalEndpoints.get
networkconnectivity.regionalEndpoints.list

networkconnectivity.serviceClasses.*

networkconnectivity.serviceClasses.create
networkconnectivity.serviceClasses.delete
networkconnectivity.serviceClasses.get
networkconnectivity.serviceClasses.list
networkconnectivity.serviceClasses.update
networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

networkconnectivity.serviceConnectionMaps.create
networkconnectivity.serviceConnectionMaps.delete
networkconnectivity.serviceConnectionMaps.get
networkconnectivity.serviceConnectionMaps.list
networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

networkconnectivity.serviceConnectionPolicies.create
networkconnectivity.serviceConnectionPolicies.delete
networkconnectivity.serviceConnectionPolicies.get
networkconnectivity.serviceConnectionPolicies.list
networkconnectivity.serviceConnectionPolicies.update

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.*

networksecurity.addressGroups.create
networksecurity.addressGroups.delete
networksecurity.addressGroups.get
networksecurity.addressGroups.getIamPolicy
networksecurity.addressGroups.list
networksecurity.addressGroups.setIamPolicy
networksecurity.addressGroups.update
networksecurity.addressGroups.use

networksecurity.authorizationPolicies.*

networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.*

networksecurity.authzPolicies.create
networksecurity.authzPolicies.delete
networksecurity.authzPolicies.get
networksecurity.authzPolicies.getIamPolicy
networksecurity.authzPolicies.list
networksecurity.authzPolicies.setIamPolicy
networksecurity.authzPolicies.update

networksecurity.backendAuthenticationConfigs.*

networksecurity.backendAuthenticationConfigs.create
networksecurity.backendAuthenticationConfigs.delete
networksecurity.backendAuthenticationConfigs.get
networksecurity.backendAuthenticationConfigs.list
networksecurity.backendAuthenticationConfigs.update
networksecurity.backendAuthenticationConfigs.use

networksecurity.clientTlsPolicies.*

networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.*

networksecurity.firewallEndpointAssociations.create
networksecurity.firewallEndpointAssociations.delete
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpointAssociations.update

networksecurity.firewallEndpoints.*

networksecurity.firewallEndpoints.create
networksecurity.firewallEndpoints.delete
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.update
networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.*

networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.*

networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.*

networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list

networksecurity.sacAttachments.*

networksecurity.sacAttachments.create
networksecurity.sacAttachments.delete
networksecurity.sacAttachments.get
networksecurity.sacAttachments.list

networksecurity.sacRealms.*

networksecurity.sacRealms.create
networksecurity.sacRealms.delete
networksecurity.sacRealms.get
networksecurity.sacRealms.list

networksecurity.securityProfileGroups.*

networksecurity.securityProfileGroups.create
networksecurity.securityProfileGroups.delete
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.update
networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.*

networksecurity.securityProfiles.create
networksecurity.securityProfiles.delete
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.update
networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.*

networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.*

networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.*

networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.authzExtensions.create
networkservices.authzExtensions.delete
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.authzExtensions.update
networkservices.authzExtensions.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.endpointPolicies.update
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.grpcRoutes.update
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpFilters.update
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpRoutes.update
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.lbEdgeExtensions.create
networkservices.lbEdgeExtensions.delete
networkservices.lbEdgeExtensions.get
networkservices.lbEdgeExtensions.list
networkservices.lbEdgeExtensions.update
networkservices.lbRouteExtensions.create
networkservices.lbRouteExtensions.delete
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbRouteExtensions.update
networkservices.lbTcpExtensions.createForNetwork
networkservices.lbTcpExtensions.deleteForNetwork
networkservices.lbTcpExtensions.getForNetwork
networkservices.lbTcpExtensions.listForNetwork
networkservices.lbTcpExtensions.updateForNetwork
networkservices.lbTrafficExtensions.create
networkservices.lbTrafficExtensions.delete
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.lbTrafficExtensions.update
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.list
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.get
networkservices.route_views.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.serviceLbPolicies.create
networkservices.serviceLbPolicies.delete
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.serviceLbPolicies.update
networkservices.swpSecurityExtensions.create
networkservices.swpSecurityExtensions.delete
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.swpSecurityExtensions.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tcpRoutes.update
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.wasmPlugins.create
networkservices.wasmPlugins.delete
networkservices.wasmPlugins.get
networkservices.wasmPlugins.list
networkservices.wasmPlugins.update
networkservices.wasmPlugins.use

parallelstore.instances.create

parallelstore.instances.delete

parallelstore.instances.get

parallelstore.instances.importData

parallelstore.instances.list

parallelstore.instances.update

parallelstore.locations.*

parallelstore.locations.get
parallelstore.locations.list

parallelstore.operations.*

parallelstore.operations.cancel
parallelstore.operations.delete
parallelstore.operations.get
parallelstore.operations.list

pubsub.topics.create

pubsub.topics.get

pubsub.topics.publish

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

resourcemanager.projects.get

resourcemanager.projects.list

resourcemanager.tagHolds.*

resourcemanager.tagHolds.create
resourcemanager.tagHolds.delete
resourcemanager.tagHolds.list

resourcemanager.tagValueBindings.create

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.getVpcServiceControls

servicenetworking.services.listPeeredDnsDomains

serviceusage.consumerpolicy.analyze

serviceusage.consumerpolicy.get

serviceusage.effectivepolicy.get

serviceusage.groups.*

serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

serviceusage.services.use

serviceusage.values.test

tpu.locations.*

tpu.locations.get
tpu.locations.list

tpu.nodes.create

tpu.nodes.delete

tpu.nodes.get

tpu.nodes.list

tpu.operations.*

tpu.operations.get
tpu.operations.list

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Kubernetes Engine Viewer

(roles/container.viewer)

Provides read-only access to resources within GKE clusters, such as nodes, pods, and GKE API objects.

Lowest-level resources where you can grant this role:

Project

container.apiServices.get

container.apiServices.getStatus

container.apiServices.list

container.auditSinks.get

container.auditSinks.list

container.backendConfigs.get

container.backendConfigs.list

container.bindings.get

container.bindings.list

container.certificateSigningRequests.get

container.certificateSigningRequests.getStatus

container.certificateSigningRequests.list

container.clusterRoleBindings.get

container.clusterRoleBindings.list

container.clusterRoles.get

container.clusterRoles.list

container.clusters.connect

container.clusters.get

container.clusters.list

container.componentStatuses.*

container.componentStatuses.get
container.componentStatuses.list

container.configMaps.get

container.configMaps.list

container.controllerRevisions.get

container.controllerRevisions.list

container.cronJobs.get

container.cronJobs.getStatus

container.cronJobs.list

container.csiDrivers.get

container.csiDrivers.list

container.csiNodeInfos.get

container.csiNodeInfos.list

container.csiNodes.get

container.csiNodes.list

container.customResourceDefinitions.get

container.customResourceDefinitions.getStatus

container.customResourceDefinitions.list

container.daemonSets.get

container.daemonSets.getStatus

container.daemonSets.list

container.deployments.get

container.deployments.getScale

container.deployments.getStatus

container.deployments.list

container.endpointSlices.get

container.endpointSlices.list

container.endpoints.get

container.endpoints.list

container.events.get

container.events.list

container.frontendConfigs.get

container.frontendConfigs.list

container.horizontalPodAutoscalers.get

container.horizontalPodAutoscalers.getStatus

container.horizontalPodAutoscalers.list

container.ingresses.get

container.ingresses.getStatus

container.ingresses.list

container.initializerConfigurations.get

container.initializerConfigurations.list

container.jobs.get

container.jobs.getStatus

container.jobs.list

container.leases.get

container.leases.list

container.limitRanges.get

container.limitRanges.list

container.managedCertificates.get

container.managedCertificates.list

container.mutatingWebhookConfigurations.get

container.mutatingWebhookConfigurations.list

container.namespaces.get

container.namespaces.getStatus

container.namespaces.list

container.networkPolicies.get

container.networkPolicies.list

container.nodes.get

container.nodes.getStatus

container.nodes.list

container.operations.*

container.operations.get
container.operations.list

container.persistentVolumeClaims.get

container.persistentVolumeClaims.getStatus

container.persistentVolumeClaims.list

container.persistentVolumes.get

container.persistentVolumes.getStatus

container.persistentVolumes.list

container.petSets.get

container.petSets.list

container.podDisruptionBudgets.get

container.podDisruptionBudgets.getStatus

container.podDisruptionBudgets.list

container.podPresets.get

container.podPresets.list

container.podSecurityPolicies.get

container.podSecurityPolicies.list

container.podTemplates.get

container.podTemplates.list

container.pods.get

container.pods.getStatus

container.pods.list

container.priorityClasses.get

container.priorityClasses.list

container.replicaSets.get

container.replicaSets.getScale

container.replicaSets.getStatus

container.replicaSets.list

container.replicationControllers.get

container.replicationControllers.getScale

container.replicationControllers.getStatus

container.replicationControllers.list

container.resourceQuotas.get

container.resourceQuotas.getStatus

container.resourceQuotas.list

container.roleBindings.get

container.roleBindings.list

container.roles.get

container.roles.list

container.runtimeClasses.get

container.runtimeClasses.list

container.scheduledJobs.get

container.scheduledJobs.list

container.serviceAccounts.get

container.serviceAccounts.list

container.services.get

container.services.getStatus

container.services.list

container.statefulSets.get

container.statefulSets.getScale

container.statefulSets.getStatus

container.statefulSets.list

container.storageClasses.get

container.storageClasses.list

container.storageStates.get

container.storageStates.getStatus

container.storageStates.list

container.storageVersionMigrations.get

container.storageVersionMigrations.getStatus

container.storageVersionMigrations.list

container.thirdPartyObjects.get

container.thirdPartyObjects.list

container.thirdPartyResources.get

container.thirdPartyResources.list

container.tokenReviews.create

container.updateInfos.get

container.updateInfos.list

container.validatingWebhookConfigurations.get

container.validatingWebhookConfigurations.list

container.volumeAttachments.get

container.volumeAttachments.getStatus

container.volumeAttachments.list

container.volumeSnapshotClasses.get

container.volumeSnapshotClasses.list

container.volumeSnapshotContents.get

container.volumeSnapshotContents.getStatus

container.volumeSnapshotContents.list

container.volumeSnapshots.get

container.volumeSnapshots.list

recommender.containerDiagnosisInsights.get

recommender.containerDiagnosisInsights.list

recommender.containerDiagnosisRecommendations.get

recommender.containerDiagnosisRecommendations.list

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.get

recommender.networkAnalyzerGkeConnectivityInsights.list

recommender.networkAnalyzerGkeIpAddressInsights.get

recommender.networkAnalyzerGkeIpAddressInsights.list

resourcemanager.projects.get

resourcemanager.projects.list

מיפוי תפקידים ב-Cloud Foundry ל-Kf

התפקידים שמוגדרים ב-Cloud Foundry דומים לתפקידים המוגדרים מראש ב-Kf. ב-Cloud Foundry יש שני סוגים עיקריים של תפקידים:

תפקידים שמוקצים על ידי מערכת המשנה User Account and Authentication (UAA) ומספקים היקפי OAuth גסים שרלוונטיים לכל נקודות הקצה של Cloud Foundry API.
תפקידים שניתנים ב-Cloud Controller API‏ (CAPI) ומספקים גישה פרטנית למשאבי API.

תפקידים ב-UAA

התפקידים שמוגדרים על ידי UAA דומים בעיקר לתפקידי IAM בהיקף הפרויקט:

משתמשי Admin ב-Cloud Foundry יכולים לבצע פעולות ניהוליות בכל הארגונים והמרחבים של Cloud Foundry. התפקיד הכי דומה לתפקיד roles/container.admin ב-IAM.
משתמשים עם הרשאת קריאה בלבד לאדמין ב-Cloud Foundry יכולים לגשת לכל נקודות הקצה של Cloud Foundry API. התפקיד הכי דומה לתפקיד roles/container.admin ב-IAM.
למשתמשים עם תפקיד של בודק כללי ב-Cloud Foundry יש הרשאת קריאה לכל נקודות הקצה של Cloud Foundry API, למעט סודות. אין תפקיד IAM מקביל, אבל אפשר ליצור תפקיד בהתאמה אישית עם הרשאות דומות.

תפקידים ב-Cloud Controller API

התפקידים שמוגדרים על ידי CAPI דומים מאוד לתפקידי Kf שמוקצים באשכול לנושאים שיש להם את תפקיד roles/container.viewer IAM בפרויקט שבבעלותם:

לבודקי חללים ב-Cloud Foundry יש גישת קריאה למשאבים בחלל CF. התפקיד הכי דומה לתפקיד space-auditor Kf.
מפתחי מרחבים ב-Cloud Foundry יכולים לפרוס ולנהל אפליקציות במרחב CF. התפקיד הכי דומה לתפקיד space-developer Kf.
מנהלי מרחבים ב-Cloud Foundry יכולים לשנות את ההגדרות של המרחב ב-CF ולהקצות תפקידים למשתמשים. התפקיד הכי דומה לתפקיד space-manager Kf.

המאמרים הבאים

מידע נוסף על אבטחת GKE בסקירה הכללית בנושא אבטחה
חשוב להבין את מודל האחריות המשותפת של GKE.
מידע נוסף על בקרת גישה ב-GKE
סקירה כללית על ריבוי דיירים ב-GKE
מידע נוסף על הקשחת אשכול GKE
הסבר על ההרשאות ב-Kubernetes שמרכיבות כל תפקיד מוגדר מראש ב-Kf.

סקירה כללית על בקרת גישה מבוססת-תפקידים קל לארגן דפים בעזרת אוספים אפשר לשמור ולסווג תוכן על סמך ההעדפות שלך.

מתי כדאי להשתמש בתפקידי Kf

תפקידים ב-Kf

תפקידים מוגדרים מראש

תפקידי IAM

Kubernetes Engine Admin

Kubernetes Engine KMS Crypto Key User

Kubernetes Engine Cluster Admin

Kubernetes Engine Cluster Viewer

Kubernetes Engine Default Node Service Account

Kubernetes Engine Default Node Service Agent

Kubernetes Engine Developer

Kubernetes Engine Host Service Agent User

[Deprecated] Kubernetes Engine Node Service Agent

Kubernetes Engine Service Agent

Kubernetes Engine Viewer

מיפוי תפקידים ב-Cloud Foundry ל-Kf

תפקידים ב-UAA

תפקידים ב-Cloud Controller API

המאמרים הבאים

סקירה כללית על בקרת גישה מבוססת-תפקידים