Can't create Kubernetes cluster in Google Cloud from web UI

Question

I removed a bunch of IAM policies and think this is preventing me from creating k8s clusters in Google Cloud (through the UI).

Every time I click Create cluster , it processes for a bit, before hanging up and throwing the following error:

Create Kubernetes Engine cluster "standard-cluster-1"
Just now
MyProject
Google Compute Engine: Required 'compute.zones.get' permission for 'projects/<MY_PROJECT_ID>/zones/us-central1-a'.

I'm mainly doing this through my host shell (iTerm) and NOT through the interactive shell found on cloud.google.com.

Here's the IAM policy for a user (I use my google email address under the Member column):

Really hoping to get unblocked so I can start creating clusters in my shell again and not have to use the interactive shell on the Google Cloud website.

Answer 1

You are missing ServiceAgent roles. But only service accounts can be granted those roles.

1) First, copy you project number

2) create following members for the Service Agents replacing 77597574896 with your project number and set appropriate roles:

service-77597574896@container-engine-robot.iam.gserviceaccount.com  - Kubernetes Engine Service Agent
service-77597574896@compute-system.iam.gserviceaccount.com - Kubernetes Engine Service Agent
77597574896@cloudservices.gserviceaccount.com - Editor

This should work now, because I've tested it with my cluster

Answer 2

In order to create new cluster container - please just add new role in yours IAM settings:
- Kubernetes Engine Admin ,
Please share with the results.