0

We have observed that in GKE, user with GKE admin role does not get cluster api upgrade notification as shown below and they need to have viewer access to view these notifications.

what could be the reason behind it ? Ideally user having GKE admin permissions should also be able to view any upgrade notifications for the clusters.

With GKE admin role and NO viewer role

enter image description here

With GKE admin role and viewer role

enter image description here

saurabh umathe
  • 315
  • 2
  • 17

1 Answers1

1

You need this permission : recommender.containerDiagnosisRecommendations.get. It's available in one of the roles shown the capture below

enter image description here

MBHA Phoenix
  • 2,029
  • 2
  • 11
  • 25
  • Thanks @MBHA, I understand. But do you think it makes sense to not allow GKE administrators to view the important cluster upgrade notifications unless they have viewer access.? I am trying to find out reason of not having this notification viewer access to GKE admin users, – saurabh umathe Jun 20 '22 at 08:28
  • I see your point. Me too I was surprised when they named the role in inconsistant way with the other GKE roles: this one is named GKE ... and the others are Kubernetes Engine ... So only a Google Cloud member can answer your question. Meanwhile there is no harm to add `GKE Diagnosis Recommender Viewer` to your admins. – MBHA Phoenix Jun 20 '22 at 09:53