Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Create a master role and service account

Create a master role and service account

Optionally, you can create a separate master role and service account to reduce the number of permissions that are assigned to the Secure Agent role. The master role will grant the permissions only to the master node.

Create a master role

Create a master role to define the set of permissions for the master node.
  1. In the Google Cloud web console, navigate to
    IAM & Admin
    Roles
    .
  2. Create a role.
  3. Enter a role title, description, and ID.
    You can use
    <username-master-role>
    as a format for the ID.
  4. Add permissions to the role.
    The following table describes the permissions that the role needs:
    Operations
    Permissions
    • Scale up or down an instance group for worker nodes
    compute.regions.get compute.instanceGroups.list compute.instanceGroups.update compute.instanceGroups.use compute.instanceGroups.get

Create a master service account

Create a master service account that uses the master role.
  1. In the Google Cloud web console, navigate to
    IAM & Admin
    Service Accounts
    .
  2. Create a service account.
  3. Enter service account details such as name, ID, and description.
  4. Enter details for the service account access to the project.
  5. Select the master role
    <username-master-role>
    .

0 COMMENTS

We’d like to hear from you!