Optionally, you can create a separate master role and service account to reduce the number of permissions that are assigned to the Secure Agent role. The master role will grant the permissions only to the master node.
Create a master role
Create a master role to define the set of permissions for the master node.
In the Google Cloud web console, navigate to
IAM & Admin
Roles
.
Create a role.
Enter a role title, description, and ID.
You can use
<username-master-role>
as a format for the ID.
Add permissions to the role.
The following table describes the permissions that the role needs:
Operations
Permissions
Scale up or down an instance group for worker nodes