Optionally, you can create a separate worker node role and service account to reduce the number of permissions that are assigned to the Secure Agent role. The worker role will grant the permissions only to the worker nodes.
Create a worker role
Create a worker role to define the set of permissions for the worker nodes.
In the Google Cloud web console, navigate to
IAM & Admin
Roles
.
Create a role.
Enter a role title, description, and ID.
You can use
<username-worker-role>
as a format for the ID.
Add permissions to the role.
The following table describes the permissions that the role needs:
Operations
Permissions
Upload initialization script notification to the staging location
Upload initialization script logs to the log location