Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Create a worker node role and service account

Create a worker node role and service account

Optionally, you can create a separate worker node role and service account to reduce the number of permissions that are assigned to the Secure Agent role. The worker role will grant the permissions only to the worker nodes.

Create a worker role

Create a worker role to define the set of permissions for the worker nodes.
  1. In the Google Cloud web console, navigate to
    IAM & Admin
    Roles
    .
  2. Create a role.
  3. Enter a role title, description, and ID.
    You can use
    <username-worker-role>
    as a format for the ID.
  4. Add permissions to the role.
    The following table describes the permissions that the role needs:
    Operations
    Permissions
    • Upload initialization script notification to the staging location
    • Upload initialization script logs to the log location
    storage.objects.create storage.objects.delete storage.objects.get storage.objects.list storage.objects.update

Create a worker service account

Create a worker service account that uses the worker role.
  1. In the Google Cloud web console, navigate to
    IAM & Admin
    Service Accounts
    .
  2. Create a service account.
  3. Enter service account details such as name, ID, and description.
  4. Enter details for the service account access to the project.
  5. Select the worker role
    <username-worker-role>
    .

0 COMMENTS

We’d like to hear from you!