I have a GCP Project and Anthos Cluster deployed within it.
If I am an admin of an Anthos cluster but not an Owner of the parent project, I have only read rights on Kubernetes and cannot create any resources. Getting:
Error from server (Forbidden)
I've given myself "Kubernetes Engine Admin", "Kubernetes Engine Cluster Admin", "Anthos Multi-cloud Admin" roles, but no success. It seems like "Owner" role is mandatory.
Also my user is attached to ClusterRole/cluster-admin through ClusterRoleBinding/gke-multicloud-cluster-admin, but I definitely need IAM Owner role.
Is this by Anthos design or I am missing something?
This was solved by giving myself these roles:
roles/gkehub.viewer
roles/gkehub.gatewayEditor
Now, I can create Kubernetes resources even if I am not an Owner of the GCP project.