You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"Error fetching DaemonSet: The caller does not have permission" even when using a service account with Owner permissions
This is a permissions issue. In the docs, we reference the google docs for creating a service account, where inside it recommends adding these roles to the service account: Service Account Admin, Service Account Key Admin
These roles aren't enough for PCC to fully work.
Since the console generates a temporary token for accessing GKE, it failed for not having the permission to generate tokens. The Owner role doesn't have permission to create tokens. Add the Service Account Token Creator role to the service account to resolve this problem.
See twistlock/twistlock#22777 for details.
The text was updated successfully, but these errors were encountered:
"Error fetching DaemonSet: The caller does not have permission" even when using a service account with Owner permissions
This is a permissions issue. In the docs, we reference the google docs for creating a service account, where inside it recommends adding these roles to the service account: Service Account Admin, Service Account Key Admin
These roles aren't enough for PCC to fully work.
Since the console generates a temporary token for accessing GKE, it failed for not having the permission to generate tokens. The Owner role doesn't have permission to create tokens. Add the Service Account Token Creator role to the service account to resolve this problem.
See twistlock/twistlock#22777 for details.
The text was updated successfully, but these errors were encountered: