Hi all! I’m trying to set up Flyte in GCP, and I’m running into some trouble while going through the deployment manual. On this step:

gcloud iam service-accounts add-iam-policy-binding --role "roles/iam.workloadIdentityUser" --member "serviceAccount:${PROJECT_ID}.svc.id.goog[flyte/flyteadmin]" gsa-flyteadmin@${PROJECT_ID}.<http://iam.gserviceaccount.com|iam.gserviceaccount.com>

I’m getting:

ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Identity Pool does not exist (${PROJECT_ID}.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API.

(PROJECT_ID being redacted in my message, but it’s the actual PROJECT_ID in the real log message). Do I need to create the k8s cluster and enable workload identity pools on it before running this command? --- PS: reading this thread with @swift-lizard-86320, yeah it looks like there is a problem with the order in the deployment manual, and I’ll have to launch the GKE cluster first.

Cc @high-accountant-32689

@swift-lizard-86320’s guide helped me get through it. Thanks! https://docs.google.com/document/d/1skJWmt3hJoIuPQr_RfR-gB9wlatVSIcSD5VlBylJqd8/edit

Amazing, thanks for documenting this, @calm-notebook-12139. We're revamping the deployment docs and I'll make sure to incorporate your contribution for the GPC one.

Thanks! It’s @swift-lizard-86320’s contribution though. Just wanted to give my ➕ to it, since I hit it again.

Thank you @swift-lizard-86320

No worries, glad it was helpful!