calm-notebook-12139
09/20/2022, 3:26 PMgcloud iam service-accounts add-iam-policy-binding --role "roles/iam.workloadIdentityUser" --member "serviceAccount:${PROJECT_ID}.svc.id.goog[flyte/flyteadmin]" gsa-flyteadmin@${PROJECT_ID}.<http://iam.gserviceaccount.com|iam.gserviceaccount.com>
I’m getting:
ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Identity Pool does not exist (${PROJECT_ID}.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API.
(PROJECT_ID being redacted in my message, but it’s the actual PROJECT_ID in the real log message).
Do I need to create the k8s cluster and enable workload identity pools on it before running this command?
---
PS: reading this thread with @swift-lizard-86320, yeah it looks like there is a problem with the order in the deployment manual, and I’ll have to launch the GKE cluster first.freezing-airport-6809
calm-notebook-12139
09/20/2022, 3:45 PMhigh-accountant-32689
09/20/2022, 3:46 PMcalm-notebook-12139
09/20/2022, 3:47 PMfreezing-airport-6809
swift-lizard-86320
09/20/2022, 4:42 PM