fix: Add more APIs and role binding to the prerequisite #678 (#679)

* Adding more APIs and role binding to the prerequisite #678 * Adding more rolebinding to existing PR --------- Co-authored-by: Nim Jayawardena <[email protected]>
GoogleCloudPlatform · Jul 24, 2024 · 639ac4b · 639ac4b
1 parent a1ffecf
commit 639ac4b
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/anthos-bm-gcp-bash/install_admin_cluster.sh b/anthos-bm-gcp-bash/install_admin_cluster.sh
@@ -108,13 +108,16 @@ gcloud services enable \
     cloudresourcemanager.googleapis.com \
     connectgateway.googleapis.com \
     container.googleapis.com \
+    compute.googleapis.com \
     gkeconnect.googleapis.com \
     gkehub.googleapis.com \
     gkeonprem.googleapis.com \
     serviceusage.googleapis.com \
     stackdriver.googleapis.com \
     monitoring.googleapis.com \
     logging.googleapis.com \
+    kubernetesmetadata.googleapis.com  \
+    iam.googleapis.com \
     opsconfigmonitoring.googleapis.com
 # [END anthos_bm_gcp_bash_admin_enable_api]
 printf "✅ Successfully enabled GCP Service APIs.\n\n"
@@ -156,6 +159,22 @@ gcloud projects add-iam-policy-binding "$PROJECT_ID" \
   --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
   --role="roles/opsconfigmonitoring.resourceMetadata.writer" \
   --no-user-output-enabled
+
+gcloud projects add-iam-policy-binding "$PROJECT_ID" \
+    --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
+    --role="roles/kubernetesmetadata.publisher" \
+    --no-user-output-enabled 
+
+gcloud projects add-iam-policy-binding "$PROJECT_ID" \
+  --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
+  --role="roles/monitoring.viewer" \
+  --no-user-output-enabled
+
+gcloud projects add-iam-policy-binding "$PROJECT_ID" \
+  --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
+  --role="roles/serviceusage.serviceUsageViewer" \
+  --no-user-output-enabled
+
 # [END anthos_bm_gcp_bash_admin_add_iam_role]
 printf "✅ Successfully added the requires IAM roles to the Service Account.\n\n"