Roles of the service account - Part 3.2 #168
Description
when creating the key for the service account, the roles given to the account seem arbitrary without any pre-given explanation.
I suggest editing the section to be like this:
Give these roles to your service account
Kubernetes Engine Service Agent - Gives Kubernetes Engine account access to manage cluster resources. Includes access to service accounts.
Storage Admin - Grants full control of buckets and objects.
Artifact Registry Administrator - Administrator access to create and manage repositories.
Artifact Registry Create-on-Push Repository Administrator - Access to manage artifacts in repositories, as well as create new repositories on push
This gives more context, and can be found in the Google Cloud documentation while creating the service key.