github.com/openshift/installer@v1.4.17/docs/user/gcp/postinstall.md

github.com/openshift/installer@v1.4.17/docs/user/gcp/postinstall.md (about)

     1  # Service Account: Post Install
     2  
     3  If the service account used to create the cluster was given the Owner role or included the Service Account Key Admin role, 
     4  the service account no longer requires elevated permissions after install. You may change its role to Viewer or 
     5  remove all roles bound to it. You can perform these steps by revisiting the service account role binding step you performed
     6  earlier.
     7  
     8  [GCP: Assign service account roles][sa-assign]
     9  
    10  [sa-assign]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource