Kubernetes Metadata API roles and permissions

This page lists the IAM roles and permissions for Kubernetes Metadata API. Tosearch through all roles and permissions, see therole andpermission index.

Kubernetes Metadata API roles

RolePermissions

Metadata Publisher

(roles/kubernetesmetadata.publisher)

Publisher of Kubernetes clusters metadata

kubernetesmetadata.*

  • kubernetesmetadata.metadata.config
  • kubernetesmetadata.metadata.publish
  • kubernetesmetadata.metadata.snapshot

Kubernetes Metadata API permissions

PermissionIncluded in roles

kubernetesmetadata.metadata.config

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Support User (roles/iam.supportUser)

Metadata Publisher (roles/kubernetesmetadata.publisher)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

kubernetesmetadata.metadata.publish

Owner (roles/owner)

Editor (roles/editor)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Metadata Publisher (roles/kubernetesmetadata.publisher)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

kubernetesmetadata.metadata.snapshot

Owner (roles/owner)

Editor (roles/editor)

Anthos Multi-cloud Telemetry Writer (roles/gkemulticloud.telemetryWriter)

Metadata Publisher (roles/kubernetesmetadata.publisher)

Service agent roles

Warning: Don't grant service agent roles to any principals exceptservice agents.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.