Granting access to the Google cloud functions service agent

After enabling the Serverless VPC Access API and Cloud Functions API, go to the IAM & admin > IAM section of the project in which Cloud Edition will be deployed and search for gcf.

Enable the Include Google Provided Role Grants checkbox to view the gcf- adminrobot.iam.gserviceaccount account.

You will see a new service account, for example, service-15714958XXXX@gcf-admin- robot.iam.gserviceaccount.com, which has the Cloud Functions Service Agent role assigned.

Grant these additional roles: Viewer and Compute Network User.

Note: When deploying Cloud Edition in a Shared VPC environment, you must grant the role Cloud Functions Service Agent to the service account in both the host project of the network that the cluster is being deployed in and in the service project.