Also read Roles and Permissions in GCP

Access control for GKE Clusters

Cloud IAM works at a project level to grant access to the GKE Clusters within a project.

However, Kubernetes has it's own role based access (RBAC) that can be used in conjunction with Google Cloud IAM.

Kubernetes RBAC

Step 1- Define a role (kind:role) that can apply to an entire namespace (or a cluster).

Step2- Assign IAM users this role

Google's Container Registry

What if you wanted to run vulnerability image scans for your GKE Images? Ideally, store the images in Google's own container registry to make these types of tasks easier.

kubectl run $name --image=$HOSTNAME/$PROJECT-ID/$IMAGE:$TAG