I've successfully created a GKE and deployed my service on it following these steps. Later I implemented Google Secret Manager in the service and redeployed it, but now I get this error message when I make a call: Reading key and secret failed: failed to get key: rpc error: code = PermissionDenied desc = Permission 'secretmanager.versions.access' denied for resource 'projects/*/secrets/*/versions/latest' (or it may not exist).
I gave the Secret Manager Admin Permission to ***[email protected] (Compute Engine default service account), but I still get the same error message.
Did I forgot a last step?
These are the Basic IAM roles pertaining to secret manager:
Secret Manager Viewer - Enables listing of secrets.
Secret Manager Secret Accessor - Enables access to secrets.
Secret Manager Admin - Full access to administer Secret Manager resources.
Error is related to your service account not having access to the secrets you created, as you have mentioned you have already added Secret Manager Admin which may not be enough for accessing secrets. So try adding Secret Manager Secret Accessor to the service account and let me know if you are facing errors.