After reading this earlier question, I have some follow-up questions. I have a Google Container Engine cluster which lacks the Cloud Monitoring API Access permission. According to this post I cannot enable it.
The referenced post is one year old. Just to be sure: Is it still correct? To enable (for example) the Cloud Monitoring API for my GKE cluster, we would have to recreate the entire cluster because there is no way to change these permissions after cluster creation?
Also, if I have to do this it seems to me that it would be best to enable all API's with the broadest possible permissions, just in case that I want to start using one of them in the future on my production cluster when it's in use and I can't very well take the entire thing down and recreate it then. Are there any drawbacks to this approach?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
