From d7d0b05255124b6fb5e713071ddb462a7bba40cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?William=20Tis=C3=A4ter?= <william@defunct.cc>
Date: Tue, 21 Dec 2021 09:58:23 +0100
Subject: [PATCH] Correctly assign IAM policy bindings

gcloud projects add-iam-policy-binding only take on role per command.
---
 .../deploying-to-google-kubernetes-engine.md         | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md b/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md
index 6782f10b34..c6e1e0b9f8 100644
--- a/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md
+++ b/content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md
@@ -89,10 +89,14 @@ This procedure demonstrates how to create the service account for your GKE integ
   {% raw %}
   ```
   $ gcloud projects add-iam-policy-binding $GKE_PROJECT \
-    --member=serviceAccount:$SA_EMAIL \
-    --role=roles/container.admin \
-    --role=roles/storage.admin \
-    --role=roles/container.clusterViewer
+  	--member=serviceAccount:$SA_EMAIL \
+  	--role=roles/container.admin
+  $ gcloud projects add-iam-policy-binding $GKE_PROJECT \
+  	--member=serviceAccount:$SA_EMAIL \
+  	--role=roles/storage.admin
+  $ gcloud projects add-iam-policy-binding $GKE_PROJECT \
+  	--member=serviceAccount:$SA_EMAIL \
+  	--role=roles/container.clusterViewer
   ```
   {% endraw %}
 1. Download the JSON keyfile for the service account: