Documentation for `adk deploy gke` missing Workload Identity IAM role binding

[zoez7]

Describe the bug

Documentation for adk deploy gke missing Workload Identity IAM role binding. Need to add

gcloud projects add-iam-policy-binding projects/${GOOGLE_CLOUD_PROJECT} \
    --role=roles/aiplatform.user \
 --member=principal://iam.googleapis.com/projects/${GOOGLE_CLOUD_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GOOGLE_CLOUD_PROJECT}.svc.id.goog/subject/ns/default/sa/default \
    --condition=None

to the documentation

To Reproduce

Steps to reproduce the behavior:

1. Run adk deploy gke
2. Follow the instructions for Verifying Your Deployment: https://google.github.io/adk-docs/deploy/gke/#option-2-automated-deployment-using-adk-deploy-gke
3. See error:

Error: 403 PERMISSION_DENIED. {'error': {'code': 403, 'message': "Permission 'aiplatform.endpoints.predict' denied on resource '//aiplatform.googleapis.com/projects/.../locations/us-central1/publishers/google/models/gemini-2.5-flash' (or it may not exist).", 'status': 'PERMISSION_DENIED', 'details': [{'@type': 'type.googleapis.com/google.rpc.ErrorInfo', 'reason': 'IAM_PERMISSION_DENIED', 'domain': 'aiplatform.googleapis.com', 'metadata': {'resource': 'projects/.../locations/us-central1/publishers/google/models/gemini-2.5-flash', 'permission': 'aiplatform.endpoints.predict'}}]}}

Expected behavior

Should not see permission denied error.

Screenshots

Versions

• OS: n/a
• ADK version: n/a
• Python version: n/a

Additional context

Add any other context about the problem here.