This was originally planned as a question. Since I have found the answer, I am just posting it here for posterity.
In RBAC demo, Nigel uses a step to download CA key-pair from AWS and uses it to sign the certificate. However, it’s not applicable as it is in GCP/GKE. In GCP, you would have to create a service account and use your local gcloud sdk to setup the kubectl config.
Follow the steps here:
If you do not have gcloud or do not want kubectl to use gcloud to setup the config, follow the steps here:
Thanks for the share!