Configuring Velero for a Kubernetes cluster hosted in GCP

velero-configure-gcp.sh

# Configuring Velero for a Kubernetes cluster hosted in GCP
# For in depth details, check https://heptio.github.io/velero/master/gcp-config.html

export VELERO_FOLDER=/opt/velero
export BUCKET_NAME=k8s-cluster-velero # Use a different name
export PROJECT_ID=$(gcloud config get-value project)


# Create a GS bucket to store Object backups
gsutil mb gs://$BUCKET_NAME/

# Create GCP Service Account
gcloud iam service-accounts create velero \
     --display-name "Velero service account"

SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
   --filter="displayName:Velero service account" \
   --format 'value(email)')

# Create IAM Role
ROLE_PERMISSIONS=(
     compute.disks.get
     compute.disks.create
     compute.disks.createSnapshot
     compute.snapshots.get
     compute.snapshots.create
     compute.snapshots.useReadOnly
     compute.snapshots.delete
     compute.zones.get
)
gcloud iam roles create velero.server \
     --project $PROJECT_ID \
     --title "Velero Server" \
     --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"

# Bind IAM policy
gcloud projects add-iam-policy-binding $PROJECT_ID \
     --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
     --role projects/$PROJECT_ID/roles/velero.server


# Change IAM permissions
gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://$BUCKET_NAME


# Create "credentials-velero" file
gcloud iam service-accounts keys create $VELERO_FOLDER/credentials-velero \
     --iam-account $SERVICE_ACCOUNT_EMAIL

Hello, i've made some changes in your file, because when I was trying to use it, i've faced some problems.
The changes are in double asterisk

Hoped to help

# Configuring Velero for a Kubernetes cluster hosted in GCP
# For in depth details, check https://heptio.github.io/velero/master/gcp-config.html

export VELERO_FOLDER=/opt/velero
export BUCKET_NAME=k8s-cluster-velero # Use a different name
export PROJECT_ID=$(gcloud config get-value project)

# Create a GS bucket to store Object backups
gsutil mb gs://$BUCKET_NAME/

# Create GCP Service Account
gcloud iam service-accounts create velero --display-name "Velero service account"

SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
   --filter="displayName:Velero service account" \
   --format 'value(email)')

# Create IAM Role
gcloud **beta** iam roles create velero.server \
     --project $PROJECT_ID \
     --title "Velero Server" \
     --permissions compute.disks.get,compute.disks.create,compute.disks.createSnapshot,compute.snapshots.get,compute.snapshots.create,compute.snapshots.useReadOnly,compute.snapshots.delete,compute.zones.get

# Bind IAM policy
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:$SERVICE_ACCOUNT_EMAIL --role projects/$PROJECT_ID/roles/velero.server


# Change IAM permissions
gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin **gs://$BUCKET_NAME**

# Create "credentials-velero" file
gcloud iam service-accounts keys create $VELERO_FOLDER/credentials-velero --iam-account $SERVICE_ACCOUNT_EMAIL

Thank you @iborba

Pushed your Change IAM permissions change, but seems kind of weird that beta was required to create the following role.

$ gcloud iam roles create velero.server \
>      --project $PROJECT_ID \
>      --title "Velero Server" \
>      --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
Created role [velero.server].
...
stage: ALPHA
title: Velero Server

$ gcloud version
Google Cloud SDK 274.0.0
alpha 2019.12.17
beta 2019.12.17
bq 2.0.51
core 2019.12.17
gsutil 4.46
kubectl 2019.12.17