I am trying to create a Service Account with 'roles/container.admin' and i get an error saying that the role is not supported for this resource.

$ gcloud iam service-accounts add-iam-policy-binding [email protected] --member='serviceAccount:[email protected]' --role='roles/container.admin'

ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Role roles/container.admin is not supported for this resource.

If I create a Service Account from the CONSOLE UI I can add this role without a problem.

You have to use gcloud projects to add roles for a service account at a project level as shown here.

This works for me:

gcloud projects add-iam-policy-binding PROJECT_ID \ 
--member serviceAccount:[email protected] \
--role roles/container.admin

I got the same error. You have to give the absolute path to the role.

cloud iam service-accounts add-iam-policy-binding SERVICEACCOUNT --member=SERVICEACCOUNT_EMAIL --role=projects/PROJECTNAME/roles/ROLENAME

as Vinayak pointed out you need to refer to the role with its ID which includes projects/$project_id. I ran into this in Terraform, so if you are creating the roles as well as the binding in Terraform make sure to reference the custom role like this:

resource "google_project_iam_member" "binding" {
    project = var.project_id
    role    = google_project_iam_custom_role.custom_role.id
    member  = "serviceAccount:${google_service_account.sa.email}"
}

resource "google_project_iam_custom_role" "custom_role" {
    project = var.project_id
    role_id = "CustomRole"
    title   = "custom role"
    permissions = [
        "pubsub.snapshots.create",
        "pubsub.snapshots.delete",
        ...
    ]
}