Authentication on GKE

[Romain Vrignaud]

Hello,

I just succeed in using new IAM support on GKE and wanted to report back.

I had a problem when I switched to use_client_certificate False (there is a typo on documentation with the '=').

I had to make a `gcloud auth login` otherwise I had an error:

```

Unable to connect to the server: oauth2: cannot fetch token: 400 Bad Request

Response: {

  "error" : "invalid_grant"

} 

```

Now that I'm able to use IAM integration, is there any way to disable legacy admin authentication ?

Regards,

[CJ Cullen]

There isn't currently a way to turn off the legacy authentication systems on GKE.

GKE will soon support IAM roles. This will allow allow users to have to have full access to GKE resources without being allowed to retrieve the legacy credentials for the cluster. The credentials will still work though.

--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[timo.r...@holidaycheck.com]

Any update on this one? IAM seems to be supported by now; however, I can't find a way to disable legacy authentication.

[Matt Brown]

https://cloud.google.com/container-engine/docs/role-based-access-control mentions that you can create a cluster with the --no-enable-legacy-authorization flag.

[Evan Jones]

On the cluster details page on https://console.cloud.google.com/kubernetes , if you have upgraded to 1.6 (I think?), you should see the following drop down to edit an existing cluster. I haven't yet attempted this personally: