Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to turn on ABAC mode (authorization) in Google Container Engine?

Tags:

kubernetes

google-kubernetes-engine

I would like to enable the ABAC mode for the Kubernetes Cluster I'm using in Google's Container Engine. (more specifically, I would like to restrict access to the API service for the default service account which is automatically assigned to all pods). However, since --authorization-mode=ABAC is a command line argument for kube-apiserver and since the API server is managed in Google Container Engine, I didn't find a way to enable authorization for my cluster.

Is there a way to enable ABAC mode on GCE?

I'm currently running Kubernetes v1.1.7 on server and nodes.

like image 222
Robert Lemke Avatar asked Feb 26 '16 11:02

Robert Lemke

People also ask

What is ABAC in Kubernetes?

Attribute-based access control (ABAC) defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.

Does Google use RBAC?

In GKE, IAM and Kubernetes RBAC are integrated to authorize users to perform actions if they have sufficient permissions according to either tool. This is an important part of bootstrapping a GKE cluster, since by default Google Cloud users do not have any Kubernetes RBAC RoleBindings.

Which container does Google Kubernetes engine support?

GKE supports the use of container images that are built with Docker, for example as part of a build and deploy pipeline. In GKE version 1.24 and later, Docker cannot manage the lifecycle of containers running on GKE nodes. To learn more about the node images that GKE supports for your workloads, see Node images.

What is Rbac in Gke?

To learn how to implement RBAC in Google Kubernetes Engine (GKE), refer to Configure role-based access control. RBAC is a core security feature in Kubernetes that lets you create fine-grained permissions to manage what actions users and workloads can perform on resources in your clusters.

What is binary authorization?

Binary Authorization is a service on Google Cloud that provides software supply-chain security for container-based applications. It enables you to configure a policy that the service enforces when an attempt is made to deploy a container image on one of the supported container-based platforms.

1 Answers

There is not a way to enable ABAC mode on Google Container Engine. If you need fine-grained control over the parameters passed to any of the master components you have to run Kubernetes on GCE instead.

like image 51
Robert Bailey Avatar answered Nov 16 '22 00:11

Robert Bailey
Sign in to Comment

Related questions

Docker for Desktop Kubernetes Unable to connect to the server: dial tcp [::1]:6445
How to rollout restart deployment through the API?
How can I mount the same persistent volume on multiple pods?
How to "deploy" in kubernetes without any changes, just to get pods to cycle
what does Unknown user "client" mean?
Communicate between pods in kubernetes
aks reporting "Insufficient pods"
Unable to resolve hostname using `kubectl logs` or `kubectl exec`
How to access mysql outside my kubernetes cluster?
Kubernetes: How to find installed storage provisioners
k8s securityContext.runAsUser vs Dockerfile USER instruction
kubernetes local cluster create pods got errors like ‘ErrImagePull’ and ‘ImagePullBackOff’
Validate Kubernetes Configuration files(YAML)
Authentication to Kubernetes API of GKE cluster within Google Cloud Function
Kubernetes Rolling Update not obeying 'maxUnavailable' replicas when redeployed in autoscaled conditions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!