Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Permissions on GKE cluster

Tags:

google-cloud-platform

kubernetes

google-kubernetes-engine

After creation of a standard GKE cluster in the Google Cloud Platform Console I find when I click on the cluster and look at the clusters' setting s a 'Permissions' setting, which looks like this: enter image description here

what I don't understand is that I have allowed API access on a lot of these service I believe, so why does only 'Cloud Platform' show 'enabled'? Is this what is enabled at creation of the cluster maybe?!

When selecting 'edit' you can not 'enable' these services from here..., so what exactly are these Permissions?

like image 426
musicformellons Avatar asked Jan 11 '19 11:01

musicformellons

People also ask

How do I give access to Gke cluster?

To enable access to your user clusters using the GKE console, complete the following steps: Create a node-reader. yaml file that allows you to access the cluster. Apply this file to the cluster that you want to log into with the kubectl command.

What is RBAC in GKE?

By default, no other users have access to your project or its resources, including Google Kubernetes Engine (GKE) resources. GKE supports multiple options for managing access to resources within your project and its clusters using role-based access control (RBAC). Identity and Access Management (IAM)

1 Answers

The GKE cluster will be created with the permissions that is set on the 'Access scopes' section in the 'Advanced edit' tab. So only the APIs with the access enabled in this section will be shown as enabled. These permissions denote the type and level of API access granted to the VM in the node pool. Scopes inform the access level your cluster nodes will have to specific GCP services as a whole. Please see this link for more information about accesss scopes.

In the tab of 'Create a Kubernetes cluster', click 'Advanced edit'. Then you will see another tab called 'Edit node pool' pops up with more options. If you click 'Set access for each API', you will see the option to set these permissions.

'Permissions' are defined when the cluster is created. You can not edit it directly on the cluster after the creation. You may want to create a new cluster with appropriate permissions or create a new Node Pool with the new scopes you need and then delete your old 'default' Node Pool as specified in this link .

like image 176
John Mathew Avatar answered Sep 29 '22 05:09

John Mathew
Sign in to Comment

Related questions

Cannot stop 10 containers after Kubernetes minikube tutorial
Hosting Jenkins on Kubernetes while using docker.sock
No access token in .kube/config
Kubernetes pod cpu usage calculation method for HPA
Can kubernetes Ingress Nginx be autoscaled?
Is there any way I can edit file in the container and restart it?
Kubernetes cluster name change
Minikube dashboard and any other pods won't schedule
How can I set the hostPath volume permission on kubernetes?
kubernetes configmaps for binary file
Prometheus to get trigger an alert when node is in unschedulable state
WebSocket handshake: Unexpected response code: 400 in kubernetes-ingress
How do I setup ingress for Kibana in Kubernetes
Why do I need to put ETCDCTL_API=3 in front of etcdctl for etcdctl snapshot save to work?
Accessing Local Kafka from within Services deployed in Local Docker For Mac (incl. Kubernetes extension)
Kubernetes get nodeport mappings in a pod
where to override .Release.Name in helm
Advantage of using configmaps for environment variables with Kubernetes/Helm
Kubernetes metrics-server: Error from server (ServiceUnavailable): the server is currently unable to handle the request
Make systemctl work from inside a container in a debian stretch image

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!