Reputation: 101
Is it possible to turn on ABAC mode (authorization) in Google Container Engine?
I would like to enable the ABAC mode for the Kubernetes Cluster I'm using in Google's Container Engine. (more specifically, I would like to restrict access to the API service for the default service account which is automatically assigned to all pods). However, since --authorization-mode=ABAC is a command line argument for kube-apiserver and since the API server is managed in Google Container Engine, I didn't find a way to enable authorization for my cluster.
Is there a way to enable ABAC mode on GCE?
I'm currently running Kubernetes v1.1.7 on server and nodes.
Upvotes: 9
Views: 693
Answers (2)
Reputation: 101
In the meantime Google has added the possibility to use Role Based Access Control (RBAC) for a Kubernetes Cluster. It is enabled by default for all new Clusters running Kubernetes 1.6 or later: https://cloud.google.com/container-engine/docs/role-based-access-control
Upvotes: 0
Reputation: 18200
There is not a way to enable ABAC mode on Google Container Engine. If you need fine-grained control over the parameters passed to any of the master components you have to run Kubernetes on GCE instead.
Upvotes: 3
Related Questions
- How to share storage between Kubernetes pods?
- how can I run kubeadm command in GKE(google kubernetes engine)
- We are receiving KubepiLatencyHigh error in opsgenie
- Run Multiple Services on Port 80 in same Kubernetes Cluster on Google Container Engine
- Turn on an API version for Google Container engine Cluster
- kube-apiserver audit logs on Google Container Engine
- Allow Privileged Containers in Kubernetes on Google Container (GKE)
- Should I edit the salt tar files after a Kubernetes cluster is running on Google Compute Engine?
- Google Container Engine Architecture
- Using kubectl with Kubernetes authorization mode ABAC