Reputation: 45
enable kubernetes authentication api on gke
It seems that in order to use the vault kubernetes auth backend, the authentication.k8s.io api must be enabled. GKE does not seem to have this enabled (/apis/authentication.k8s.io/ returns a 404)
Any idea why this is not enabled? From what i understand, this is not an alpha feature. I am using kubernetes 1.7.6.
Upvotes: 0
Views: 492
Answers (2)
Reputation: 5642
You're correct that GKE does not turn on the TokenReview API (if you're managing your own Kubernetes cluster, then Javier's answer is the one to look at).
GKE is planning to turn on the APIs in an upcoming release.
Upvotes: 1
Reputation: 8827
According to https://kubernetes.io/docs/admin/authentication/
Additionally, the API server must enable the authentication.k8s.io/v1beta1 API extensions group (--runtime-config=authentication.k8s.io/v1beta1=true).
I advise you to change that configuration on the api server and restart it.
Upvotes: 0
Related Questions
- Dynamically created GKE deployments can't authenticate using SA
- Authentication to Kubernetes API of GKE cluster within Google Cloud Function
- How to Authenticate GKE Cluster on Kubernetes API Server using its Java client library
- gcloud does not add access token for connecting to GKE cluster
- How to enable Kubernetes API in GCP? not sorted out here by following the doc
- Adding basic auth to kubernetes deployment
- ServiceAccount in GKE fails authentication
- Accessing Kubernetes API in GKE using service accounts
- How to set GOOGLE_APPLICATION_CREDENTIALS on GKE running through Kubernetes
- Login to GKE via service account with token