Zhixin Wen
Reputation: 105
How To Use GKE IAM in k8s client-go
I am using k8s go client (https://github.com/kubernetes/client-go) to create jobs on GKE cluster (the code is running inside a pod). But I am having this error:
{
"error": "2 UNKNOWN: jobs.batch is forbidden: User \"system:serviceaccount:default:default\" cannot create resource \"jobs\" in API group \"batch\" in the namespace \"default\""
}
Looks like I am using system:serviceaccount:default:default, but how can I use a GCP IAM account instead?
I have already set up GOOGLE_APPLICATION_CREDENTIALS following https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform. But looks like it only works with GCP client not with k8s client
Upvotes: 0
Views: 513
Answers (1)
Jofre
Reputation: 3898
You probably want to use the gcpAuthProvider plugin when creating the auth client.
Upvotes: 1
Related Questions
- Accessing GKE resources through kubectl (or client-go) after OAuth authentication to Google Cloud
- Set up IAP for GKE and allow other service to connect without IAP
- Which IAM role do I need to be able to do kubectl into GKE clusters in GCP?
- How to Enable IAP with GKE
- How does GKE map my IAM user account into k8s Group
- K8S api cloud.google.com not available in GKE v1.16.13-gke.401
- how can I run kubeadm command in GKE(google kubernetes engine)
- Deploying services in GKE k8s cluster using Golang k8s client
- Authenticate Kubectl using Google IAM service account
- Using Google IAM for GKE service web access