K
Q

Is it possible to turn on ABAC mode (authorization) in Google Container Engine?

2/26/2016

I would like to enable the ABAC mode for the Kubernetes Cluster I'm using in Google's Container Engine. (more specifically, I would like to restrict access to the API service for the default service account which is automatically assigned to all pods). However, since --authorization-mode=ABAC is a command line argument for kube-apiserver and since the API server is managed in Google Container Engine, I didn't find a way to enable authorization for my cluster.

Is there a way to enable ABAC mode on GCE?

I'm currently running Kubernetes v1.1.7 on server and nodes.

-- Robert Lemke
google-kubernetes-engine
kubernetes

Similar Questions

Output: mount.nfs: requested NFS version or transport protocol is not supported
Does K8S automatically ensure pod availability by health checking when re-run pods inside service?
Use gitlab-ci (or any CI) with kubernetes or google container engine (gitlab-runner won't find kubectl)
Kubernetes Volume Mount with Replication Controllers

2 Answers

8/25/2017

In the meantime Google has added the possibility to use Role Based Access Control (RBAC) for a Kubernetes Cluster. It is enabled by default for all new Clusters running Kubernetes 1.6 or later: https://cloud.google.com/container-engine/docs/role-based-access-control

-- Robert Lemke
Source: StackOverflow
2/26/2016

There is not a way to enable ABAC mode on Google Container Engine. If you need fine-grained control over the parameters passed to any of the master components you have to run Kubernetes on GCE instead.

-- Robert Bailey
Source: StackOverflow