Kubernetes: Is it possible to turn off basic auth for the GKE master?
Is it possible to turn off/remove/disable the basic auth in GKE that was added by default?
It's possible to authenticate towards the GKE master using a number of ways, as listed in the documentation.
When you create a cluster using GKE it creates a username/password for basic authentication to the master.
I want to turn this off to tighten up security (the other authentication methods are significantly better and are used transparently by the tooling AFAIK).
Is it possible? I have searched the kubernetes github issues list but not found anyone with the exact same problem (yet).
(The default password is 16 characters, and should be OK, but it is not possible to change without tearing down the entire cluster. I just want to disable basic auth.)
Thanks.
Similar Questions
3 Answers
Yes, you can disable Basic Authentication on cluster creation:
It is not currently possible to disable basic auth in GKE.
On the bright side, https://github.com/kubernetes/kubernetes/pull/36778 was recently merged into Kubernetes core which makes it possible to disable basic auth when launching Kubernetes clusters on GCE, I would expect something similar to be added to GKE in the future.
This is a complement to the answer by Peter.
This is how to do it using the gcloud command
gcloud beta container clusters create my_cluster_name \
--project=my_project_name \
--username="" \
--password="" [...more parameters]Basically you disable BASIC authentication by setting an empty username and an empty password. This is undocumented, but can be deducted from the link in answer by Robert Bailey.
(Sorry about the pun)