ssl authentication for gcp kubernetes cluster is not working

6/25/2018

For an automation purpose, I have generated the kubernetes configuration file using the below API.

request = service.projects().zones().clusters()
          .get(projectId=project_id, zone=zone, clusterId=cluster_id)

The cluster is having both basic & ssl configurations enabled and only the basic authentication is working properly. When I changed the user context from admin to ca-user, I am getting the below error.

Error from server (Forbidden): nodes is forbidden: User "client" cannot list nodes at the cluster scope: Unknown user "client"

The generated configuration file is given below.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: *************
    server: https://*******
  name: gke_demo-205812_us-central1-a_cluster-1
contexts:
- context:
    cluster: gke_demo-205812_us-central1-a_cluster-1
    user: ca-user
  name: gke_demo-205812_us-central1-a_cluster-1
current-context: gke_demo-205812_us-central1-a_cluster-1
kind: Config
preferences: {}
users:
- name: admin
  user:
    password: *****************
    username: admin
- name: ca-user
  user:
    client-certificate-data: ******************
    client-key-data: ************************ 

Thanks in Advance. :)

-- Akhil KM
cloud
containers
google-cloud-platform
kubernetes

1 Answer

6/25/2018

Try after running this command:

kubectl create clusterrolebinding client-admin \
    --clusterrole=cluster-admin \
    --user=client

You are giving cluster-admin permission to this user.

-- suren
Source: StackOverflow