K
Q

client_email or client_id: which field to use to grant cluster-admin-rights before creating RBAC roles

9/13/2018

I am deploying GKE components using GKE API. Since it is an automated process, I am passing service-account.json to my program. This file is used for authenticating with GKE.

I want to deploy an RBAC role using the above setup. According to GKE-RBAC-Docs, USER_ACCOUNT needs to be granted cluster-admin-binding before being able to make RBAC roles.

The service-account.json file has a field for client_email and another field for client_id.

On some clusters, I need to grant client_email as the User in cluster-admin-binding whereas on some client_id.

Can you tell me what I need to configure in my cluster so that only client_id is needed for creating RBAC roles?

-- Harsh Agarwal
google-cloud-platform
google-kubernetes-engine
kubernetes
rbac

Similar Questions

How to access mongodb replicaset hosted on a kubernetes cluster from outside?
List all controllers running in Kubernetes
What makes a kubernetes node unhealthy?
kubernetes deployment hyperledger fabric
GCP - Connect to VM Instance from Separate Kubernetes Cluster
NEG Google Cloud similarity in Azure Cloud paired with Kubernetes

0 Answers