K
Q

gke-security-groups for subdomain

2/20/2020

We have some troubles getting the RBAC properly working with the gke-security-groups approach.

We have a verified subdomain in our Gsuite which we want to use for our gke security groups, i.e. security.example.com. The users reside in example.com and are members of the specific groups, e.g. security-gke-developers-team1@security.example.com. The gke-security-groups@security.example.com is used in the cluster creation. However, GKE does not seem to properly lookup the group memberships of the users and no helpful log or error message can be found anywhere.

Does anyone know if this approach can even work or if the gke-security-groups do have to be on the same domain as the users, i.e. gke-security-groups@example.com instead of gke-security-groups@security.example.com?

Any help is highly appreciated.

-- Daniel Aschwanden
google-kubernetes-engine

Similar Questions

How to authenticate with Google Cloud from a Rails application deployed in k8s
Pods are not starting up after reboot. /run/flannel/subnet.env was not found but exists
Kubernates cluster instance
Fluentd error: “buffer space has too many data”

1 Answer

2/20/2020

gke-security-groups work fine like outlined above. The issue was the visibility of the groups from the G-Suite as the groups have been defined as internal so that only members and owners can see the members of the group. Changing the view permissions to organization solved the issue.

-- Daniel Aschwanden
Source: StackOverflow