Anyone orchestrating GKE with Pulumi I am wondering if creat

Question

Anyone orchestrating GKE with Pulumi I am wondering if creating the GKE cluster with static credentials 1 is the only way to go about this 1 <https github com pulumi examples blob master gcp py gke main py L30>

billowy-army-68599 · Answer

hey you can actually turn this off completely but you then need to map IAM roles back to the cluster

billowy-army-68599 · Answer

you ll need to map an IAM role to a Kubernetes RBAC role with admin permissions I think

billowy-army-68599 · Answer

it s been a while since I did this smile

dry-engine-17210 · Answer

Yeah I remember the convergence between IAM and Kubernetes RBAC is confusing

dry-engine-17210 · Answer

I mean technically a service account with roles container admin will let you use the GKE admin API and let you retrieve the master API credentials using gcloud

dry-engine-17210 · Answer

I m guessing this technique is trying to sidestep that dance of retrieving the credentials