hey, you can actually turn this off completely, but you then need to map IAM roles back to the cluster
billowy-army-68599
01/22/2021, 10:26 PM
you'll need to map an IAM role to a Kubernetes RBAC role with admin permissions, I think
billowy-army-68599
01/22/2021, 10:26 PM
it's been a while since I did this 😄
d
dry-engine-17210
01/22/2021, 10:35 PM
Yeah, I remember the convergence between IAM and Kubernetes RBAC is confusing.
dry-engine-17210
01/22/2021, 10:41 PM
I mean technically a service account with roles/container.admin will let you use the GKE admin API and let you retrieve the master API credentials using gcloud…
dry-engine-17210
01/22/2021, 10:42 PM
I’m guessing this technique is trying to sidestep that dance of retrieving the credentials?