hey, you can actually turn this off completely, but you then need to map IAM roles back to the cluster
you'll need to map an IAM role to a Kubernetes RBAC role with admin permissions, I think
it's been a while since I did this 😄
d
dry-engine-17210
01/22/2021, 10:35 PM
Yeah, I remember the convergence between IAM and Kubernetes RBAC is confusing.
I mean technically a service account with roles/container.admin will let you use the GKE admin API and let you retrieve the master API credentials using gcloud…
I’m guessing this technique is trying to sidestep that dance of retrieving the credentials?