Anyone orchestrating GKE with Pulumi? I am wonderi...
# google-cloud
Anyone orchestrating GKE with Pulumi? I am wondering if creating the GKE cluster with static credentials[1] is the only way to go about this? [1] -
hey, you can actually turn this off completely, but you then need to map IAM roles back to the cluster
you'll need to map an IAM role to a Kubernetes RBAC role with admin permissions, I think
it's been a while since I did this 😄
Yeah, I remember the convergence between IAM and Kubernetes RBAC is confusing.
I mean technically a service account with roles/container.admin will let you use the GKE admin API and let you retrieve the master API credentials using gcloud…
I’m guessing this technique is trying to sidestep that dance of retrieving the credentials?