https://pulumi.com logo
#google-cloud
Title
# google-cloud
d

dry-engine-17210

01/22/2021, 10:11 PM
Anyone orchestrating GKE with Pulumi? I am wondering if creating the GKE cluster with static credentials[1] is the only way to go about this? [1] - https://github.com/pulumi/examples/blob/master/gcp-py-gke/__main__.py#L30
b

billowy-army-68599

01/22/2021, 10:25 PM
hey, you can actually turn this off completely, but you then need to map IAM roles back to the cluster
you'll need to map an IAM role to a Kubernetes RBAC role with admin permissions, I think
it's been a while since I did this 😄
d

dry-engine-17210

01/22/2021, 10:35 PM
Yeah, I remember the convergence between IAM and Kubernetes RBAC is confusing.
I mean technically a service account with roles/container.admin will let you use the GKE admin API and let you retrieve the master API credentials using gcloud…
I’m guessing this technique is trying to sidestep that dance of retrieving the credentials?