Can I enable ABAC (authorization) mode in the Google Container Engine?

Question

Can I enable ABAC (authorization) mode in the Google Container Engine?

I would like to enable ABAC mode for the Kubernetes cluster, which I use in the Google Container Engine. (more specifically, I would like to restrict access to the API service for the default service account, which is automatically assigned to all modules). However, since --authorization-mode=ABAC is a command line argument for kube-apiserver , and since the API server is managed by the Google Container Engine, I have not found a way to enable authorization for my cluster.

Is there any way to enable ABAC mode in GCE?

I am currently running Kubernetes v1.1.7 on the server and nodes.

+8

google-container-engine kubernetes

Robert Lemke Feb 26 '16 at 11:55

source share

2 answers

Robert Bailey · Answer 1 · 2016-02-26T16:43:36+0000

Cannot enable ABAC mode in Google Container Engine. If you need small-scale control over parameters passed to any of the main components, you need to run Kubernetes on GCE instead.

Robert Lemke · Answer 2 · 2017-08-25T19:31:08+0000

Meanwhile, Google has added the ability to use role-based access control (RBAC) for the Kubernetes cluster. It is enabled by default for all new clusters running Kubernetes 1.6 or later: https://cloud.google.com/container-engine/docs/role-based-access-control

Can I enable ABAC (authorization) mode in the Google Container Engine?

More articles: