GKE Access Control and Google’s Container Registry
Also read Roles and Permissions in GCP
Access control for GKE Clusters
Cloud IAM works at a project level to grant access to the GKE Clusters within a project.
However, Kubernetes has it's own role based access (RBAC) that can be used in conjunction with Google Cloud IAM.
Kubernetes RBAC
Step 1- Define a role (kind:role) that can apply to an entire namespace (or a cluster).
Step2- Assign IAM users this role
Google's Container Registry
What if you wanted to run vulnerability image scans for your GKE Images? Ideally, store the images in Google's own container registry to make these types of tasks easier.
kubectl run $name --image=$HOSTNAME/$PROJECT-ID/$IMAGE:$TAG
Leave a Reply