Securing Google Kubernetes Engine with IAM and Pod Security Admission Reviews

Good examples of giving GKE permissions through service accounts and IAM Permissions, enjoyed the IP Address rotation of the GKE Cluster as an addition, would have been nice to have been marked on that one!

Justin E. · Reviewed about 2 years ago

KAI W. · Reviewed about 2 years ago

Michael Angelo Z. · Reviewed about 2 years ago

student_00_e614b07bad74@cloudshell:~ (qwiklabs-gcp-03-8d7e8f2024b6)$ gcloud container clusters update $my_cluster --zone $my_zone --complete-credential-rotation This will complete the in-progress Credential Rotation on cluster [standard-cluster-1]. The master will be updated to stop serving on the old IP address and only serve on the new IP address. Old cluster credentials will be invalidated. Make sure all API clients have been updated to communicate with the new IP address (e.g. by running `gcloud container clusters get-credentials --project qwiklabs-gcp-03-8d7e8f2024b6 --location us-central1-a standard-cluster-1`). If maintenence window is used, nodes are not recreated until a maintenance window occurs. See documentation https://cloud.google.com/kubernetes-engine/docs/how-to/credential-rotation on how to manually update nodes. This operation is long-running and will block other operations on the cluster (including delete) until it has run to completion. Do you want to continue (Y/n)? y ERROR: (gcloud.container.clusters.update) ResponseError: code=400, message=Node pool "default-pool" requires recreation. student_00_e614b07bad74@cloudshell:~ (qwiklabs-gcp-03-8d7e8f2024b6)$ gcloud container clusters upgrade $my_cluster --node-pool=default-pool --zone $my_zone All nodes in node pool [default-pool] of cluster [standard-cluster-1] will be upgraded from version [1.27.3-gke.100] to version [1.27.3-gke.100]. This operation is long-running and will block other operations on the cluster (including delete) until it has run to completion. Do you want to continue (Y/n)? y ERROR: (gcloud.container.clusters.upgrade) ResponseError: code=400, message=Cluster is running incompatible operation operation-1704226508383-92397857-74fe-4a23-bbcd-b2a907b83659. student_00_e614b07bad74@cloudshell:~ (qwiklabs-gcp-03-8d7e8f2024b6)$ ================ PS: problem does not occur when using K8S v1.28

Michel M. · Reviewed about 2 years ago

Jennifer L. · Reviewed about 2 years ago

second time was fine - all OK

DevAnd O. · Reviewed about 2 years ago

the permissions for username 2 are not present

DevAnd O. · Reviewed about 2 years ago

Passawit K. · Reviewed about 2 years ago

Ashess P. · Reviewed about 2 years ago

Nhan H. · Reviewed about 2 years ago

Aritra R. · Reviewed over 2 years ago

jubeda b. · Reviewed over 2 years ago

Kavitha P. · Reviewed over 2 years ago

Pragatheeswar M. · Reviewed over 2 years ago

Lewis M. · Reviewed over 2 years ago

Wing Z. · Reviewed over 2 years ago

Shubham C. · Reviewed over 2 years ago

Rex O. · Reviewed over 2 years ago

Charles Y. · Reviewed over 2 years ago

Anbarasan M. · Reviewed over 2 years ago

Ichii O. · Reviewed over 2 years ago

Dino B. · Reviewed over 2 years ago

Sanket G. · Reviewed over 2 years ago

Igor L. · Reviewed over 2 years ago

Najihah R. · Reviewed over 2 years ago