Explicitly set master_auth for new GKE clusters

From 1.12, GKE will disable basic auth and client certificate by
default. Explicitly enable those now (currently we use 1.10/1.11
clusters) so that GKE cluster configuration will continue to work.
This commit is contained in:
Thong Kuah 2019-03-12 22:38:18 +13:00
parent b8ca2fc64a
commit 428ee4bc60
3 changed files with 25 additions and 0 deletions

View file

@ -0,0 +1,6 @@
---
title: Explicitly set master_auth setting to enable basic auth and client certificate
for new GKE clusters
merge_request: 26018
author:
type: other

View file

@ -10,6 +10,7 @@ module GoogleApi
class Client < GoogleApi::Auth class Client < GoogleApi::Auth
SCOPE = 'https://www.googleapis.com/auth/cloud-platform'.freeze SCOPE = 'https://www.googleapis.com/auth/cloud-platform'.freeze
LEAST_TOKEN_LIFE_TIME = 10.minutes LEAST_TOKEN_LIFE_TIME = 10.minutes
CLUSTER_MASTER_AUTH_USERNAME = 'admin'.freeze
class << self class << self
def session_key_for_token def session_key_for_token
@ -64,6 +65,12 @@ module GoogleApi
"node_config": { "node_config": {
"machine_type": machine_type "machine_type": machine_type
}, },
"master_auth": {
"username": CLUSTER_MASTER_AUTH_USERNAME,
"client_certificate_config": {
issue_client_certificate: true
}
},
"legacy_abac": { "legacy_abac": {
"enabled": legacy_abac "enabled": legacy_abac
} }

View file

@ -97,6 +97,12 @@ describe GoogleApi::CloudPlatform::Client do
"node_config": { "node_config": {
"machine_type": machine_type "machine_type": machine_type
}, },
"master_auth": {
"username": "admin",
"client_certificate_config": {
issue_client_certificate: true
}
},
"legacy_abac": { "legacy_abac": {
"enabled": true "enabled": true
} }
@ -122,6 +128,12 @@ describe GoogleApi::CloudPlatform::Client do
"node_config": { "node_config": {
"machine_type": machine_type "machine_type": machine_type
}, },
"master_auth": {
"username": "admin",
"client_certificate_config": {
issue_client_certificate: true
}
},
"legacy_abac": { "legacy_abac": {
"enabled": false "enabled": false
} }