Explicitly set master_auth for new GKE clusters
From 1.12, GKE will disable basic auth and client certificate by default. Explicitly enable those now (currently we use 1.10/1.11 clusters) so that GKE cluster configuration will continue to work.
This commit is contained in:
parent
b8ca2fc64a
commit
428ee4bc60
3 changed files with 25 additions and 0 deletions
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
title: Explicitly set master_auth setting to enable basic auth and client certificate
|
||||||
|
for new GKE clusters
|
||||||
|
merge_request: 26018
|
||||||
|
author:
|
||||||
|
type: other
|
|
@ -10,6 +10,7 @@ module GoogleApi
|
||||||
class Client < GoogleApi::Auth
|
class Client < GoogleApi::Auth
|
||||||
SCOPE = 'https://www.googleapis.com/auth/cloud-platform'.freeze
|
SCOPE = 'https://www.googleapis.com/auth/cloud-platform'.freeze
|
||||||
LEAST_TOKEN_LIFE_TIME = 10.minutes
|
LEAST_TOKEN_LIFE_TIME = 10.minutes
|
||||||
|
CLUSTER_MASTER_AUTH_USERNAME = 'admin'.freeze
|
||||||
|
|
||||||
class << self
|
class << self
|
||||||
def session_key_for_token
|
def session_key_for_token
|
||||||
|
@ -64,6 +65,12 @@ module GoogleApi
|
||||||
"node_config": {
|
"node_config": {
|
||||||
"machine_type": machine_type
|
"machine_type": machine_type
|
||||||
},
|
},
|
||||||
|
"master_auth": {
|
||||||
|
"username": CLUSTER_MASTER_AUTH_USERNAME,
|
||||||
|
"client_certificate_config": {
|
||||||
|
issue_client_certificate: true
|
||||||
|
}
|
||||||
|
},
|
||||||
"legacy_abac": {
|
"legacy_abac": {
|
||||||
"enabled": legacy_abac
|
"enabled": legacy_abac
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,6 +97,12 @@ describe GoogleApi::CloudPlatform::Client do
|
||||||
"node_config": {
|
"node_config": {
|
||||||
"machine_type": machine_type
|
"machine_type": machine_type
|
||||||
},
|
},
|
||||||
|
"master_auth": {
|
||||||
|
"username": "admin",
|
||||||
|
"client_certificate_config": {
|
||||||
|
issue_client_certificate: true
|
||||||
|
}
|
||||||
|
},
|
||||||
"legacy_abac": {
|
"legacy_abac": {
|
||||||
"enabled": true
|
"enabled": true
|
||||||
}
|
}
|
||||||
|
@ -122,6 +128,12 @@ describe GoogleApi::CloudPlatform::Client do
|
||||||
"node_config": {
|
"node_config": {
|
||||||
"machine_type": machine_type
|
"machine_type": machine_type
|
||||||
},
|
},
|
||||||
|
"master_auth": {
|
||||||
|
"username": "admin",
|
||||||
|
"client_certificate_config": {
|
||||||
|
issue_client_certificate: true
|
||||||
|
}
|
||||||
|
},
|
||||||
"legacy_abac": {
|
"legacy_abac": {
|
||||||
"enabled": false
|
"enabled": false
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue