Skip to main content

lacework-global-801

Manage Kubernetes Role-Based Access Control (RBAC) users with Google Groups for Google Kubernetes Engine (GKE) (Manual)

Description

Cluster Administrators should leverage G Suite Groups and Cloud Identity and Access Management (IAM) to assign Kubernetes user roles to a collection of users, instead of to individual emails using only Cloud IAM.

Remediation

Follow the G Suite Groups instructions at: https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac.

Then, create a cluster with:

gcloud container clusters create <cluster_name> --security-group <security_group_name>

Finally create Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings that reference the G Suite Groups.

References

https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac
https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control

Last updated on