lacework-global-801
Manage Kubernetes Role-Based Access Control (RBAC) users with Google Groups for Google Kubernetes Engine (GKE) (Manual)
Description
Cluster Administrators should leverage G Suite Groups and Cloud Identity and Access Management (IAM) to assign Kubernetes user roles to a collection of users, instead of to individual emails using only Cloud IAM.
Remediation
Follow the G Suite Groups instructions at: https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac.
Then, create a cluster with:
gcloud container clusters create <cluster_name> --security-group <security_group_name>
Finally create Roles
, ClusterRoles
, RoleBindings
, and ClusterRoleBindings
that reference the G Suite Groups.
References
https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac
https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control