mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
e868d2e9e8
This PR presents a watcher for automatic `kube_cluster` discovery for GCP GKE clusters. Given an identity with access to the GCP cloud, the auto-discovery service will scan the cloud and register all clusters available in Kubernetes Engine.
Once the discovery service creates a `kube_cluster` on the Auth Server, the Kubernetes Service will start serving it. The credentials used to access the cluster are short-lived and generated through Google OAuth2 associated with the GCP Service Account configured for the Kubernetes Service.
GCP's Service Account must have the following role def attached:
```yaml
description: 'GKE Auto-Discovery'
includedPermissions:
- container.clusters.impersonate
- container.clusters.get
- container.clusters.list
- container.pods.get
- container.selfSubjectAccessReviews.create
- container.selfSubjectRulesReviews.create
name: projects/{projectID}/roles/GKEKubernetesAutoDisc
stage: GA
title: GKEKubernetesAutoDisc
```
Part of #16135, #13376
Related to #12048, #16276, #16281, #16633, #14991
|
||
|---|---|---|
| .. | ||
| breaker | ||
| client | ||
| constants | ||
| defaults | ||
| gen/proto/go | ||
| identityfile | ||
| metadata | ||
| observability/tracing | ||
| profile | ||
| proto | ||
| types | ||
| utils | ||
| go.mod | ||
| go.sum | ||
| version.go | ||