Explicitly set master_auth for new GKE clusters
What does this MR do?
From 1.12, GKE will disable basic auth and client certificate by default. GKE has provided some options to enable those two options pre 1.12.
This MR explicitly enables those now (currently we use 1.10/1.11 clusters) so that GKE cluster configuration will continue to work in any version of GKE.
Explicitly sets:
master_auth.usernamemaster_auth.client_certificate_config.issue_client_certificate
I have chosen admin as the value for master_auth.username as that has been the default value for GKE previously.
What are the relevant issue numbers?
Closes #58208 (closed)
QA
Tested on GKE versions 1.12.5-gke.10 (the current latest version) and 1.11.7-gke.4 (the current default version).
- Verified that GKE will return an auto-generated password in the
master_auth.passwordfield - Tested that both ABAC and RBAC clusters will create and can install cluster applications
Tip: set initial_cluster_version to latest to get the latest cluster version GKE will currently support.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug - [-] Tested in all supported browsers
-
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides - [-] Conforms to the database guides
- [-] Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.
-
Security reports checked/validated by reviewer
Edited by 🤖 GitLab Bot 🤖