Login to GKE via service account with token

Question

I am trying to access my Kubernetes cluster on google cloud with the service account, but I am not able to make this works. I have a running system with some pods and ingre

Answer 1

I have tried to recreate your problem.

Steps I have followed

• kubectl create serviceaccount foo
• kubectl get secret foo-token-* -o yaml

Then, I have tried to do what you have done

What I have used as token is base64 decoded Token.

Then I tried this:

$ kubectl get pods

Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:default:foo" cannot list pods in the namespace "default": Unknown user "system:serviceaccount:default:foo"

This gave me error as expected. Because, I need to grant permission to this ServiceAccount.

How can I grant permission to this ServiceAccount? I need to create ClusterRole & ClusterRoleBinding with necessary permission.

Read more to learn more role-based-access-control

I can do another thing

$ kubectl config set-credentials foo --username="admin" --password="$PASSWORD"

This will grant you admin authorization.

You need to provide cluster credential.

Username: admin
Password: -----

You will get this info in GKE -> Kubernetes Engine -> {cluster} -> Show credential