Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how to use Capsule with GCP #623

Open
maxgio92 opened this issue Jul 28, 2022 · 1 comment
Open

Document how to use Capsule with GCP #623

maxgio92 opened this issue Jul 28, 2022 · 1 comment
Assignees
@bsctl
Labels
documentation Improvements or additions to documentation

Comments

@maxgio92
Copy link
Collaborator

maxgio92 commented Jul 28, 2022
edited

Describe the feature

This issue tracks the work to document how to use Capsule in a GCP environment with GKE and GCP IAM.

What would the new user story look like?

As an adopter I'd like to understand how to setup GCP and Kubernetes resources to make Capsule work in GKE with Tenant users as Google Users.
@maxgio92 maxgio92 added the blocked-needs-validation Issue need triage and validation label Jul 28, 2022
@maxgio92
Copy link
Collaborator Author

maxgio92 commented Jul 28, 2022
edited

This is a work in progress

  1. Create/update GKE cluster enabling the Google Groups for Kubernetes RBAC GKE feature
  2. Create a GCP IAM Group:
  • email: gke-security-group@<domain>
  • name: gke-security-group
  1. Create a GCP IAM Group that will be a Capsule Group, e.g.:
  1. Add the capsule-group GCP IAM Group above as a member the gke-security-group GCP IAM Group
  2. Add the Google Users of the Capsule Tenant Owners as members of the capsule-group GCP IAM Group
  3. Create a GCP IAM Role to enable the Capsule Tenant Owner Google Users to authenticate to GKE (and Kubernetes) with permissions:
  • containers.clusters.get
  • containers.clusters.GetCredentials
  1. Assign GCP IAM Role above to Tenant Owner IAM User
  2. Create/update the used CapsuleConfiguration with as Capsule group the email of the GCP IAM Group capsule-group (i.e. [email protected])

@bsctl bsctl added documentation Improvements or additions to documentation and removed blocked-needs-validation Issue need triage and validation labels Jul 31, 2022
@bsctl bsctl self-assigned this Jul 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bsctl bsctl

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bsctl @maxgio92