k8s-gke-service-account-assigner does not work with GKE Metadata concealment

Question

k8s-gke-service-account-assigner does not work with GKE Metadata concealment

stepanstipl opened this issue 5 years ago · 3 comments

k8s-gke-service-account-assigner does not work when GKE Metadata concealment is enabled on the cluster.

This is caused by iptables rule redirecting all the traffic to GKE's k8s-metadata-proxy that is already present and therefore takes precedence before the rule appended by k8s-gke-service-account-assigner.

Answer 1 · 2019-03-26T08:36:57.000Z

@stepanstipl Are you happy for this to be marked as resolved with your PR merged?

Answer 2 · 2019-03-26T08:51:56.000Z

Travis just finished publishing the 0.0.2 image for this: https://cloud.docker.com/repository/docker/imduffy15/k8s-gke-service-account-assigner/tags

Answer 3 · 2019-03-26T09:44:44.000Z

Awesome, thanks a lot for merging this! 👍