GKE Access

Previous Next

How to access GKE clusters generated by pltf.

Kubeconfig

  1. Fetch outputs: 
    pltf terraform output -f env.yaml -e <env> --json
    Note k8s_cluster_name, k8s_endpoint, and k8s_ca_data (output names may be prefixed if there are duplicates).
  2. Authenticate and update kubeconfig: 
    gcloud auth login
gcloud container clusters get-credentials <cluster> \
  --region <region> \
  --project <project-id>
    Use the same GCP project configured in your environment entry (environments.<env>.account).

Generated Terraform already configures Kubernetes and Helm providers using these outputs when you run pltf terraform plan/apply.

Kubernetes RBAC

GKE access is controlled by Kubernetes RBAC. Grant access via ClusterRoleBinding or RoleBinding.

Example cluster role binding: 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: platform-admins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: User
    name: user@example.com
    apiGroup: rbac.authorization.k8s.io

Summary

  • Use gcloud container clusters get-credentials with cluster outputs to access the cluster.
  • Manage RBAC with Kubernetes bindings (Terraform/Helm if you want it in code).
Overview GKE Upgrade