I have a few questions regarding ->"gcloud container clusters get-credentials business"
How long these credentials are valid?
Could they be stolen and used for a long period or are these short-lived tokens as GCP knows the call comes from an Cloud Identity Account?
I hold a passion for DevOps, Security and Networking and I love bringing these principles to my customers by empowering them with the power of the public cloud.
The credentials will live as long as the gitlab runner job is up so just after the completion of the stage.
For a Kubernetes cluster shared between different teams or departments, I would recommend using Kubernetes RBAC or Kubernetes Agents (Premium tiers). It could help to respect least privilege principles.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey! Great article!
I just implemented it the same way.
I have a few questions regarding ->"gcloud container clusters get-credentials business"
How long these credentials are valid?
Could they be stolen and used for a long period or are these short-lived tokens as GCP knows the call comes from an Cloud Identity Account?
Is this the only way to auth kubectl?
Thanks a lot!
Hi Tim!
Thanks for your contribution!
The credentials will live as long as the gitlab runner job is up so just after the completion of the stage.
For a Kubernetes cluster shared between different teams or departments, I would recommend using Kubernetes RBAC or Kubernetes Agents (Premium tiers). It could help to respect least privilege principles.