I created GKE cluster using GKE API. Below is the payload and end point I used.
API: https://container.googleapis.com/v1/{parent=projects//locations/}/clusters
Method: POST
RequestBody:
{ "cluster": { "name": "test", "masterAuth": { "clientCertificateConfig": { "issueClientCertificate": true } }.... } ...... ..... }
NOTE: I'am creating GKE cluster with masterAuth enabled by setting clientCertificate to true. After cluster creation, I created the kubeconfig in my local machine using the clusterCaCertificate, clientCertificate and clientKey information from the GKE API ie., by describing the cluster.
- Then I listed the nodes using 'kubectl get nodes' command and the response was
Error from server (Forbidden): nodes is forbidden: User "client" cannot list resource "nodes" in API group "" at the cluster scope
The clusterCaCertificate information provided by the GKE describe APIs has the CN="client" but it should have been "admin". clusterCaCertificate is generated by Google and as a developer I could not find a way of setting the CN. I cannot even access the cluster so cannot perform any roleBinding or similar for user 'client'. Any idea how this can be resolved ?