On Fri, Jul 15, 2016 at 2:56 AM, Richard Musiol <[email protected]> wrote:
> Hi Robert, > > yes, I'm talking about scopes, the UI calls them permissions. I've noticed > that we can use the "--scopes" flag to override the cluster's setting > when using "gcloud container node-pools create", the UI however does not > offer this option. > That's great feedback. I'll forward it to the UI developers. > > Still, the room to improve stays even when a workaround is available. ;-) > I see no reason why the default scopes setting of a cluster needs to be set > in stone. > This is a limitation of the underlying GCE VMs. If you create a GCE VM, you can't change the scopes on the VM while it is running (which you can verify aside from using GKE at all). > It is only used by the "gcloud container node-pools create" command when > you don't specify the "--scopes" flag, so why no making it possible to > change it via the "gcloud container clusters update" command? > If the update command required replacing all VMs, that seems pretty disruptive / intrusive. And it's the reason that you can't change the logging setting on a cluster (which requires replacing all nodes). Setting it on a new node pool and having control over shifting your application / traffic is much safer, especially for an "update" which for other options is not nearly as disruptive. > The benefit would be to avoid human error when creating a new node pool. > > Thanks, > Richard > > 'Robert Bailey' via Containers at Google < > [email protected]> schrieb am Fr., 15. Juli 2016 um > 05:48 Uhr: > >> Hi Richard, >> >> By permissions do you mean the scopes that are on the service account >> attached to each node? When you create a NodePool, you can pass in a >> NodeConfig >> object >> <https://cloud.google.com/container-engine/reference/rest/v1/NodeConfig> >> that allows you to customize the pool with a specified service account and >> oauth scopes (and not all pools in your cluster must have the same scopes). >> >> Are you trying to create the new node pool using the CLI (gcloud) or the >> UI (cloud console)? It's possible that this part of the API surface isn't >> properly exposed with a friendly UX (or if so, maybe it just isn't very >> discoverable). >> >> Robby >> >> >> >> On Thu, Jul 14, 2016 at 8:53 AM, Richard Musiol <[email protected]> >> wrote: >> >>> Hi, >>> >>> would it be possible to add the option to modify the permissions of a >>> cluster? As far as I can see they are only used as the default permission >>> values when a new node pool is being created. We would like to change those >>> defaults without having to create a new cluster. >>> >>> Thanks, >>> Richard >>> >> -- >>> You received this message because you are subscribed to the Google >>> Groups "Containers at Google" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >> >> >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/google-containers. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Containers at Google" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/google-containers/pjQUHm-No_4/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/google-containers. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Containers at Google" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-containers. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Containers at Google" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-containers. For more options, visit https://groups.google.com/d/optout.
