We would like to change some things on the default GKE setup and the docs
don't clarify whether it is safe to do so or if the next GKE update will
fail after that or revert everything.
We're thinking about changing two things specifically:
1) The fluentd config map in order to parse a little more and use
structured logging in our own containers. (while still letting them use
2) Change the dashboard and give it a read only scope with no access to
The 2nd is by far the most important:
Currently with k8s 1.6 via GKE we can restrict our users nicely with RBAC,
but this does not limit the ability for users to use "kubectl proxy".
With "kubectl proxy" everybody gets access to the kubernetes-dashboard
which by GKE default has the kube-system default token mounted, that can
basically do anything.
The dashboard itself has no authn/authz. Therefore anybody can escalate
their own privileges to "root" in the cluster and leave any RBAC
This is nothing that we would be willing to launch in production.
Our solution to this would be to use a token with limited abilities mounted
into the dashboard container, or if everything else fails, drop the UI for
But in those cases we would need to modify the deployment object created by
Will changes like these make our cluster go up in flames on the next GKE
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.