From a9588e80cdf0237067e75422ce0334705fd087c4 Mon Sep 17 00:00:00 2001 From: Robert Bailey Date: Wed, 19 Jun 2019 03:38:19 -0700 Subject: [PATCH 1/2] Remove the GKE flag to enable RBAC, since RBAC has been enabled by default since GKE 1.8. See https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_abac --- site/content/en/docs/Installation/_index.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/site/content/en/docs/Installation/_index.md b/site/content/en/docs/Installation/_index.md index 22814f9990..8c6ce1ccdc 100644 --- a/site/content/en/docs/Installation/_index.md +++ b/site/content/en/docs/Installation/_index.md @@ -93,7 +93,6 @@ A [cluster][cluster] consists of at least one *cluster master* machine and multi ```bash gcloud container clusters create [CLUSTER_NAME] --cluster-version=1.11 \ - --no-enable-legacy-authorization \ --tags=game-server \ --enable-basic-auth \ --password=supersecretpassword \ @@ -105,7 +104,6 @@ gcloud container clusters create [CLUSTER_NAME] --cluster-version=1.11 \ Flag explanations: * cluster-version: Agones requires Kubernetes version 1.11. -* no-enable-legacy-authorization: This enables RBAC, the authorization scheme used by Agones to control access to resources. * tags: Defines the tags that will be attached to new nodes in the cluster. This is to grant access through ports via the firewall created in the next step. * enable-basic-auth/password: Sets the master auth scheme for interacting with the cluster. * scopes: Defines the Oauth scopes required by the nodes. From a29e296f55ba3ad24f7e8a60c883617ddf5541e5 Mon Sep 17 00:00:00 2001 From: Robert Bailey Date: Wed, 19 Jun 2019 03:46:39 -0700 Subject: [PATCH 2/2] Switch the instructions to disable basic auth on GKE 1.11. --- site/content/en/docs/Installation/_index.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/site/content/en/docs/Installation/_index.md b/site/content/en/docs/Installation/_index.md index 8c6ce1ccdc..5b4bd35b44 100644 --- a/site/content/en/docs/Installation/_index.md +++ b/site/content/en/docs/Installation/_index.md @@ -94,8 +94,7 @@ A [cluster][cluster] consists of at least one *cluster master* machine and multi ```bash gcloud container clusters create [CLUSTER_NAME] --cluster-version=1.11 \ --tags=game-server \ - --enable-basic-auth \ - --password=supersecretpassword \ + --no-enable-basic-auth \ --scopes=gke-default \ --num-nodes=3 \ --machine-type=n1-standard-2 @@ -105,7 +104,7 @@ Flag explanations: * cluster-version: Agones requires Kubernetes version 1.11. * tags: Defines the tags that will be attached to new nodes in the cluster. This is to grant access through ports via the firewall created in the next step. -* enable-basic-auth/password: Sets the master auth scheme for interacting with the cluster. +* no-enable-basic-auth/password: Disables basic auth scheme for the cluster (this is the default starting with version 1.12). * scopes: Defines the Oauth scopes required by the nodes. * num-nodes: The number of nodes to be created in each of the cluster's zones. Default: 3 * machine-type: The type of machine to use for nodes. Default: n1-standard-2. Depending on the needs of you game, you may wish to [have a bigger machines](https://cloud.google.com/compute/docs/machine-types).