- Print
- PDF
Converting Admin authentication to IAM authentication
- Print
- PDF
Available in VPC
Ncloud Kubernetes Service authentication can be divided into certificate-based Admin authentication and IAM authentication, which is based on the IAM service (Sub Account). Use ncp-iam-authenticator
to configure kubeconfig to control cluster permissions by the IAM service (Sub Account) account through IAM authentication.
IAM authentication applies automatically to clusters created after February 13, 2022, so the following task is not necessary. The clusters created before February 14, 2022 need to have their Admin authentication converted to IAM authentication as follows before IAM authentication can be applied.
Converting Admin authentication to IAM authentication
Confirm cluster authentication method
- A cluster's authentication method can be checked via the button displayed in Kubernetes Service > Clusters > Cluster description > Configuration file.
- Admin authentication: [Download], [Reset], [Set IAM authentication] buttons are displayed
- IAM authentication: [IAM authentication guide] button is displayed
- A cluster's authentication method can be checked via the button displayed in Kubernetes Service > Clusters > Cluster description > Configuration file.
Apply IAM authentication
- Click [Set IAM authentication] button in the Kubernetes Service > Clusters > Cluster description > Configuration file to apply IAM authentication.
Check if IAM authentication has been applied
- Confirm the kubectl command by authentication through
ncp-iam-authenticator
, and check if IAM authentication is applied successfully. - Install ncp-iam-authenticator
- Create kubeconfig for IAM authentication
- Confirm the kubectl command by authentication through
Disable Admin authentication
- Go to [Kubernetes Service]>[Clusters]>[Cluster description]>[Configuration file] and click [Reset] button to disable the existing Admin authentication.
Disabling Admin authentication may cause errors in applications that use the Admin authentication kubeconfig created earlier (e.g., CI, CD pipeline). Make sure there's no part that uses the Admin authentication kubeconfig before disabling the existing certificate.