Converting Admin authentication to IAM authentication

Available in VPC

Ncloud Kubernetes Service authentication can be divided into certificate-based Admin authentication and IAM authentication, which is based on the IAM service (Sub Account). Use ncp-iam-authenticator to configure kubeconfig to control cluster permissions by the IAM service (Sub Account) account through IAM authentication.

Note

IAM authentication applies automatically to clusters created after February 13, 2022, so the following task is not necessary. The clusters created before February 14, 2022 need to have their Admin authentication converted to IAM authentication as follows before IAM authentication can be applied.

Converting Admin authentication to IAM authentication

Confirm cluster authentication method
- A cluster's authentication method can be checked via the button displayed in Kubernetes Service > Clusters > Cluster description > Configuration file.
  - Admin authentication: [Download], [Reset], [Set IAM authentication] buttons are displayed
  - IAM authentication: [IAM authentication guide] button is displayed
Apply IAM authentication
- Click [Set IAM authentication] button in the Kubernetes Service > Clusters > Cluster description > Configuration file to apply IAM authentication.
Check if IAM authentication has been applied
- Confirm the kubectl command by authentication through ncp-iam-authenticator, and check if IAM authentication is applied successfully.
- Install ncp-iam-authenticator
- Create kubeconfig for IAM authentication
Disable Admin authentication
- Go to [Kubernetes Service]>[Clusters]>[Cluster description]>[Configuration file] and click [Reset] button to disable the existing Admin authentication.

Caution

Disabling Admin authentication may cause errors in applications that use the Admin authentication kubeconfig created earlier (e.g., CI, CD pipeline). Make sure there's no part that uses the Admin authentication kubeconfig before disabling the existing certificate.