Wondering how to set up GKE OAuth authentication for Authenticating users? We can help you.

In Google Kubernetes Engine (GKE), OAuth authentication is generally used for cluster authentication.

Here at Bobcares, we often handle requests from our customers to do this setup as a part of our Server Management Services.

Today we will see how our Support Engineers do this for our customers.

How to set up GKE OAuth authentication for Authenticating users

Now we will see the steps that our support Engineers follow.

As a prerequisite, we must ensure that the Google Kubernetes Engine API is enabled. We can do this using the following steps:

Enable Google Kubernetes Engine API

We must ensure that we have installed the Cloud SDK.

To set up default gcloud settings we can use one of the following methods:

• gcloud init: if we wish to be walked through setting defaults.
• gcloud config: If we wish to individually set the project ID, zone, and region.

Using gcloud init

1. In case if we receive the following error:

 One of [--zone, --region] must be supplied: Please specify location

We can complete this section and run gcloud init, follow the directions given below:

gcloud init

2. While doing SSH on a remote server, we caan use the ‘–console-only’ flag to prevent the command from launching a browser:

gcloud init --console-only

3. After that we can follow the instructions to authorize gcloud to use our Google Cloud account.

4. And create a new configuration or select an existing one.

5. Then choose a Google Cloud project.

6. We can choose a default Compute Engine zone for zonal clusters or a region for regional or Autopilot clusters.

Using gcloud config

1. First, we can set our default project ID using the following:

gcloud config set project PROJECT_ID

2. If we are working with zonal clusters, we can set our default compute zone using the following:

gcloud config set compute/zone COMPUTE_ZONE

3. And if we are working with Autopilot or regional clusters, we can set our default compute region using the following:

gcloud config set compute/region COMPUTE_REGION

4. Finally, we can update gcloud to the latest version with the following:

gcloud components update

Steps for Authenticating users using OAuth

GKE manages end-user authentication through the gcloud command-line tool.

The gcloud tool authenticates users to Google Cloud, sets up the Kubernetes configuration, gets an OAuth access token for the cluster, and keeps the access token up-to-date.

To authenticate to the cluster using the OAuth method, we must do the following:

1. Firstly, sign in to the gcloud tool using the credentials:

gcloud auth login 

Caution: This should not be performed on a Compute Engine VM. We must use a service account for authentication.

2. Then Retrieve the Kubernetes credentials for a specific cluster with the following:

gcloud container clusters get-credentials CLUSTER_NAME \     --zone=COMPUTE_ZONE

3. Finally we can verify that we are authenticated using the following:

kubectl cluster-info

[Need assistance? We can help you]

Conclusion

To conclude, we saw the steps that our Support Techs follow to