Explicitly set master_auth for new GKE clusters

From 1.12, GKE will disable basic auth and client certificate by default. Explicitly enable those now (currently we use 1.10/1.11 clusters) so that GKE cluster configuration will continue to work.
author: Thong Kuah <tkuah@gitlab.com> 2019-03-12 22:38:18 +1300
committer: Thong Kuah <tkuah@gitlab.com> 2019-03-13 16:28:04 +1300
commit: 428ee4bc6017c2df2a1fa02a358c33b7b67480a8 (patch)
tree: e5ffb036bb8ae838ce199680c72a32b0a6a24be4 /lib/google_api
parent: b8ca2fc64a313be332d870438d32c296e4801366 (diff)
download: gitlab-ce-428ee4bc6017c2df2a1fa02a358c33b7b67480a8.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb
index e74ff6a9129..b5f99ea012b 100644
--- a/lib/google_api/cloud_platform/client.rb
+++ b/lib/google_api/cloud_platform/client.rb
@@ -10,6 +10,7 @@ module GoogleApi
     class Client < GoogleApi::Auth
       SCOPE = 'https://www.googleapis.com/auth/cloud-platform'.freeze
       LEAST_TOKEN_LIFE_TIME = 10.minutes
+      CLUSTER_MASTER_AUTH_USERNAME = 'admin'.freeze
 
       class << self
         def session_key_for_token
@@ -64,6 +65,12 @@ module GoogleApi
               "node_config": {
                 "machine_type": machine_type
               },
+              "master_auth": {
+                "username": CLUSTER_MASTER_AUTH_USERNAME,
+                "client_certificate_config": {
+                  issue_client_certificate: true
+                }
+              },
               "legacy_abac": {
                 "enabled": legacy_abac
               }
author	Thong Kuah <tkuah@gitlab.com>	2019-03-12 22:38:18 +1300
committer	Thong Kuah <tkuah@gitlab.com>	2019-03-13 16:28:04 +1300
commit	428ee4bc6017c2df2a1fa02a358c33b7b67480a8 (patch)
tree	e5ffb036bb8ae838ce199680c72a32b0a6a24be4 /lib/google_api
parent	b8ca2fc64a313be332d870438d32c296e4801366 (diff)
download	gitlab-ce-428ee4bc6017c2df2a1fa02a358c33b7b67480a8.tar.gz