This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Security setting for Auto-provisioned nodes

Posted 3 weeks ago
weisinc
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

When GKE nodes are auto-scaled for the cluster, the VM setting for that node is

Block project-wide SSH keys = Off

Is there a way to set it so that the nodes auto-scaled with this setting to On ?

 

3 1 71
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

You'd need to set this value when creating a node-pool using the `metadata` flag/field (https://cloud.google.com/sdk/gcloud/reference/container/node-pools/create#--metadata).   Then any nodes added to that pool by the autoscaler will also include that metadata value.  You cannot set this if you are using node auto-provisioning or using Autopilot mode.

Also note that if you do set this, it is possible that thinks like `kubectl exec` and `kubectl logs` will stop working unless your cluster is running the Konnectivity agent (older clusters use SSH).  You can check that by following https://cloud.google.com/kubernetes-engine/docs/troubleshooting#konnectivity_proxy

Top Labels in this Space