GCP: how to set user id for GKE for Python test code, first with my GCP userid?

I am adapting my client’s test code that works fine against their app outside of GKE. But running inside a GKE cluster and accessing the endpoint IP, I get:

{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User "system:anonymous" cannot post path "/"","reason":"Forbidden","details":{},"code":403}

I understand that I will need a service account when this goes into production, but right now I am just trying to run from the command line while logged in with:

gcloud auth login

How do I do this? I tried binding my login ID to an auth role, but that seems not to have done it.

Answer

system:anonymous means that an unauthenticated user is trying to get a resource from your cluster, which is forbidden. You need to Create an RBAC profile on the GKE cluster.

As mentioned by @Gari singh you might be trying to access the Kube API endpoint and not the endpoint for your app. To access the endpoint from your app, you need to connect to the application running on a pod .

Steps to access the endpoint from your app:

To deploy your app to the GKE cluster you created, you need two Kubernetes objects.

  1. A Deployment to define your app.

  2. A Service to define how to access your app.

Deploy an app:

The app has a frontend server that handles the web requests. You define the cluster resources needed to run the frontend in a new file called deployment.yaml. These resources are described as a Deployment. You use Deployments to create and update a ReplicaSet and its associated Pods.

Deploy a Service:

Services provide a single point of access to a set of Pods. While it’s possible to access a single Pod, Pods are ephemeral and can only be accessed reliably by using a Service address. In your app, the Service defines a load balancer to access the app Pods from a single IP address. This Service is defined in the service.yaml file. Get the external IP address of the Service by using command kubectl get services.

View a deployed app:

Use the external IP address from the previous step to load the app in your web browser, and see your running app: http://EXTERNAL_IP

Or, you can make a curl call to the external IP address of the Service: curl External_IP. This will be your application endpoint.

Refer Deploying a language-specific-app and exposing applications using services for information.