I am trying to authorize to a GKE cluster using a service account with the following permissions
cluster.deployments.get
container.clusters.get
I create a kubeconfig by making API calls to get cluster info like cluster certificate, endpoint and service account token and then use this kubeconfig to list deployments using the command below
kubectl get deployments --kubeconfig=kubeconfig.yaml
Is this supposed to work or will I need to setup RBAC too? I am doing this whole thing through go code.
For authorization you can use either IAM or Kubernetes RBAC or you can use both. To authorize an action, GKE checks for an RBAC policy first. If there isn't an RBAC policy, GKE checks for IAM permissions. For additional information you can check Interaction with Identity and Access Management.
In addition, Kubernetes RBAC is built into Kubernetes, and grants granular permissions to objects within Kubernetes clusters. IAM manages Google Cloud resources, including clusters, and types of objects within clusters. See About RBAC and IAM