# GKE IAM Integration
If you're connected to a GKE cluster, RBAC is only half the story here. Google Cloud IAM roles can grant cluster access. Cluster access is effectively determined by a union of IAM and RBAC roles. To see the relevant IAM roles along with RBAC roles, use the
rbac-lookup rob --gke SUBJECT SCOPE ROLE [email protected] cluster-wide ClusterRole/view [email protected] nginx-ingress ClusterRole/edit [email protected] project-wide IAM/gke-developer [email protected] project-wide IAM/viewer
Of course this GKE integration also supports wide output, in this case referencing the specific IAM roles that are assigned to a user.
rbac-lookup rob --gke --output wide SUBJECT SCOPE ROLE SOURCE User/[email protected] cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view User/[email protected] nginx-ingress ClusterRole/edit RoleBinding/rob-edit User/[email protected] project-wide IAM/gke-developer IAMRole/container.developer User/[email protected] project-wide IAM/gcp-viewer IAMRole/viewer
At this point this integration only supports standard IAM roles, and is not advanced enough to include any custom roles. For a full list of supported roles and how they are mapped, view lookup/gke_roles.go (opens new window).