[maxsaltonstall]

You're right, the initial version of Identity-Aware Proxy (IAP) is for Cloud applications, but that's not the end of the story, and we're learning from BeyondCorp's 7 year journey to inform the direction of IAP going forward. [I work at Google, and helped make these papers, and blog post, happen]

[fortyfivan]

Thanks for sharing through the papers and posts, they've been incredibly informative. Keep up the good work!

[mikecb]

When are we going to hear about further contextual auth capabilities coming to IAP? It's awesome.

[puzzle]

How do you use IAP with GKE?

[mikecb]

Haven't tried yet myself, but since the ingress resource is just an https load balancer, enable IAP on that. Like so: https://medium.com/@DazWilkin/google-cloud-iap-and-gke-c773d...

Edit more direct: https://cloud.google.com/iap/docs/container-engine-quickstar...