This document shows how to create an admin workstation for Google Distributed Cloud that you can use to create clusters.
The instructions here are part of a quickstart. For full instructions on how to create an admin workstation, see Creating an admin workstation.
Before you begin
Create a Google Cloud project (quickstart).
Create a service account (quickstart).
Know your vCenter server address and your CA cert path.
Generate templates for your configuration files
The steps in this document use the gkeadm
command-line tool, which is
available for 64-bit Linux, Windows 10, Windows Server 2019, and macOS 10.15
and higher.
Download gkeadm
to your current directory.
Generate templates:
./gkeadm create config
The preceding command created these files in your current directory:
credential.yaml
admin-ws-config.yaml
Fill in credential.yaml
In credential.yaml
, fill in your vCenter username and password. For example:
kind: CredentialFile items: - name: vCenter username: "my-account-name" password: "AadmpqGPqq!a"
Fill in admin-ws-config.yaml
The following fields are filled in for you:
vCenter: credentials: fileRef: path: credential.yaml entry: vCenter adminWorkstation: name: gke-admin-ws-... cpus: 4 memoryMB: 8192 diskGB: 50 dataDiskName: gke-on-prem-admin-workstation-data-disk,,,.vmdk dataDiskMB: 512 network: ntpServer: ntp.ubuntu.com
Fill in the following required fields. For information on how to fill in the fields, see Admin workstation configuration file.
gcp: componentAccessServiceAccountKeyPath: "Fill in" vCenter: credentials: address: "Fill in" datacenter: "Fill in" datastore: "Fill in" cluster: "Fill in" network: "Fill in" resourcePool: "Fill in" caCertPath: "Fill in" network: hostConfig: ipAllocationMode: Fill in. Set to "static". ip: "Fill in" gateway: "Fill in" netmask: "Fill in" dns: "Fill in"
If necessary, fill in the
proxyURL
field.
adminWorkstation: proxyURL: "Fill in"
Create your admin workstation
Create your admin workstation, and automatically create service accounts:
./gkeadm create admin-workstation --auto-create-service-accounts
The output gives detailed information about the creation of your admin workstation:
... Getting ... service account... Creating other service accounts and JSON key files... - connect-register-sa-2007081316 - log-mon-sa-2007081316 ******************************************************************** Admin workstation is ready to use. Admin workstation information saved to /usr/local/google/home/me/my-admin-workstation This file is required for future upgrades SSH into the admin workstation with the following command: ssh -i /usr/local/google/home/me/.ssh/gke-admin-workstation ubuntu@172.16.5.1 ********************************************************************
In the preceding output, you can see that gkeadm
created two service accounts
for you: a connect register service account and a logging monitoring
service account. Those service accounts have the same parent
Google Cloud project as your component access service account. Also, gkeadm
grants roles to those service accounts on that same parent project.
Getting an SSH connection to your admin workstation
Near the end of the preceding output there is a command you can use to get an SSH connection to your admin workstation. Enter that command now. For example:
ssh -i /usr/local/google/home/me/.ssh/gke-admin-workstation ubuntu@172.16.5.1
List the files on your admin workstation:
ls -1
In the output, you can see two cluster configuration files, your CA certificate file, and the JSON key files for your service accounts. For example:
admin-cluster.yaml connect-agent-sa-2007081316.json connect-register-sa-2007081316.json log-mon-sa-2007081316.json user-cluster.yaml vcenter-ca-cert.pem component-access-key.json
View the active account
Your component access service account is the active account on your admin workstation. To verify this:
gcloud config list
What's next
Seesaw load balancer (quickstart)