Stay organized with collections
Save and categorize content based on your preferences.
Google Cloud provides several options for authenticating to fleet clusters from the command line. These let developers and other cluster users connect to and run commands against registered clusters in a simple, consistent, and secured way, whether the clusters are on Google Cloud, other public clouds, or on premises.
All GKE clusters on Google Cloud are configured to accept Google Cloud user and service account identities. If your fleet contains clusters in multiple environments, you can configure the Connect gateway so that users and service accounts can also authenticate to any registered cluster using their Google Cloud ID.
If you want to use your existing third-party identity provider to authenticate to your fleet clusters, GKE Identity Service is an authentication service that lets you bring your existing identity solutions to multiple Anthos environments. It supports all OpenID Connect (OIDC) providers such as Okta and Microsoft AD FS, as well as preview support for LDAP providers in some environments. If configured, you can also use some third-party providers with the Connect gateway.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Work with fleet clusters from the command line\n\nGoogle Cloud provides several options for authenticating to fleet clusters from the command line. These let developers and other cluster users connect to and run commands against registered clusters in a simple, consistent, and secured way, whether the clusters are on Google Cloud, other public clouds, or on premises.\n\nFor details of how to work with fleet clusters from the Google Cloud console, see [Logging in to a cluster from the Google Cloud console](/kubernetes-engine/fleet-management/docs/console).\n\nAuthenticate with Google Cloud\n------------------------------\n\nAll GKE clusters on Google Cloud are configured to accept Google Cloud user and service account identities. If your fleet contains clusters in multiple environments, you can configure the [Connect gateway](/kubernetes-engine/enterprise/multicluster-management/gateway) so that users and service accounts can also authenticate to any registered cluster using their Google Cloud ID.\n\nLearn more in the following guides:\n\n- [Configuring cluster access for `kubectl`](/kubernetes-engine/docs/how-to/cluster-access-for-kubectl)\n- [Connecting to registered clusters with the Connect gateway](/kubernetes-engine/enterprise/multicluster-management/gateway)\n- [Using the Connect gateway](/kubernetes-engine/enterprise/multicluster-management/gateway/using).\n\nAuthenticate with third-party providers\n---------------------------------------\n\nIf you want to use your existing third-party identity provider to authenticate to your fleet clusters, GKE Identity Service is an authentication service that lets you bring your existing identity solutions to multiple Anthos environments. It supports all [OpenID Connect (OIDC)](https://openid.net/connect/) providers such as Okta and Microsoft AD FS, as well as preview support for LDAP providers in some environments. If configured, you can also use some third-party providers with the [Connect gateway](/kubernetes-engine/enterprise/multicluster-management/gateway/setup-third-party).\n\nLearn more in the following guides:\n\n- [Introducing GKE Identity Service](/kubernetes-engine/enterprise/identity)\n- [Accessing clusters with GKE Identity Service](/kubernetes-engine/enterprise/identity/accessing)\n- [Connecting to registered clusters with the Connect gateway](/kubernetes-engine/enterprise/multicluster-management/gateway)\n- [Using the Connect gateway](/kubernetes-engine/enterprise/multicluster-management/gateway/using)"]]
