Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Bersiap untuk penyiapan tingkat armada
Fleet di Google Cloud adalah grup logis cluster Kubernetes dan resource lain yang dapat dikelola bersama, yang dibuat dengan mendaftarkan cluster ke Google Cloud. Penyiapan tingkat fleet untuk Identity Service GKE memanfaatkan kemampuan fleet untuk memungkinkan administrator menyiapkan autentikasi dengan penyedia identitas pilihan mereka untuk satu atau beberapa cluster GKE sekaligus, dengan konfigurasi autentikasi mereka dikelola oleh GKE Enterprise dan disimpan di Google Cloud.
Dokumen ini ditujukan untuk administrator cluster atau operator aplikasi yang ingin menyiapkan Identity Service GKE untuk fleet.
Jenis cluster yang didukung
Jenis dan lingkungan cluster berikut didukung untuk penyiapan tingkat grup:
Jenis dan lingkungan cluster berikut didukung untuk penyiapan tingkat armada yang masih dalam Pra-GA:
Cluster yang terpasang di Amazon Elastic Kubernetes Service (Amazon EKS)
Untuk mengetahui informasi selengkapnya tentang cluster terpasang, lihat Cluster terpasang GKE.
Jenis dan lingkungan cluster lain yang didukung Identity Service GKE masih memerlukan penyiapan cluster individual. Anda juga dapat menggunakan penyiapan per cluster jika menggunakan cluster GKE versi sebelumnya, atau jika Anda memerlukan fitur Identity Service GKE yang belum didukung dengan pengelolaan siklus proses tingkat fleet.
Protokol penyedia identitas yang didukung
Jika mengonfigurasi Identity Service GKE tingkat fleet, Anda dapat menggunakan penyedia identitas yang mendukung protokol OIDC, SAML, atau LDAP.
Sebelum memulai
Pastikan administrator platform Anda telah memberikan semua detail yang diperlukan, termasuk client ID dan secret untuk Layanan Identitas GKE.
Pastikan Anda telah menginstal alat command line berikut:
Google Cloud CLI versi terbaru, yang mencakup gcloud, alat command line untuk berinteraksi dengan Google Cloud. Jika Anda perlu menginstal Google Cloud CLI, lihat panduan penginstalan.
kubectl untuk menjalankan perintah terhadap cluster Kubernetes. Jika Anda perlu menginstal kubectl, lihat panduan penginstalan.
Jika Anda menggunakan Cloud Shell sebagai lingkungan shell untuk berinteraksi dengan Google Cloud, alat ini akan diinstal untuk Anda.
Pastikan Anda telah melakukan inisialisasi gcloud CLI untuk digunakan dengan project tempat cluster didaftarkan.
Jika Anda bukan pemilik project, Anda memerlukan peran Admin GKE Hub di project tempat cluster didaftarkan untuk menyelesaikan langkah-langkah konfigurasi.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-07-14 UTC."],[],[],null,["# Prepare for fleet-level setup\n=============================\n\nA fleet in Google Cloud is a logical group of Kubernetes clusters and other resources that can be managed together, created by registering clusters to Google Cloud. Fleet-level setup for GKE Identity Service builds on the power of fleets to let administrators set up authentication with their preferred identity providers for one or more GKE clusters at once, with their authentication configuration maintained by GKE Enterprise and stored in Google Cloud.\nThis document is for cluster administrators or application operators who want to set up GKE Identity Service for a fleet.\n\nSupported cluster types\n-----------------------\n\nThe following cluster types and environments are supported for fleet-level setup:\n\n- [Google Distributed Cloud (software-only) on VMware](/anthos/clusters/docs/on-prem/overview), version 1.8.2 or higher\n- [Google Distributed Cloud (software-only) on bare metal](/anthos/clusters/docs/bare-metal/concepts/about-bare-metal), version 1.8.3 or higher\n- [GKE on Azure](/anthos/clusters/docs/azure/concepts/architecture)\n- [GKE on AWS](/anthos/clusters/docs/aws/concepts/architecture) running Kubernetes 1.21 or higher,\n- [GKE](/kubernetes-engine/docs) clusters on Google Cloud with Identity Service for GKE enabled. Follow the instructions in [Identity Service for GKE](/kubernetes-engine/docs/how-to/oidc) to enable the feature before [configuring authentication for the cluster](/kubernetes-engine/enterprise/identity/setup/fleet-cluster).\n\nThe following cluster type and environment is supported for fleet-level setup that is in *Pre-GA*:\n\n- Amazon Elastic Kubernetes Service (Amazon EKS) attached clusters\n\n| **Note:** This feature is covered by the [Pre-GA Offerings](https://cloud.google.com/terms/service-terms#1) Terms of the Google Cloud Terms of Service. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [launch stage descriptions](https://cloud.google.com/products#product-launch-stages).\n\nFor more information about attached clusters, see [GKE attached clusters](/kubernetes-engine/multi-cloud/docs/attached).\n\nOther GKE Identity Service supported cluster types and environments still require [individual cluster setup](/kubernetes-engine/enterprise/identity/setup/per-cluster). You may also want to use per-cluster setup if you are using an earlier version of GKE clusters, or if you require GKE Identity Service features that aren't yet supported with fleet-level lifecycle management.\n\nSupported identity provider protocols\n-------------------------------------\n\nIf you configure fleet-level GKE Identity Service, you can use identity providers that support the [OIDC](https://openid.net/connect/), [SAML](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) or [LDAP](https://ldap.com/) protocols.\n\nBefore you begin\n----------------\n\n- Ensure that your platform administrator has given you all the necessary details, including the client ID and secret for GKE Identity Service.\n- Ensure that you have the following command line tools installed:\n - The latest version of the Google Cloud CLI, which includes `gcloud`, the command line tool for interacting with Google Cloud. If you need to install the Google Cloud CLI, see the [installation guide](/sdk/docs/install).\n - `kubectl` for running commands against Kubernetes clusters. If you need to install `kubectl`, see the [installation guide](/kubernetes-engine/docs/how-to/cluster-access-for-kubectl). If you are using Cloud Shell as your shell environment for interacting with Google Cloud, these tools are installed for you.\n- Ensure that you have [initialized](/sdk/docs/install-sdk#initializing_the) the gcloud CLI for use with the project where the clusters are registered.\n- If you are not the project owner, you need the [GKE Hub Admin](/iam/docs/understanding-roles#gke-hub-roles) role in the project where the clusters are registered to complete the configuration steps.\n\nSet up your fleet\n-----------------\n\nAfter you have all necessary information and components installed, you can start to [set up clusters at fleet level](/kubernetes-engine/enterprise/identity/setup/fleet-cluster)."]]