Connecting to your cluster with Google Cloud console

With Connect, you can use the Google Cloud console to manage your user clusters. Each user cluster that you create automatically runs the Connect Agent and is registered with Connect. For more information, see Connect overview.

Before you begin

Before you start using GKE on AWS, make sure you have performed the following tasks:

Logging into your cluster with Connect

You can use the Google Cloud console to view, monitor, debug, and manage workloads on your user clusters.

To log into your user clusters:

  1. From your anthos-aws directory, use anthos-gke to switch context to your user cluster.

    cd anthos-aws
    env HTTPS_PROXY=http://localhost:8118 \
      anthos-gke aws clusters get-credentials CLUSTER_NAME
    Replace CLUSTER_NAME with your user cluster name.

  2. From a command line, use kubectl to set up a Kubernetes service account and a token in the kube-system namespace.

    This topic assumes the name of the service account is admin-user.

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl create serviceaccount -n kube-system admin-user
    
  3. Create a service account token Secret with kubectl.

    env HTTPS_PROXY=http://localhost:8118 \
    kubectl apply -n kube-system -f - << EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: admin-user-token
      annotations:
        kubernetes.io/service-account.name: admin-user
    type: kubernetes.io/service-account-token
    EOF
    
  4. Create a ClusterRoleBinding between the cluster-admin role and the Kubernetes service account.

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl create clusterrolebinding admin-user-binding \
      --clusterrole cluster-admin --serviceaccount kube-system:admin-user
    
  5. Get the service account's Secret with kubectl.

    env HTTPS_PROXY=http://localhost:8118 \
    kubectl get secret -n kube-system admin-user-token -o jsonpath='{$.data.token}' \
      | base64 -d | sed $'s/$/\\\n/g'
    
  6. Copy the secret to your clipboard.

  7. In the Google Cloud console, go to the Google Kubernetes Engine clusters overview page.

    Go to GKE clusters

  8. Select the cluster. The Kubernetes cluster details screen appears.

  9. Click the Login button.

  10. Select Token and paste the Kubernetes token you copied earlier. Click Login.

Register your cluster

To prevent multiple clusters from registering to Connect with the same name, you register the cluster through Google Cloud CLI. When you register a cluster, you must run the Google Cloud CLI from the same network as your cluster. To register your cluster, run the following command:

 gcloud container fleet memberships register MEMBERSHIP_NAME \
   --context=KUBECONFIG_CONTEXT \
   --kubeconfig=KUBECONFIG_PATH \
   --service-account-key-file=SERVICE_ACCOUNT_KEY_PATH

Replace the following:

  • MEMBERSHIP_NAME: the membership name that you choose and that is used to uniquely represent the cluster being registered to the fleet.
  • SERVICE_ACCOUNT_KEY_PATH: the local filepath to the service account's private key JSON file downloaded as part of Prerequisites. This service account key is stored as a secret named creds-gcp in the gke-connect namespace.
  • KUBECONFIG_CONTEXT: the cluster context of the cluster being registered as it appears in the kubeconfig file. You can get this value from the command line by running kubectl config current-context.
  • KUBECONFIG_PATH: the local filepath where your kubeconfig containing an entry for the cluster being registered is stored. This defaults to $KUBECONFIG if that environment variable is set; otherwise, this defaults to $HOME/.kube/config.

What's next

Read the full documentation on Logging into clusters with Connect.

Learn about multi-cluster management with Connect.