With Connect, you can use the Google Cloud console to manage your user clusters. Each user cluster that you create automatically runs the Connect Agent and is registered with Connect. For more information, see Connect overview.
Before you begin
Before you start using GKE on AWS, make sure you have performed the following tasks:
- Complete the Prerequisites.
- Install a management service.
- Create a user cluster.
Logging into your cluster with Connect
You can use the Google Cloud console to view, monitor, debug, and manage workloads on your user clusters.
To log into your user clusters:
From your
anthos-aws
directory, useanthos-gke
to switch context to your user cluster.cd anthos-aws env HTTPS_PROXY=http://localhost:8118 \ anthos-gke aws clusters get-credentials CLUSTER_NAME
Replace CLUSTER_NAME with your user cluster name.From a command line, use
kubectl
to set up a Kubernetes service account and a token in thekube-system
namespace.This topic assumes the name of the service account is
admin-user
.env HTTPS_PROXY=http://localhost:8118 \ kubectl create serviceaccount -n kube-system admin-user
Create a service account token Secret with
kubectl
.env HTTPS_PROXY=http://localhost:8118 \ kubectl apply -n kube-system -f - << EOF apiVersion: v1 kind: Secret metadata: name: admin-user-token annotations: kubernetes.io/service-account.name: admin-user type: kubernetes.io/service-account-token EOF
Create a ClusterRoleBinding between the
cluster-admin
role and the Kubernetes service account.env HTTPS_PROXY=http://localhost:8118 \ kubectl create clusterrolebinding admin-user-binding \ --clusterrole cluster-admin --serviceaccount kube-system:admin-user
Get the service account's Secret with
kubectl
.env HTTPS_PROXY=http://localhost:8118 \ kubectl get secret -n kube-system admin-user-token -o jsonpath='{$.data.token}' \ | base64 -d | sed $'s/$/\\\n/g'
Copy the secret to your clipboard.
In the Google Cloud console, go to the Google Kubernetes Engine clusters overview page.
Select the cluster. The Kubernetes cluster details screen appears.
Click the Login button.
Select Token and paste the Kubernetes token you copied earlier. Click Login.
Register your cluster
To prevent multiple clusters from registering to Connect with the same name, you register the cluster through Google Cloud CLI. When you register a cluster, you must run the Google Cloud CLI from the same network as your cluster. To register your cluster, run the following command:
gcloud container fleet memberships register MEMBERSHIP_NAME \ --context=KUBECONFIG_CONTEXT \ --kubeconfig=KUBECONFIG_PATH \ --service-account-key-file=SERVICE_ACCOUNT_KEY_PATH
Replace the following:
- MEMBERSHIP_NAME: the membership name that you choose and that is used to uniquely represent the cluster being registered to the fleet.
- SERVICE_ACCOUNT_KEY_PATH: the local filepath to the
service account's private key JSON file downloaded as part of Prerequisites.
This service account key is stored as a secret named
creds-gcp
in thegke-connect
namespace. - KUBECONFIG_CONTEXT: the cluster context of the cluster being registered
as it appears in the kubeconfig file. You can get this value from the command
line by running
kubectl config current-context
. - KUBECONFIG_PATH: the local filepath where your
kubeconfig containing an entry for the cluster being registered is stored.
This defaults to
$KUBECONFIG
if that environment variable is set; otherwise, this defaults to$HOME/.kube/config
.
What's next
Read the full documentation on Logging into clusters with Connect.
Learn about multi-cluster management with Connect.