Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Mengelola identitas dengan Layanan Identitas GKE
GKE di Azure mendukung
OpenID Connect (OIDC)
sebagai
mekanisme autentikasi untuk berinteraksi dengan server
Kubernetes API cluster, menggunakan Layanan Identitas GKE. GKE Identity Service adalah layanan autentikasi yang memungkinkan Anda membawa solusi identitas yang sudah ada untuk autentikasi ke berbagai lingkungan. Pengguna dapat login dan menggunakan cluster GKE Anda dari command line atau dari konsolGoogle Cloud , semuanya menggunakan penyedia identitas Anda yang sudah ada.
Jika Anda sudah menggunakan atau ingin menggunakan identitas Google untuk login ke cluster GKE, sebaiknya gunakan perintah gcloud containers azure clusters get-credentials untuk autentikasi. Cari tahu selengkapnya di Menghubungkan dan mengautentikasi ke cluster Anda.
Untuk melakukan autentikasi melalui konsol Google Cloud , Anda harus
mendaftarkan setiap cluster
yang ingin dikonfigurasi dengan fleet project Anda. Untuk GKE di Azure, hal ini bersifat otomatis setelah Anda membuat node pool.
Untuk mengizinkan pengguna melakukan autentikasi melalui konsol Google Cloud , pastikan semua
cluster yang ingin Anda konfigurasi
terdaftar di fleet project Anda.
Untuk GKE di Azure, hal ini otomatis setelah Anda membuat node pool.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-07-31 UTC."],[],[],null,["# Manage identity with GKE Identity Service\n=========================================\n\nGKE on Azure supports\n[OpenID Connect (OIDC)](https://openid.net/connect/)\nas an\nauthentication mechanism for interacting with a cluster's Kubernetes API\nserver, using GKE Identity Service. GKE Identity Service is an\nauthentication service that lets you bring your existing identity solutions for\nauthentication to multiple environments. Users can log in to and\nuse your GKE clusters from the command line or from the\nGoogle Cloud console, all using your existing identity provider.\n\nFor an overview of how GKE Identity Service works, see\n[Introducing GKE Identity Service](/anthos/identity).\n\nIf you already use or want to use Google identities to log in to your\nGKE clusters, we recommend using the\n`gcloud containers azure clusters get-credentials` command for authentication. Find out\nmore in\n[Connect and authenticate to your cluster](/kubernetes-engine/multi-cloud/docs/azure/how-to/connect-and-authenticate-to-your-cluster#google-identity).\n\nOpenID Connect authentication\n-----------------------------\n\n### Before you begin\n\n1. To use OIDC authentication, users must be able to connect to the cluster's control\n plane. See\n [Connect to your cluster's control plane](/kubernetes-engine/multi-cloud/docs/azure/how-to/connect-and-authenticate-to-your-cluster#connect-to-vpn).\n\n2. To authenticate through the Google Cloud console, you must\n [register each cluster](/anthos/multicluster-management/connect/registering-a-cluster)\n that you want to configure with your project fleet. For GKE on Azure,\n this is automatic once you have created a node pool.\n\n3. To allow users to authenticate through the Google Cloud console, ensure that all\n clusters you want to configure are\n [registered with your project fleet](/anthos/multicluster-management/connect/registering-a-cluster).\n For GKE on Azure, this is automatic once you have created a node pool.\n\n### Setup process and options\n\n1. Register GKE Identity Service as a client with your OIDC provider\n following the instructions in\n [Configuring providers for GKE Identity Service](/anthos/identity/setup/provider).\n\n2. Choose from the following cluster configuration options:\n\n - Configure your clusters at the fleet-level following the instructions in\n [Configuring clusters for fleet-level GKE Identity Service](/anthos/identity/setup/fleet-cluster).\n With this option, your authentication configuration is centrally managed by\n Google Cloud.\n\n - Configure your clusters individually following the instructions in\n [Configuring clusters for GKE Identity Service with OIDC](/anthos/identity/setup/per-cluster).\n\n3. Set up user access to your clusters, including role-based access control\n (RBAC), following the instructions in\n [Setting up user access for GKE Identity Service](/anthos/identity/setup/user-access).\n\n### Accessing clusters\n\nAfter GKE Identity Service has been set up on a cluster, users can log in\nto clusters using either the command line or the Google Cloud console.\n\n- Learn how to log in to registered clusters with your OIDC ID in [Accessing clusters using GKE Identity Service](/anthos/identity/accessing).\n- Learn how to log in to clusters from the Google Cloud console in [Logging in to a cluster from the Google Cloud console](/anthos/multicluster-management/console/logging-in)."]]