A new version of Anthos clusters on AWS (GKE on AWS) was released on September 1. See the release notes for more information.

Connecting to your cluster with Cloud Console

With Connect, you can use the Google Cloud Console to manage your user clusters. Each user cluster that you create automatically runs the Connect Agent and is registered with Connect. For more information, see Connect overview.

Before you begin

Before you start using Anthos clusters on AWS, make sure you have performed the following tasks:

Logging into your cluster with Connect

You can use the Google Cloud Console to view, monitor, debug, and manage workloads on your user clusters.

To log into your user clusters:

  1. From your anthos-aws directory, use anthos-gke to switch context to your user cluster.

    cd anthos-aws
    env HTTPS_PROXY=http://localhost:8118 \
      anthos-gke aws clusters get-credentials CLUSTER_NAME
    Replace CLUSTER_NAME with your user cluster name.

  2. From a command line, use kubectl to set up a Kubernetes service account and a token in the kube-system namespace.

    This topic assumes the name of the service account is admin-user.

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl create serviceaccount -n kube-system admin-user
  3. Create a ClusterRoleBinding between the cluster-admin role and the Kubernetes service account.

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl create clusterrolebinding admin-user-binding \
      --clusterrole cluster-admin --serviceaccount kube-system:admin-user
  4. Get the service account's Secret with kubectl.

    SECRET_NAME=$(env HTTPS_PROXY=http://localhost:8118 \
    kubectl get serviceaccount -n kube-system admin-user \
      -o jsonpath='{$.secrets[0].name}')
    env HTTPS_PROXY=http://localhost:8118 \
    kubectl get secret -n kube-system ${SECRET_NAME} -o jsonpath='{$.data.token}' \
      | base64 -d | sed $'s/$/\\\n/g'
  5. Copy the secret to your clipboard.

  6. In your browser, visit the Connect Clusters page.

    Visit the Connect menu

  7. Select the cluster under Anthos managed clusters. The Kubernetes cluster details screen appears.

  8. Click the Login button.

  9. Select Token and paste the Kubernetes token you copied earlier. Click Login.

Register your cluster

To prevent multiple clusters from being registered with Connect, you register the cluster with Cloud SDK. To register your cluster, run the following command:

 gcloud container hub memberships register MEMBERSHIP_NAME \
   --kubeconfig=KUBECONFIG_PATH \

Replace the following:

  • MEMBERSHIP_NAME: the membership name that you choose and that is used to uniquely represent the cluster being registered to the fleet.
  • SERVICE_ACCOUNT_KEY_PATH: the local filepath to the service account's private key JSON file downloaded as part of Prerequisites. This service account key is stored as a secret named creds-gcp in the gke-connect namespace.
  • KUBECONFIG_CONTEXT: the cluster context of the cluster being registered as it appears in the kubeconfig file. You can get this value from the command line by running kubectl config current-context.
  • KUBECONFIG_PATH: the local filepath where your kubeconfig containing an entry for the cluster being registered is stored. This defaults to $KUBECONFIG if that environment variable is set; otherwise, this defaults to $HOME/.kube/config.

What's next

Read the full documentation on Logging into clusters with Connect.

Learn about multi-cluster management with Connect.