GKE attached clusters overview

GKE attached clusters lets you register, or attach, Kubernetes clusters that you've created yourself to the Google Kubernetes Engine (GKE) Enterprise edition (Anthos) management environment. GKE attached clusters supports attaching any conformant Kubernetes cluster, with first-class support for Amazon EKS clusters and Azure AKS clusters.

Attaching a cluster gives you GKE Enterprise management and control over it, along with access to a suite of additional GKE Enterprise configuration and control tools such as connect gateway, fleets, Config Sync, and Anthos Service Mesh.

By leveraging GKE Enterprise management and control capabilities, you can:

  • Automate policy and security across all clusters within your fleet through Policy Controller.
  • Deploy cluster configurations across your fleet through Config Sync.
  • Monitor and manage a reliable fleet-wide service mesh through Anthos Service Mesh.
  • Authenticate and access all your clusters through a single interface, regardless of where they are, through Connect Gateway.

You can control and monitor an attached cluster through the Google Cloud CLI or the Google Cloud console.

GKE attached clusters architecture

Anthos Attached Clusters architecture

Figure 1: GKE attached clusters architecture

GKE attached clusters represents your external Kubernetes cluster in the Google Cloud resource hierarchy as an AttachedCluster resource within the Anthos Multi-Cloud API.

This resource lets you centrally operate the GKE Enterprise configuration and control tools stack, including the Config Sync, Policy Controller, and Anthos Service Mesh products.

When you install GKE attached clusters, a new attached cluster resource is created within your Google project as a regional resource. All metadata associated with the cluster is stored in the Google Cloud region associated with your attached cluster resource. This permits compliance with data residency requirements.

GKE attached clusters deploys a workload called the Connect Agent in your cluster. This agent connects back to the Connect API service on Google Cloud to create a secure link to Google Cloud. GKE attached clusters uses this secure tunnel to manage additional GKE Enterprise features for your clusters.