Anthos clusters on Azure is available for customers with an existing support relationship with Google Cloud. Contact your account representative for access.

Register your cluster with Connect

This page explains how to register Anthos clusters on Azure with Connect. With Connect, you can use the Google Cloud Console to manage your user clusters. For more information, see the Connect overview.

Before you begin

To perform the steps on this page, first complete the following:

Get a kubeconfig for your cluster

Kubernetes uses a YAML file named kubeconfig to store cluster authentication information for the kubectl command-line tool. A kubeconfig file contains a list of contexts that contains a Kubernetes cluster name, API endpoint, a user, and a namespace.

To register with Connect, you need information about your kubeconfig file and cluster context.

If you can connect directly to your cluster control plane, you can generate a kubeconfig file and use the kubectl command-line tool to connect directly to your cluster control plane.

To get credentials for your cluster, select if you are using a Kubernetes 1.19 or 1.20 cluster and run the following command:

1.19

To generate a kubeconfig file, run the following command:

gcloud alpha container azure clusters get-kubeconfig CLUSTER_NAME \
    --output-file=KUBECONFIG_PATH \
    --location GOOGLE_CLOUD_LOCATION

Replace the following:

  • CLUSTER_NAME: the name of your user cluster
  • KUBECONFIG_PATH: the path to the new kubeconfig file
  • GOOGLE_CLOUD_LOCATION: the Google Cloud location where your Anthos clusters on Azure are managed

After you generate the kubeconfig file, authenticate to the cluster by running the following command:

kubectl --kubeconfig=KUBECONFIG_PATH COMMAND

Replace the following:

  • KUBECONFIG_PATH: the path to the new kubeconfig file
  • COMMAND: the kubectl command that you want to run

For example, to use the kubeconfig file stored at ~/my-kubeconfig and apply the file manifest.yaml, run the following command:

kubectl --kubeconfig=~/my-kubeconfig apply -f manifest.yaml

1.20

To get credentials for your cluster and add them to your default kubeconfig file, run the following command:

gcloud alpha container azure clusters get-credentials CLUSTER_NAME \
    --location GOOGLE_CLOUD_LOCATION

Replace the following:

  • CLUSTER_NAME: the name of your user cluster
  • GOOGLE_CLOUD_LOCATION: the Google Cloud location where your Anthos clusters on Azure are managed

Register a cluster

If you want to use the Google Cloud Console to manage your user clusters, you can register the cluster with Connect by performing the following steps:

  1. Get the OIDC issuer URI for your cluster by running the following command; this URI acts as your issuer URL when you perform the registration:

    gcloud alpha container azure clusters describe CLUSTER_NAME \
        --location=GOOGLE_CLOUD_LOCATION \
        --format='value(workloadIdentityConfig.issuerUri)'
    

    Replace the following:

    • CLUSTER_NAME: the name of your user cluster
    • GOOGLE_CLOUD_LOCATION: the Google Cloud location that manages your clusters

    The output includes an issuer URI—for example:

     https://us-east4-gkemulticloud.googleapis.com/v1/projects/123412341234/locations/us-east4/azureClusters/my-cluster
    
  2. Get the authentication context for your user cluster by using the kubectl command-line tool:

    kubectl config get-contexts --kubeconfig=KUBECONFIG_PATH
    

    Replace KUBECONFIG_PATH with the path to your kubeconfig file.

    The output includes a list of all available contexts in your kubeconfig file. For the next step, copy your user cluster's context name. The generic format is as follows:

     gke_azure_PROJECT_ID_GOOGLE_CLOUD_REGION_CLUSTER_NAME
    

  3. If you are not using a bastion host, skip to the following step. If you are using a bastion host to connect to your cluster, configure the gcloud command-line tool to use the proxy using the following commands:

    export HTTPS_PROXY=localhost:8118
    gcloud config set proxy/type http
    gcloud config set proxy/address 127.0.0.1
    gcloud config set proxy/port 8118
    
  4. Register your cluster by using the gcloud command-line tool:

    gcloud container hub memberships register CLUSTER_NAME \
        --context=CONTEXT_NAME \
        --kubeconfig=KUBECONFIG_PATH \
        --enable-workload-identity \
        --public-issuer-url=ISSUER_URI
    

    Replace the following:

    • CLUSTER_NAME: the name of your cluster
    • CONTEXT_NAME: the name of your context from the last step
    • KUBECONFIG_PATH: the path to your kubeconfig file; if you don't include this flag, the default is $HOME/.kube/config
    • ISSUER_URI: the OIDC issuer URI from the previous section

    When you register the cluster, the gcloud tool connects to the cluster and deploys a Pod that connects back to Google.

  5. If you are not using a bastion host, skip to the following step. If you are using a bastion host to connect to your cluster, remove the proxy configuration from using the following commands:

    unset HTTPS_PROXY
    gcloud config unset proxy/type
    gcloud config unset proxy/address
    gcloud config unset proxy/port
    
  6. Verify that your cluster has been registered with Connect by running the following command:

     gcloud alpha container hub memberships list
    

    You can also view your cluster on the Cloud Console by going to the Kubernetes clusters page.

  7. Connect and authenticate to your cluster:

    You can connect and authenticate your cluster with the gcloud command-line tool or the Google Cloud Console.

    gcloud

    You use the following gcloud command-line tool command to generate a kubeconfig file:

    gcloud container hub memberships get-credentials MEMBERSHIP_NAME
    

    Replace MEMBERSHIP_NAME with the name of your cluster from the output of gcloud container hub memberships list.

    For more information, see Using the Connect gateway.

    Google Cloud Console

    To connect to your cluster from the Cloud Console, see Logging in using your Google Cloud identity.

What's next