Version 1.0. This version is no longer supported as outlined in the Anthos version support policy. For the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem), upgrade to a supported version. You can find the most recent version here.

GKE On-Prem downloads

This topic provides commands to download the following GKE On-Prem entities:

  • gkectl command-line tool
  • upgrade bundle
  • admin workstation Open Virtual Appliance (OVA).

See also:

Before you begin

  1. SSH in to your admin workstation:

    ssh -i ~/.ssh/vsphere_workstation ubuntu@[IP_ADDRESS]
    
  2. Authorize gcloud to access Google Cloud:

    gcloud auth login
  3. Activate your access service account:

    gcloud auth activate-service-account --project [PROJECT_ID] \
    --key-file [ACCESS_KEY_FILE]
    

    where:

    • [PROJECT_ID] is your project ID.
    • [ACCESS_KEY_FILE] is the path to the JSON key file for your access service account, such as /home/ubuntu/access.json.

1.0.2-gke.3

gkeadm

From your personal laptop or workstation, run one of the following commands to download the gkeadm command-line tool and make it executable:

  • Linux:
    gsutil cp gs://gke-on-prem-release/gkeadm/1.0.2-gke.3/linux/gkeadm ./
    chmod +x gkeadm
  • Windows:
    gsutil cp gs://gke-on-prem-release/gkeadm/1.0.2-gke.3/windows/gkeadm.exe ./ 
  • macOS Catalina:
    gsutil cp gs://gke-on-prem-release/gkeadm/1.0.2-gke.3/darwin/gkeadm ./ chmod +x gkeadm

OVA

From your personal laptop or workstation, run the following commands:

gsutil cp gs://gke-on-prem-release/admin-appliance/1.0.2-gke.3/gke-on-prem-admin-appliance-vsphere-1.0.2-gke.3.ova ~/

gsutil cp gs://gke-on-prem-release/admin-appliance/1.0.2-gke.3/gke-on-prem-admin-appliance-vsphere-1.0.2-gke.3.ova.1.sig ~/

gkectl

From your admin workstation, run the following command:

sudo -E gsutil cp gs://gke-on-prem-release/gkectl/1.0.2-gke.3/gkectl /usr/bin/gkectl
sudo chmod +x /usr/bin/gkectl
gkectl version

On your admin workstation, gkectl is stored at /usr/bin/gkectl by default. If you've chosen a different location on your PATH, make sure to specify it in this command.

Bundle

From your admin workstation, run the following command:

sudo -E gsutil cp gs://gke-on-prem-release/gke-onprem-bundle/1.0.2-gke.3/gke-onprem-vsphere-1.0.2-gke.3.tgz /var/lib/gke/bundles/gke-onprem-vsphere-1.0.2-gke.3.tgz

1.0.1-gke.5

gkectl

sudo gsutil cp gs://gke-on-prem-release/gkectl/1.0.1-gke.5/gkectl /usr/bin/gkectl

On your admin workstation, gkectl is stored at /usr/bin/gkectl by default. If you've chosen a different location on your PATH, be sure to specify it in this command.

Verify the downloaded file against the public key using openssl:
sudo gsutil cp gs://gke-on-prem-release/gkectl/1.0.1-gke.5/gkectl.sig /tmp/gkectl.sig
openssl dgst -verify - -signature /tmp/gkectl.sig /usr/bin/gkectl <<'EOF'
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdkpEsqq/Bwoie2c01EzpClLytkPf
TpF9DRVypI80eR8VevdLFFJ/MZmvJhP0nOvB6/VMBp+phSMdhXtKmsfIaA==
-----END PUBLIC KEY-----
EOF

The expected output of this command is Verified OK.

Make gkectl executable, and verify the version:

sudo chmod +x /usr/bin/gkectl
gkectl version

Bundle

sudo gsutil cp gs://gke-on-prem-release/gke-onprem-bundle/1.0.1-gke.5/gke-onprem-vsphere-1.0.1-gke.5.tgz /var/lib/gke/bundles/gke-onprem-vsphere-1.0.1-gke.5.tgz

OVA

gsutil cp gs://gke-on-prem-release/admin-appliance/1.0.1-gke.5/gke-on-prem-admin-appliance-vsphere-1.0.1-gke.5.{ova,ova.sig} ~/

Verify the downloaded file against the public key using openssl:

openssl dgst -verify - -signature ~/gke-on-prem-admin-appliance-vsphere-1.0.1-gke.5.ova.sig ~/gke-on-prem-admin-appliance-vsphere-1.0.1-gke.5.ova <<'EOF'
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdkpEsqq/Bwoie2c01EzpClLytkPf
TpF9DRVypI80eR8VevdLFFJ/MZmvJhP0nOvB6/VMBp+phSMdhXtKmsfIaA==
-----END PUBLIC KEY-----
EOF

Expected output of this command is Verified OK.

Import the OVA to vSphere:

export GOVC_URL=https://[VCENTER_SERVER_ADDRESS]/sdk
export GOVC_USERNAME=[VCENTER_SERVER_USERNAME]
export GOVC_PASSWORD=[VCENTER_SERVER_PASSWORD]
export GOVC_DATASTORE=[VCENTER_DATASTORE]
export GOVC_DATACENTER=[VCENTER_DATACENTER]
export GOVC_RESOURCE_POOL=[VCENTER_CLUSTER_NAME]/Resources/[VCENTER_RESOURCE_POOL]
export GOVC_INSECURE=true
export HTTPS_PROXY=[HTTPS_PROXY] # optional; necessary if you use a proxy
govc import.ova -options - ~/gke-on-prem-admin-appliance-vsphere-1.0.1-gke.5.ova <<EOF
{
  "DiskProvisioning": "thin",
  "MarkAsTemplate": true
}
EOF

1.0.11

gkectl

sudo gsutil cp gs://gke-on-prem-release/gkectl/1.0.1-gke.5/gkectl /usr/bin/gkectl

On your admin workstation, gkectl is stored at /usr/bin/gkectl by default. If you've chosen a different location on your PATH, be sure to specify it in this command.

Verify the downloaded file against the public key using openssl:

sudo gsutil cp gs://gke-on-prem-release/gkectl/1.0.1-gke.5/gkectl.sig /tmp/gkectl.sig
openssl dgst -verify - -signature /tmp/gkectl.sig /usr/bin/gkectl <<'EOF'
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdkpEsqq/Bwoie2c01EzpClLytkPf
TpF9DRVypI80eR8VevdLFFJ/MZmvJhP0nOvB6/VMBp+phSMdhXtKmsfIaA==
-----END PUBLIC KEY-----
EOF

The expected output of this command is Verified OK.

Make gkectl executable, and verify the version:

sudo chmod +x /usr/bin/gkectl
gkectl version

Bundle

sudo gsutil cp gs://gke-on-prem-release/gke-onprem-bundle/1.0.11/gke-onprem-vsphere-1.0.11.tgz /var/lib/gke/bundles/gke-onprem-vsphere-1.0.11.tgz

OVA

gsutil cp gs://gke-on-prem-release/admin-appliance/1.0.11/gke-on-prem-admin-appliance-vsphere-1.0.11.{ova,ova.sig} ~/

Verify the downloaded file against the public key using openssl:

openssl dgst -verify - -signature ~/gke-on-prem-admin-appliance-vsphere-1.0.11.ova.sig ~/gke-on-prem-admin-appliance-vsphere-1.0.11.ova <<'EOF'
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdkpEsqq/Bwoie2c01EzpClLytkPf
TpF9DRVypI80eR8VevdLFFJ/MZmvJhP0nOvB6/VMBp+phSMdhXtKmsfIaA==
-----END PUBLIC KEY-----
EOF

Expected output of this command is Verified OK.

Import the OVA to vSphere:

export GOVC_URL=https://[VCENTER_SERVER_ADDRESS]/sdk
export GOVC_USERNAME=[VCENTER_SERVER_USERNAME]
export GOVC_PASSWORD=[VCENTER_SERVER_PASSWORD]
export GOVC_DATASTORE=[VCENTER_DATASTORE]
export GOVC_DATACENTER=[VCENTER_DATACENTER]
export GOVC_RESOURCE_POOL=[VCENTER_CLUSTER_NAME]/Resources/[VCENTER_RESOURCE_POOL]
export GOVC_INSECURE=true
export HTTPS_PROXY=[HTTPS_PROXY] # optional; necessary if you use a proxy
govc import.ova -options - ~/gke-on-prem-admin-appliance-vsphere-1.0.11.ova <<EOF
{
  "DiskProvisioning": "thin",
  "MarkAsTemplate": true
}
EOF

What's next