Version 1.6. This version is supported as outlined in the Anthos version support policy, offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem). Refer to the release notes for more details. This is not the most recent version.

Create an admin workstation (quickstart)

This document shows how to create an admin workstation, for Anthos clusters on VMware (GKE on-prem), that you can use to create clusters.

The instructions here are part of a quickstart. For full instructions on how to create an admin workstation, see Creating an admin workstation.

Before you begin

Create a Google Cloud project (quickstart).

Create a service account (quickstart).

Know your vCenter server address and your CA cert path.

Generate templates for your configuration files

Download gkeadm to your current directory.

Generate templates:

./gkeadm create config

The preceding command created these files in your current directory:

  • credential.yaml
  • admin-ws-config.yaml

Fill in credential.yaml

In credential.yaml, fill in your vCenter username and password. For example:

kind: CredentialFile
items:
- name: vCenter
  username: "my-account-name"
  password: "AadmpqGPqq!a"

Fill in admin-ws-config.yaml

The following fields are filled in for you:

vCenter:
  credentials:
    fileRef:
    path: credential.yaml
    entry: vCenter

adminWorkstation:
  name: gke-admin-ws-...
  cpus: 4
  memoryMB: 8192

  diskGB: 50
  dataDiskName: gke-on-prem-admin-workstation-data-disk,,,.vmdk
  dataDiskMB: 512
  network:
    ntpServer: ntp.ubuntu.com

Fill in the following required fields. For information on how to fill in the fields, see Admin workstation configuration file.

gcp:
   whitelistedServiceAccountKeyPath: "Fill in"
vCenter:
  credentials:
    address: "Fill in"
  datacenter: "Fill in"
  datastore: "Fill in"
  cluster: "Fill in"
  network: "Fill in"
  resourcePool: "Fill in"
  caCertPath: "Fill in"

network:
  hostConfig:
    ipAllocationMode: Fill in. Set to "static".
    ip: "Fill in"
    gateway: "Fill in"
    netmask: "Fill in"

If necessary, fill in the proxyURL field.

adminWorkstation:
  proxyURL: "Fill in"

Create your admin workstation

Create your admin workstation, and automatically create service accounts:

./gkeadm create admin-workstation --auto-create-service-accounts

The output gives detailed information about the creation of your admin workstation:

...
Getting ... service account...

Creating other service accounts and JSON key files...
    - connect-agent-sa-2007081316
    - connect-register-sa-2007081316
    - log-mon-sa-2007081316
********************************************************************
Admin workstation is ready to use.

Admin workstation information saved to /usr/local/google/home/me/my-admin-workstation
This file is required for future upgrades
SSH into the admin workstation with the following command:
ssh -i /usr/local/google/home/me/.ssh/gke-admin-workstation ubuntu@172.16.5.1
********************************************************************

Getting an SSH connection to your admin workstation

Near the end of the preceding output there is a command you can use to get an SSH connection to your admin workstation. Enter that command now. For example:

ssh -i /usr/local/google/home/me/.ssh/gke-admin-workstation ubuntu@172.16.5.1

List the files on your admin workstation:

ls -1

In the output, you can see two cluster configuration files, your CA certificate file, and the JSON key files for your service accounts:

admin-cluster.yaml
connect-agent-sa-2007081316.json
connect-register-sa-2007081316.json
log-mon-sa-2007081316.json
user-cluster.yaml
vcenter-ca-cert.pem
component-access-key.json

What's next

Seesaw load balancer (quickstart)