Version 1.6. This version is no longer supported as outlined in the Anthos version support policy. For the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem), upgrade to a supported version. You can find the most recent version here.

Anthos clusters on VMware cheatsheet

Stay organized with collections Save and categorize content based on your preferences.

This topic provides an overview of commands called while using Anthos clusters on VMware (GKE on-prem). It is provided for convenience, and to supplement the Anthos clusters on VMware documentation.

Flags inside square brackets are optional. Placeholder variables are mutable.

kubectl commands

See also kubectl cheatsheet.

Set default kubeconfig file

export KUBECONFIG=[KUBECONFIG_PATH]

List clusters from default kubeconfig

kubectl get clusters

Pass in --kubeconfig [KUBECONFIG_PATH] to view clusters in a non-default kubeconfig.

List nodes in cluster from default kubeconfig

kubectl get nodes

Pass in --kubeconfig [KUBECONFIG_PATH] to view clusters in a non-default kubeconfig.

List all containers in all namespaces

kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c

gkectl commands

Generate a Anthos clusters on VMware configuration file

gkectl create-config [--config [PATH]]

Validate a configuration file

gkectl check-config --config [PATH]

Push Anthos clusters on VMware images to your Docker registry, and initialize node OS image

gkectl prepare --config [CONFIG_FILE] [--validate-attestations]

Create clusters

gkectl create cluster --config [CONFIG_FILE]

Google Cloud service accounts

Create a service account

gcloud iam service-accounts create [SERVICE_ACCOUNT_NAME] --project [PROJECT_ID]

Grant an IAM role to a service account

gcloud projects add-iam-policy-binding \
    [PROJECT_ID] \
    --member="serviceAccount:[SERVICE_ACCOUNT_NAME]@[PROJECT_ID].iam.gserviceaccount.com" \
    --role="[ROLE_NAME]"

Create a private key for a service account

gcloud iam service-accounts keys create [KEY_FILE_NAME] \
--iam-account [SERVICE_ACCOUNT_NAME]@[PROJECT-ID].iam.gserviceaccount.com \
--project [PROJECT_ID]

Activate a service account and execute gcloud, gsutil commands as that account

gcloud auth activate-service-account --key-file=[SERVICE_ACCOUNT_KEY_FILE]

Admin workstation

SSH in to admin workstation

From the directory containing your Terraform configuration files:

ssh -i ~/.ssh/vsphere_workstation ubuntu@$(terraform output ip_address)

or, if you want to just use its address:

ssh -i ~/.ssh/vsphere_workstation ubuntu@[IP_ADDRESS]

Copy files to an admin workstation

scp -i ~./ssh/vsphere_workstation [SOURCE_PATH] ubuntu@$(terraform output ip_address)

Clusters

Get IP addresses of an admin cluster's nodes

kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] get nodes --output wide

Get IP addresses of a user cluster's nodes

kubectl --kubeconfig [USER_CLUSTER_KUBECONFIG] get nodes --output wide

SSH in to cluster nodes

See Using SSH to connect to a cluster node.

What's next