This document explains how to make an Anthos cluster on VMware available for management in the Google Cloud console.
When you create a cluster, you provide registration information in the
gkeConnect section of the cluster configuration file. Anthos clusters on VMware
uses that information to register your cluster to a fleet—a unified way
to view and manage multiple clusters and their workloads as part of
Anthos. You can find out more about fleets and the functionality that
they enable in the Fleets guide.
Your registered clusters must be set up with one of the following authentication methods so that you can log in to a cluster from the Google Cloud console:
Google identity: This option lets users log in using their Google Cloud identity. Use this option if users already have access to Google Cloud with a Google identity. To set up access to the console using Google identity, see Setting up the Connect gateway.
OpenID Connect (OIDC): If your cluster is configured to use an OIDC identity provider, you can use this to authenticate to the cluster from the console. You can find out how to set up OIDC for your clusters in the following guides:
- Configure clusters for Anthos Identity Service with OIDC: This guide shows you how to set up OIDC authentication on a cluster by cluster basis.
- Set up Anthos Identity Service for a fleet: This option lets you set up OIDC at the fleet level.
Bearer token: If the preceding Google-provided solutions aren't suitable for your organization, you can set up authentication using a Kubernetes service account and using its bearer token to log in. For details, see Set up using a bearer token.