This page shows you how to attach conformant Kubernetes clusters to Anthos. Attaching clusters lets you view your existing Kubernetes clusters in the Google Cloud Console along with your Anthos clusters, and enable a subset of Anthos features on them, including configuration with Anthos Config Management.
Prerequisites
You can attach any conformant Kubernetes cluster to Anthos and view it in the Cloud Console with your Anthos clusters.
The following cluster types and versions have been validated by Google, including the use of additional supported Anthos features:
- Amazon Elastic Kubernetes Service (Amazon EKS) on Kubernetes versions 1.17, 1.18, 1.19
- Microsoft Azure Kubernetes Service (Microsoft AKS) on Kubernetes versions 1.17, 1.18, 1.19
- Red Hat OpenShift Kubernetes Engine (OKE) version 4.6
- Red Hat OpenShift Container Platform (OCP) version 4.6
- Rancher Kubernetes Engine (RKE) version 1.2.4
- KIND version 0.10
Before you start
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
- Enable the Anthos API.
- Install and initialize the Cloud SDK.
- Check the Connect prerequisites to ensure that you have the relevant permissions and enabled APIs to register a cluster.
Registering attached clusters
You must register all clusters that you want to use with Anthos with your project's environ. An environ provides a unified way to view and manage multiple clusters and their workloads as part of Anthos. You can find out more about environs and the functionality that they enable in our Environs guide.
After you have registered clusters in your Anthos project, you can browse and manage all your registered clusters through the Anthos Clusters page in the Cloud Console. You are entitled to enable and use Anthos features on these clusters, and you can enable some Anthos features across your environ from the Anthos Features page. Anthos charges apply only to your registered clusters.
Creating a service account
Registering an attached cluster requires a Google Cloud service account. We recommend creating a new service account for each cluster you want to attach. To create a service account for a cluster with the appropriate roles, follow the instructions in Creating a Google Cloud service account with gcloud.
After you have created your service account, you can use the JSON file with the service account's credentials (key file) to register your cluster, as described in the next section.
Registering your cluster
Console
To register a cluster:
In the Google Cloud Console, go to the Anthos Clusters page. This page shows all your registered clusters.
Click Register existing cluster.
Click Add external cluster.
Enter the name of the cluster that you want to register in the Cluster name field.
Optional: Add Google Cloud labels to your cluster.
Click Generate registration command.
In Cloud Shell or wherever you have saved your service account credentials, edit and run the
gcloudcommand that is displayed on the page. You need to specify the following values:- The CLUSTER_CONTEXT is the cluster's context as it appears in the kubeconfig file. You can get this value from the command line by running
kubectl config current-context. - The KUBECONFIG_PATH is the local filepath where your kubeconfig file is stored. This defaults to
$KUBECONFIGif that environment variable is set; otherwise, it defaults to$HOME/.kube/config. - The LOCAL_KEY_PATH is the path to your service account key file.
Running this command deploys the Connect Agent in your user cluster. When the Connect Agent connects to Google Cloud and your cluster is registered, a success message is displayed on the page.
- The CLUSTER_CONTEXT is the cluster's context as it appears in the kubeconfig file. You can get this value from the command line by running
Click Set labels, or click Skip if you didn't set any labels.
gcloud
Run the following command:
gcloud container hub memberships register MEMBERSHIP_NAME \ --context=KUBECONFIG_CONTEXT \ --kubeconfig=KUBECONFIG_PATH \ --service-account-key-file=SERVICE_ACCOUNT_KEY_PATH
Replace the following:
- MEMBERSHIP_NAME: the membership name that you choose and that is used to uniquely represent the cluster being registered on the Hub.
- SERVICE_ACCOUNT_KEY_PATH: the local filepath to the
service account's private key JSON file downloaded as part of Prerequisites.
This service account key is stored as a secret named
creds-gcpin thegke-connectnamespace. - KUBECONFIG_CONTEXT: the cluster context of the cluster being registered
as it appears in the kubeconfig file. You can get this value from the command
line by running
kubectl config current-context. - KUBECONFIG_PATH: the local filepath where your
kubeconfig containing an entry for the cluster being registered is stored.
This defaults to
$KUBECONFIGif that environment variable is set; otherwise, this defaults to$HOME/.kube/config.
Enabling Anthos features on attached clusters
After you register your clusters, you can enable available Anthos features on them for your applications. These features are supported only on our validated cluster types. You can see the current feature versions supported on these types in Version and upgrade support.
The following guides show you how to enable supported features on your clusters:
- Anthos Config Management:
For complete documentation sets for all Anthos components, including tutorials, reference material, and more, see Anthos components.
Accessing attached clusters
After you register an attached cluster, it appears in the GKE and Anthos clusters pages in the Google Cloud Console. However, to see more details such as nodes and workloads, you need to log in and authenticate to the cluster. To log in to your attached clusters from the Cloud Console, follow the instructions in Logging in to clusters from the Cloud Console.
To access attached clusters from the command line, see Connecting to registered clusters with the Connect gateway.
What's next?
- Learn how to set up logging and monitoring for attached clusters.