Setting up Anthos on Google Cloud

This page shows you how to set up Anthos on Google Cloud.

Before you start

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

Go to project selector
Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
Enable the Anthos API.
Enable the API

Install and initialize the Cloud SDK.

You might need to enable additional APIs for your Google Cloud project to enable some Anthos features. For details, see the relevant installation guide.

Cluster requirements

Anthos on Google Cloud supports both release channels and static versions. However, we recommend the use of release channels whenever possible, as they provide additional benefits such as automated updates to GKE clusters.

If you want to use Anthos Service Mesh, be aware that this feature has specific cluster requirements for installation. For details, see the Anthos Service Mesh cluster requirements.

Registering clusters to the environ

You must register all clusters that you want to use with Anthos with your project's environ. An environ provides a unified way to view and manage multiple clusters and their workloads as part of Anthos. You can find out more about environs and the functionality that they enable in our Environs guide.

After you have registered clusters in your Anthos project, you can browse and manage all your registered clusters through the Anthos Clusters page in the Cloud Console. You are entitled to enable and use Anthos features on these clusters, and you can enable some Anthos features across your environ from the Anthos Features page. Anthos charges apply only to your registered clusters.

Check the Connect prerequisites before registering your cluster to ensure that you have the relevant permissions and enabled APIs to register a cluster.

Console

To register a cluster:

In the Google Cloud Console, go to the Anthos Clusters page. This page shows all your registered clusters.

Go to the Anthos Clusters page
Click Register existing cluster.
Click Register next to the unregistered cluster that you want to add to your environ.
Specify the service account that you want to use when registering the cluster. We recommend keeping the default behavior and creating a new service account.
- If you select Create a new service account:
  - Specify a Service account ID to identify your new service account.
  - Choose if you want to download its service account key as a JSON file. We recommend keeping the default behavior and downloading the key because you won't be able to download it later.
- If you select Use existing service account, paste in the account's service account key in JSON format.
Optional: Specify a new membership name for your cluster. By default, a cluster's membership name is its current name. However, if your cluster's name is not unique within your project, you must specify a new unique membership name because all clusters require a unique identifier within their environ.
To register your cluster, click Submit.

gcloud

Run either of the following commands:

gcloud container hub memberships register MEMBERSHIP_NAME \
   --gke-uri=GKE_URI \
   --service-account-key-file=SERVICE_ACCOUNT_KEY_PATH

gcloud container hub memberships register MEMBERSHIP_NAME \
   --gke-cluster=GKE_CLUSTER \
   --service-account-key-file=SERVICE_ACCOUNT_KEY_PATH

Replace the following:

MEMBERSHIP_NAME: the membership name that you choose to uniquely represent the cluster being registered on the Hub.
SERVICE_ACCOUNT_KEY_PATH: the local filepath to the service account's private key JSON file downloaded as part of Prerequisites. This service account key is stored as a secret named creds-gcp in the gke-connect namespace.
GKE_URI: the URI of the GKE cluster, for example: https://container.googleapis.com/v1/projects/my-gke-project/locations/us-central1-a/clusters/my-gke-cluster. You can obtain the URI by running gcloud container clusters list --uri.
GKE_CLUSTER: the location/name of the GKE cluster from the current project. The location can be a zone or a region, for example: us-central1-a/my-gke-cluster.

Using the gcloud command-line tool provides you with some more advanced cluster registration options that are not available in the Cloud Console, including downloading and applying the Connect Agent manifest yourself. To find out more about these options, see advanced registration options in the Connect documentation.

Enabling Anthos features

After you set up your project and your GKE clusters, use the following guides to enable additional Anthos features for your applications. For complete documentation sets for all Anthos components, including tutorials, reference material, and more, see Anthos components.

You can enable some features (Anthos Config Management, Multi-cluster Ingress) for clusters in your environ by using the Anthos Features page, although they may require further configuration: for example, specifying and authenticating to your chosen config source repo with Config Sync for Anthos Config Management. Other features must be set up on clusters following their installation guides.

Anthos Service Mesh:
Anthos Config Management:
Multi-cluster Ingress:
- Set up Multi-cluster Ingress
Set up Cloud Run for Anthos
Binary Authorization:
- Set up Binary Authorization
- Set up Binary Authorization using Anthos Config Management

What's next?

If you also need to set up Anthos clusters on-premises as part of a hybrid deployment, see the on-premises setup guide.
If you also need to set up Anthos clusters on another public cloud (such as AWS) as part of a multi-cloud deployment, see the public clouds setup guide
If you want to add conformant Kubernetes clusters to your Anthos deployment, see Setting up attached clusters.