Work with clusters from the Google Cloud console

Stay organized with collections Save and categorize content based on your preferences.

After they have been added to your fleet, all clusters appear in the Google Cloud console. The Google Cloud console offers a central user interface for managing all your Kubernetes clusters and their resources, no matter where they are running. All your resources are shown in a single dashboard, and it's easy to get visibility into your workloads across multiple Kubernetes clusters.

For GKE clusters on Google Cloud, you don't need to do anything else to see cluster details such as nodes and workloads, provided you have been granted the relevant permissions. You can find out more about working with Google Cloud clusters in the Google Cloud console in the GKE documentation.

However, if your fleet includes clusters outside Google Cloud, your platform administrator needs to set up authentication so that you can log in to these clusters and view their details in the Google Cloud console. You need to know which authentication method your platform administrator has set up so that you can log in to the Google Cloud console. Ask your platform administrator which of the following authentication methods have been configured:

View registered clusters

After you register a cluster to your project fleet, it appears in the Google Cloud console in the GKE Clusters list and (if you have enabled the entire Anthos platform) in the Anthos Clusters list. However, to see more details such as nodes and workloads for any cluster outside Google Cloud, you need to log in and authenticate to the cluster. Clusters that require login show an orange warning triangle and prompt you to log in. The following example shows the GKE Clusters page with two clusters outside Google Cloud that require login.

Screenshot of Google Kubernetes Engine clusters list

After you log in to an Anthos cluster, you can select the cluster and view cluster details, just like a GKE on Google Cloud cluster.

Log in using your Google Cloud identity

If your cluster is configured to use your Google Cloud identity, follow these steps to log in:

  1. In the Google Cloud console, either:

    • In the GKE Clusters page, click Actions next to the registered cluster, then click Login.

      Go to GKE Clusters

    or:

    • In the Anthos Clusters page, select the cluster you want to log in to in the list of clusters, then click Login in the information panel that displays.

      Go to Anthos Clusters

  2. Select Use your Google identity to log in.

  3. Click Login.

Log in using OpenID Connect (OIDC)

If your cluster is configured to use an OIDC identity provider, follow these steps to log in:

  1. In the Google Cloud console, either:

    • In the GKE Clusters page, click Actions next to the registered cluster, then click Login.

      Go to GKE Clusters

    or:

    • In the Anthos Clusters page, select the cluster you want to log in to in the list of clusters, then click Login in the information panel that displays.

      Go to Anthos Clusters

  2. Select Authenticate with identity provider configured for the cluster. You are redirected to your identity provider, where you might need to log in or consent to the Google Cloud console accessing your account.

  3. Click Login.

Log in using a bearer token

If your cluster is configured to use a Kubernetes service account's bearer token, follow these steps:

  1. In the Google Cloud console, either:

    • In the GKE Clusters page, click Actions next to the registered cluster, then click Login.

      Go to GKE Clusters

    or:

    • In the Anthos Clusters page, select the cluster you want to log in to in the list of clusters, then click Login in the information panel that displays.

      Go to Anthos Clusters

  2. Select Token, and then fill in the Token field with the KSA's bearer token.

  3. Click Login.

Auditing

Accesses via the Google Cloud console are audit logged on the cluster's API server.

What's next

Learn more about: