Before you begin
Before you start using GKE on AWS, make sure you have performed the following tasks:
- Complete the Prerequisites.
The bastion host
To connect to your GKE on AWS resources, perform the following directions. Select if you have an existing AWS VPC (or direct connection to your VPC) or created a dedicated VPC when creating your management service.
If you have a direct or VPN connection to an existing VPC, omit the line
env HTTP_PROXY=http://localhost:8118 from commands in this topic.
When you create a management service in a dedicated VPC, GKE on AWS includes a bastion host in a public subnet.
To connect to your management service, perform the following steps:
Change to the directory with your GKE on AWS configuration. You created this directory when Installing the management service.
To open the tunnel, run the
bastion-tunnel.shscript. The tunnel forwards to
To open a tunnel to the bastion host, run the following command:
Messages from the SSH tunnel appear in this window. When you are ready to close the connection, stop the process by using Control+C or closing the window.
Open a new terminal and change into your
Check that you're able to connect to the cluster with
env HTTP_PROXY=http://localhost:8118 \ kubectl cluster-info
The output includes the URL for the management service API server.
The commands in the following sections assume you are using this bastion host.
If you are not using the bastion host, remove the lines containing
Connecting to your clusters with kubectl
GKE on AWS uses contexts in your
authentication to your management and user clusters.
When you use
anthos-gke aws management get-credentials
for management services
anthos-gke aws clusters get-credentials cluster-0
for user clusters,
anthos-gke creates a new context entry if necessary and
sets the current context.
To switch between contexts, use
kubectl config use context.
kubectl config use-context [CLUSTER_NAME]