Prepare for fleet-level setup
A fleet in Google Cloud is a logical group of Kubernetes clusters and other resources that can be managed together, created by registering clusters to Google Cloud. Fleet-level setup for GKE Identity Service builds on the power of fleets to let administrators set up authentication with their preferred identity providers for one or more GKE clusters at once, with their authentication configuration maintained by GKE Enterprise and stored in Google Cloud. This document is for cluster administrators or application operators who want to set up GKE Identity Service for a fleet.
Supported cluster types
The following cluster types and environments are supported for fleet-level setup:
- Google Distributed Cloud (software-only) on VMware, version 1.8.2 or higher
- Google Distributed Cloud (software-only) on bare metal, version 1.8.3 or higher
- GKE on Azure
- GKE on AWS running Kubernetes 1.21 or higher,
- GKE clusters on Google Cloud with Identity Service for GKE enabled. Follow the instructions in Identity Service for GKE to enable the feature before configuring authentication for the cluster.
The following cluster type and environment is supported for fleet-level setup that is in Pre-GA:
- Amazon Elastic Kubernetes Service (Amazon EKS) attached clusters
For more information about attached clusters, see GKE attached clusters.
Other GKE Identity Service supported cluster types and environments still require individual cluster setup. You may also want to use per-cluster setup if you are using an earlier version of GKE clusters, or if you require GKE Identity Service features that aren't yet supported with fleet-level lifecycle management.
Supported identity provider protocols
If you configure fleet-level GKE Identity Service, you can use identity providers that support the OIDC, SAML or LDAP protocols.
Before you begin
- Ensure that your platform administrator has given you all the necessary details, including the client ID and secret for GKE Identity Service.
- Ensure that you have the following command line tools installed:
- The latest version of the Google Cloud CLI, which includes
gcloud
, the command line tool for interacting with Google Cloud. If you need to install the Google Cloud CLI, see the installation guide. kubectl
for running commands against Kubernetes clusters. If you need to installkubectl
, see the installation guide. If you are using Cloud Shell as your shell environment for interacting with Google Cloud, these tools are installed for you.
- The latest version of the Google Cloud CLI, which includes
- Ensure that you have initialized the gcloud CLI for use with the project where the clusters are registered.
- If you are not the project owner, you need the GKE Hub Admin role in the project where the clusters are registered to complete the configuration steps.
Set up your fleet
After you have all necessary information and components installed, you can start to set up clusters at fleet level.