Fleet management overview

Anthos offers a set of capabilities that helps you and your organization (from infrastructure operators and workload developers/operators to security and network engineers) manage clusters, infrastructure, and workloads across cloud and on-premises environments. This document describes our expanding portfolio of multi-cluster management capabilities and provides resources to get started managing your fleet.

Use cases

While managing more than one cluster has its challenges, there are many reasons to deploy multiple clusters to achieve technical and business objectives. Find out more in our Multi-cluster use cases guide.


Anthos and Google Cloud use the concept of a fleet (formerly known as an environ) to simplify managing multi-cluster deployments and power enterprise components such as Anthos Config Management. A fleet is a logical group of clusters and other resources that can be managed together. A growing number of Anthos and Google Cloud components use fleet concepts such as identity sameness and namespace sameness to simplify working with multiple clusters.

To learn more about how fleets work, and to find a complete list of fleet-enabled components, see Introducing fleets.

To learn about current limitations and requirements for using fleets in multi-cluster deployments, as well as recommendations for implementing fleets in your organization, see Fleet requirements and best practices.

To implement fleets in your own systems, read about hypothetical scenarios that use fleets in Fleet examples.

Creating a fleet

You create a fleet by registering your Google Kubernetes Engine and Anthos clusters to Google Cloud.

To connect Anthos clusters on VMware and other Kubernetes clusters residing outside of Google Cloud, Google provides a Connect Agent, a Kubernetes Deployment resource that you run in your clusters. Many multi-cluster features rely on this piece of infrastructure. The Connect Agent reaches out to Google to establish a connection to your project. It can traverse NATs, egress proxies, VPNs, and other interconnects that you have between your other environments and Google. Additionally, your Kubernetes clusters and their API servers do not need public or externally exposed IP addresses.

To learn more about the Connect Agent, see the Connect documentation

Authenticating to clusters

Connecting and authenticating to clusters across multiple environments can be challenging. With fleets, you can choose from two options for consistent, secure authentication to clusters for all your organization's developers and admins.

  • If you want to use Google Cloud as your identity provider, the Connect gateway builds on fleets to provide a consistent way to connect to and run commands against your registered clusters from the command line, and makes it simpler to automate DevOps tasks across multiple clusters. Find out more in the Connect gateway guide.

  • If you want to use your existing third-party identity provider, such as Microsoft ADFS, Anthos Identity Service lets you configure your fleet clusters so that users can log in with their existing ID and password. OIDC and LDAP providers are supported. Find out more in Introducing Anthos Identity Service.

With either approach, users can log in to clusters from the command line or from the Cloud Console.

Google Cloud Console

The Google Cloud Console provides a central user interface for managing all of your Kubernetes clusters no matter where they are running. After you have registered your Kubernetes clusters to your fleet, you can log in to view, monitor, debug, and manage your workloads.

To learn more and to get started, see the Cloud Console overview.

Anthos Config Management

Anthos Config Management lets cluster operators manage configurations and policies across multiple clusters and environments in your fleet. It uses configuration files stored in a central Git repository. To learn more and get started, see the Anthos Config Management documentation.