Prerequisites for clusters on Google Cloud

Before you install Cloud Run for Anthos in your cluster on Google Cloud, you must first ensure that you meet the following requirements:

• Review and understand the access permissions of components in Cloud Run for Anthos.

• You must ensure that you have adequate permissions in your Google Cloud project to meet the installation requirements for your Anthos cluster, Anthos fleet, and Anthos Service Mesh:

  • If you have the Owner role for the Google Cloud project, then you have more than the necessary permissions to create clusters, install, and then configure Cloud Run for Anthos.

  • Note that the Anthos Service Mesh permissions requirements also meet all the permission requirements for installing and configuring Cloud Run for Anthos.

  • Using other roles and the minimum requirements:

    Depending on your organization, you can also meet the permission requirements through a combination of the following predefined roles:

    • Google Cloud project permissions: Basic Editor role

    • Anthos fleet permissions: GKE Hub Admin or a role that includes the following permissions:

      • gkehub.features.create
      • gkehub.features.update

    • Cluster permissions: A Kubernetes Engine Admin Role:

      • Kubernetes Engine Admin
      • Kubernetes Engine Cluster Admin

• An Anthos cluster with the following configuration is required:

  • A supported Google Kubernetes Engine cluster. Note that GKE clusters that have Windows Server node pools are unsupported.

  • Registered in your Anthos fleet:

    Go to Anthos clusters

    Tip: Workload Identity allows you to authenticate to Google Cloud services and it's also required by Anthos Service Mesh. Enabling fleet Workload Identity in your cluster during fleet registration can reduce the configuration and deployment time.

    To learn how to register your cluster and enable Workload Identity in your fleet, see Registering a cluster

  • Anthos Service Mesh version 1.10 is installed.

    Note that Anthos Service Mesh requires that your cluster use a machine type with at least 4 vCPUs, such as e2-standard-4. See the Anthos Service Mesh installation guide for details about requirements. If you need to change your existing cluster's machine type, see Migrating workloads to different machine types.

• The command-line environment must be set up.

• The following APIs must be enabled in your Cloud project:

  • Google Kubernetes Engine API: Build and manage container-based applications.
  • Cloud Build API: Create and manage builds.
  • Container Registry API: Push and pull images in Container Registry.

  Enable the APIs in the Google Cloud console