Before you install Cloud Run for Anthos in your cluster on Google Cloud, you must first ensure that you meet the following requirements:
Review and understand the access permissions of components in Cloud Run for Anthos.
You must ensure that you have adequate permissions in your Google Cloud project to meet the installation requirements for your Anthos cluster, Anthos fleet, and Anthos Service Mesh:
- If you have the Owner role for the Google Cloud project, then you have more than the necessary permissions to create clusters, install, and then configure Cloud Run for Anthos.
Note that the Anthos Service Mesh permissions requirements also meet all the permission requirements for installing and configuring Cloud Run for Anthos.
Using other roles and the minimum requirements:
Depending on your organization, you can also meet the permission requirements through a combination of the following predefined roles:
An Anthos cluster with the following configuration is required:
A supported Google Kubernetes Engine cluster. Note that GKE clusters that have Windows Server node pools are unsupported.
Registered in your Anthos fleet:
Tip: Workload Identity allows you to authenticate to Google Cloud services and it's also required by Anthos Service Mesh. Enabling fleet Workload Identity in your cluster during fleet registration can reduce the configuration and deployment time.
To learn how to register your cluster and enable Workload Identity in your fleet, see Registering a cluster
Note that Anthos Service Mesh requires that your cluster use a machine type with at least 4 vCPUs, such as
e2-standard-4. See the Anthos Service Mesh installation guide for details about requirements. If you need to change your existing cluster's machine type, see Migrating workloads to different machine types.
The following APIs must be enabled in your Cloud project:
- Google Kubernetes Engine API: Build and manage container-based applications.
- Cloud Build API: Create and manage builds.
- Container Registry API: Push and pull images in Container Registry.