Deploying to Anthos user clusters

This document describes how to deploy your applications to Anthos clusters.

Google Cloud Deploy allows you to deploy your container-based workloads to any Anthos user cluster that you can access using Connect gateway.

Before you begin

  • Have an Anthos user cluster to deploy to.

    This can be a cluster which you created as an Anthos user cluster, or you can register an existing Kubernetes cluster. Clusters which you create for Anthos automatically receive memberships. For existing clusters which you register to a fleet, you designate a membership name when registering. You will need this membership name for the target configuration.

  • Set up Connect gateway to connect the registered cluster or clusters to Google Cloud.

    Be sure to set up the gateway using the same service account that will be used as the Google Cloud Deploy execution service account. If you don't, then the execution service account won't have the necessary permissions to deploy to the Anthos cluster.

  • Make sure you're using gcloud CLI version 371 or greater.

Set up your Google Cloud Deploy to deploy to Anthos

  1. Create your target configuration.

    The target can be configured in your delivery pipeline YAML, or can be in a separate file. Also, you can configure more than one target in the same file, but they must be in different kind: Target stanzas.

  2. Grant the execution service account the roles it needs in order to interact with connected clusters through the gateway.

    This is necessary whether you're using the default Google Cloud Deploy service account or a custom service account.

  3. Set up RBAC for the execution service account on the Kubernetes cluster that underlies the Anthos cluster.

  4. Optional: if the underlying cluster is not a GKE cluster, you might need to configure an imagePullSecret to allow your cluster to pull from Artifact Registry.

  5. In the target definition, create an anthosCluster stanza to point to the Anthos cluster:

    The syntax for specifying an Anthos cluster is as follows:

    anthosCluster:
     membership: projects/[project_name]/locations/global/memberships/[membership_name]
    

    This Anthos resource identifier uses the following elements:

    • [project_name] is the name of the Google Cloud project in which you are running this cluster.

      The cluster you are deploying to, including Anthos clusters, does not need to be in the same project as your delivery pipeline.

    • [membership_name] is the name you chose when registering the cluster to a fleet.

    For location, all Anthos cluster memberships are global, so you don't need to change /locations/global/ in this resource identifier.

The following is an example target configuration, pointing to an Anthos user cluster:

      apiVersion: deploy.cloud.google.com/v1
      kind: Target
      metadata:
       name: qsdev
      description: development cluster
      anthosCluster:
       membership: projects/my-app/locations/global/memberships/my-app-dev-cluster

What's next