Google Cloud 의 Fleet은 Google Cloud에 클러스터를 등록하여 함께 관리할 수 있는 Kubernetes 클러스터 및 기타 리소스의 논리적 그룹입니다. GKE Identity Service의 Fleet 수준 설정은 관리자가 한 개 이상의 GKE 클러스터에 대해 선호하는 ID 공급업체를 통해 인증을 설정하고 GKE에서 유지보수하며 Google Cloud에 저장하는 인증 구성을 통해 확장할 수 있도록 합니다.
이 문서는 Fleet에 GKE Identity Service를 설정하려는 클러스터 관리자나 애플리케이션 운영자를 위해 작성되었습니다.
다른 GKE Identity Service 지원 클러스터 유형과 환경에는 여전히 클러스터별 설정이 필요합니다. 이전 버전의 GKE 클러스터를 사용하는 경우나 아직 Fleet 수준 수명 주기 관리로 지원되지 않는 GKE Identity Service 기능이 필요하면 클러스터별 설정을 사용할 수도 있습니다.
지원되는 ID 공급업체 프로토콜
Fleet 수준 GKE Identity Service를 구성하는 경우 OIDC, SAML 또는 LDAP 프로토콜을 지원하는 ID 공급업체를 사용할 수 있습니다.
시작하기 전에
플랫폼 관리자가 GKE Identity Service의 클라이언트 ID 및 보안 비밀을 포함하여 필요한 모든 세부정보를 제공했는지 확인합니다.
다음 명령줄 도구가 설치되었는지 확인합니다.
최신 버전의 Google Cloud CLI( Google Cloud와 상호작용하는 명령줄 도구인 gcloud 포함). Google Cloud CLI를 설치해야 하는 경우 설치 가이드를 참조하세요.
Kubernetes 클러스터에 명령어를 실행하기 위한 kubectl. kubectl을 설치해야 하는 경우 설치 가이드를 참조하세요.
Google Cloud와의 상호작용을 위해 Cloud Shell을 셸 환경으로 사용하는 경우 이러한 도구가 자동으로 설치됩니다.
클러스터가 등록된 프로젝트에서 사용할 수 있도록 gcloud CLI를 초기화했는지 확인합니다.
프로젝트 소유자가 아닌 경우 구성 단계를 완료하려면 클러스터가 등록된 프로젝트에서 GKE 허브 관리자 역할이 필요합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-01(UTC)"],[],[],null,["A fleet in Google Cloud is a logical group of Kubernetes clusters and other resources that can be managed together, created by registering clusters to Google Cloud. Fleet-level setup for GKE Identity Service builds on the power of fleets to let administrators set up authentication with their preferred identity providers for one or more GKE clusters at once, with their authentication configuration maintained by GKE and stored in Google Cloud.\nThis document is for cluster administrators or application operators who want to set up GKE Identity Service for a fleet.\n\nSupported cluster types\n\nThe following cluster types and environments are supported for fleet-level setup:\n\n- [Google Distributed Cloud (software-only) on VMware](/anthos/clusters/docs/on-prem/overview), version 1.8.2 or higher\n- [Google Distributed Cloud (software-only) on bare metal](/anthos/clusters/docs/bare-metal/concepts/about-bare-metal), version 1.8.3 or higher\n- [GKE on Azure](/anthos/clusters/docs/azure/concepts/architecture)\n- [GKE on AWS](/anthos/clusters/docs/aws/concepts/architecture) running Kubernetes 1.21 or higher,\n- [GKE](/kubernetes-engine/docs) clusters on Google Cloud with Identity Service for GKE enabled. Follow the instructions in [Identity Service for GKE](/kubernetes-engine/docs/how-to/oidc) to enable the feature before [configuring authentication for the cluster](/kubernetes-engine/enterprise/identity/setup/fleet-cluster).\n\nThe following cluster type and environment is supported for fleet-level setup that is in *Pre-GA*:\n\n- Amazon Elastic Kubernetes Service (Amazon EKS) attached clusters\n\n| **Note:** This feature is covered by the [Pre-GA Offerings](https://cloud.google.com/terms/service-terms#1) Terms of the Google Cloud Terms of Service. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [launch stage descriptions](https://cloud.google.com/products#product-launch-stages).\n\nFor more information about attached clusters, see [GKE attached clusters](/kubernetes-engine/multi-cloud/docs/attached).\n\nOther GKE Identity Service supported cluster types and environments still require [individual cluster setup](/kubernetes-engine/enterprise/identity/setup/per-cluster). You may also want to use per-cluster setup if you are using an earlier version of GKE clusters, or if you require GKE Identity Service features that aren't yet supported with fleet-level lifecycle management.\n\nSupported identity provider protocols\n\nIf you configure fleet-level GKE Identity Service, you can use identity providers that support the [OIDC](https://openid.net/connect/), [SAML](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) or [LDAP](https://ldap.com/) protocols.\n\nBefore you begin\n\n- Ensure that your platform administrator has given you all the necessary details, including the client ID and secret for GKE Identity Service.\n- Ensure that you have the following command line tools installed:\n - The latest version of the Google Cloud CLI, which includes `gcloud`, the command line tool for interacting with Google Cloud. If you need to install the Google Cloud CLI, see the [installation guide](/sdk/docs/install).\n - `kubectl` for running commands against Kubernetes clusters. If you need to install `kubectl`, see the [installation guide](/kubernetes-engine/docs/how-to/cluster-access-for-kubectl). If you are using Cloud Shell as your shell environment for interacting with Google Cloud, these tools are installed for you.\n- Ensure that you have [initialized](/sdk/docs/install-sdk#initializing_the) the gcloud CLI for use with the project where the clusters are registered.\n- If you are not the project owner, you need the [GKE Hub Admin](/iam/docs/understanding-roles#gke-hub-roles) role in the project where the clusters are registered to complete the configuration steps.\n\nSet up your fleet\n\nAfter you have all necessary information and components installed, you can start to [set up clusters at fleet level](/kubernetes-engine/enterprise/identity/setup/fleet-cluster)."]]