Google Cloud provides several options for authenticating to fleet clusters from the command line. These let developers and other cluster users connect to and run commands against registered clusters in a simple, consistent, and secured way, whether the clusters are on Google Cloud, other public clouds, or on premises.
For details of how to work with fleet clusters from the Google Cloud console, see Logging in to a cluster from the Google Cloud console.
Authenticate with Google Cloud
All GKE clusters on Google Cloud are configured to accept Google Cloud user and service account identities. If your fleet contains clusters in multiple environments, you can configure the Connect gateway so that users and service accounts can also authenticate to any registered cluster using their Google Cloud ID.
Learn more in the following guides:
- Configuring cluster access for
kubectl
- Connecting to registered clusters with the Connect gateway
- Using the Connect gateway.
Authenticate with third-party providers
If you want to use your existing third-party identity provider to authenticate to your fleet clusters, GKE Identity Service is an authentication service that lets you bring your existing identity solutions to multiple Anthos environments. It supports all OpenID Connect (OIDC) providers such as Okta and Microsoft AD FS, as well as preview support for LDAP providers in some environments. If configured, you can also use some third-party providers with the Connect gateway.
Learn more in the following guides:
- Introducing GKE Identity Service
- Accessing clusters with GKE Identity Service
- Connecting to registered clusters with the Connect gateway
- Using the Connect gateway