Prerequisites for your EKS attached cluster

To operate as a GKE attached cluster, your cluster needs to have the following characteristics.

EKS (AWS) cluster requirements

  • Supported platform versions are listed here. The cluster Kubernetes major.minor version should match the selected platform version. You can also list all supported versions using:

    gcloud container attached get-server-config  \
    --location=GOOGLE_CLOUD_REGION
    
  • Ensure that the kubectl command-line tool is installed on your local machine and configured to access your cluster. This includes setting up the correct user credentials in the kubeconfig file.

  • Ensure that there is network connectivity to your cluster.

  • The cluster must have a public IAM OIDC Identity Provider. Follow the instructions in Create an IAM OIDC provider for your cluster to check if a provider exists, and create a provider if necessary.

Networking requirements

Because attached clusters rely on supporting Google Cloud services, you need to modify your cluster's outbound firewall rules to allow it access to the following domains. This is the only change you need to make to your cluster to install and run GKE attached clusters.

.gcr.io
gkeconnect.googleapis.com
oauth2.googleapis.com
securetoken.googleapis.com
storage.googleapis.com
sts.googleapis.com

Logging and monitoring

To use logging and monitoring features, your cluster also needs to be able to access the following URLs:

logging.googleapis.com
monitoring.googleapis.com
opsconfigmonitoring.googleapis.com
kubernetesmetadata.googleapis.com

Google Cloud requirements

Before attaching your cluster to the Google Cloud management service, you must install the gcloud CLI including the gcloud command, and grant the Google Cloud management service access to your Google Cloud account so it can manage your attached cluster resources.

  1. Check your gcloud CLI installation with the following command:

    gcloud version
    
  2. If the gcloud CLI isn't installed, or if its version is earlier than version 412.0.0, install version 412.0.0 or higher by following the gcloud CLI installation instructions.

  3. Install the kubectl additional component.

  4. If you haven't already done so, create your Google Cloud project. This will generate a Google Cloud project ID and a project number.

  5. Set your active Google Cloud project and authenticate your account with the following commands.

    export PROJECT_ID=<your project id>
    gcloud auth login
    gcloud config set project $PROJECT_ID
    gcloud auth application-default login
    
  6. Enable the GKE attached clusters API and its required services with the following commands:

    gcloud services enable gkemulticloud.googleapis.com
    gcloud services enable gkeconnect.googleapis.com
    gcloud services enable connectgateway.googleapis.com
    gcloud services enable cloudresourcemanager.googleapis.com
    gcloud services enable anthos.googleapis.com
    gcloud services enable logging.googleapis.com
    gcloud services enable monitoring.googleapis.com
    gcloud services enable opsconfigmonitoring.googleapis.com
    gcloud services enable kubernetesmetadata.googleapis.com