To operate as a GKE attached cluster, your cluster needs to have the following characteristics.
EKS (AWS) cluster requirements
Supported platform versions are listed here. The cluster Kubernetes major.minor version should match the selected platform version. You can also list all supported versions using:
gcloud container attached get-server-config \ --location=GOOGLE_CLOUD_REGION
Ensure that the
kubectl
command-line tool is installed on your local machine and configured to access your cluster. This includes setting up the correct user credentials in thekubeconfig
file.Ensure that there is network connectivity to your cluster.
The cluster must have a public IAM OIDC Identity Provider. Follow the instructions in Create an IAM OIDC provider for your cluster to check if a provider exists, and create a provider if necessary.
Networking requirements
Because attached clusters rely on supporting Google Cloud services, you need to modify your cluster's outbound firewall rules to allow it access to the following domains. This is the only change you need to make to your cluster to install and run GKE attached clusters.
.gcr.io
gkeconnect.googleapis.com
oauth2.googleapis.com
securetoken.googleapis.com
storage.googleapis.com
sts.googleapis.com
Logging and monitoring
To use logging and monitoring features, your cluster also needs to be able to access the following URLs:
logging.googleapis.com
monitoring.googleapis.com
opsconfigmonitoring.googleapis.com
kubernetesmetadata.googleapis.com
Google Cloud requirements
Before attaching your cluster to the Google Cloud management service, you must install the gcloud CLI including the gcloud command, and grant the Google Cloud management service access to your Google Cloud account so it can manage your attached cluster resources.
Check your gcloud CLI installation with the following command:
gcloud version
If the gcloud CLI isn't installed, or if its version is earlier than version 412.0.0, install version 412.0.0 or higher by following the gcloud CLI installation instructions.
Install the
kubectl
additional component.If you haven't already done so, create your Google Cloud project. This will generate a Google Cloud project ID and a project number.
Set your active Google Cloud project and authenticate your account with the following commands.
export PROJECT_ID=<your project id> gcloud auth login gcloud config set project $PROJECT_ID gcloud auth application-default login
Enable the GKE attached clusters API and its required services with the following commands:
gcloud services enable gkemulticloud.googleapis.com gcloud services enable gkeconnect.googleapis.com gcloud services enable connectgateway.googleapis.com gcloud services enable cloudresourcemanager.googleapis.com gcloud services enable anthos.googleapis.com gcloud services enable logging.googleapis.com gcloud services enable monitoring.googleapis.com gcloud services enable opsconfigmonitoring.googleapis.com gcloud services enable kubernetesmetadata.googleapis.com