This page explains how to set up an existing GKE cluster with the options required by Anthos Service Mesh. If you want to add clusters from different Google Cloud projects to Anthos Service Mesh, the clusters must be in a Shared Virtual Private Cloud (VPC). See Setting up clusters with Shared VPC for more information.
Before you begin
Before you start setting up a cluster, make sure that you have:
- Reviewed the cluster requirements.
- Set up your environment to install the tools that you need.
- Set up your project to create environment variables, enable the required APIs, and set permissions.
Setting up an existing cluster
Create the following environment variables:
Set the cluster name:
export CLUSTER_NAME=YOUR_CLUSTER_NAME
Set the
CLUSTER_LOCATION
to either your cluster zone or cluster region:export CLUSTER_LOCATION=YOUR_ZONE_OR_REGION
Set the workload pool:
export WORKLOAD_POOL=${PROJECT_ID}.svc.id.goog
Set the mesh ID:
export MESH_ID="proj-${FLEET_PROJECT_NUMBER}"
Set the default zone or region for the Google Cloud CLI. If you don't set the default here, be sure to specify either the
--zone
or--region
option in thegcloud container clusters
commands on this page.If you have a single-zone cluster, set the default zone:
gcloud config set compute/zone ${CLUSTER_LOCATION}
If you have a regional cluster, set the default region:
gcloud config set compute/region ${CLUSTER_LOCATION}
Tip: To make setting up your shell environment easier in the future, you can copy and paste the
export
statements for each environment variable to a simple shell script that yousource
when you start a new shell. You can also add thegcloud
commands that set default values to the script. Or you can usegcloud init
to create and activate a namedgcloud
configuration.Set the
mesh_id
label on the cluster. If your cluster has existing labels that you want to keep, you must include those labels when adding themesh_id
label.To see if your cluster has existing labels:
gcloud container clusters describe ${CLUSTER_NAME} \ --project ${PROJECT_ID}
Look for the
resourceLabels
field in the output. Each label is stored on a separate line under theresourceLabels
field, for example:resourceLabels: csm: '' env: dev release: stable
If the
csm
label is in the output, you don't need to preserve it. Themesh_id
label replaces thecsm
label.For convenience, you can add the labels to an environment variable. In the following, replace
YOUR_EXISTING_LABELS
with a comma-separated list of the existing labels on your cluster in the formatKEY=VALUE
, for example:env=dev,release=stable
export EXISTING_LABELS="YOUR_EXISTING_LABELS"
Set the
mesh_id
label:If your cluster has existing labels that you want to keep, update the cluster with the
mesh_id
and the existing labels:gcloud container clusters update ${CLUSTER_NAME} \ --project ${PROJECT_ID} \ --update-labels=mesh_id=${MESH_ID},${EXISTING_LABELS}
If you cluster doesn't have any existing labels, update the cluster with only the
mesh_id
label:gcloud container clusters update ${CLUSTER_NAME} \ --project=${PROJECT_ID} \ --update-labels=mesh_id=${MESH_ID}
Enable Workload Identity:
gcloud container clusters update ${CLUSTER_NAME} \ --project=${PROJECT_ID} \ --workload-pool=${WORKLOAD_POOL}
Enabling Workload Identity can take up to 10 to 15 minutes.
Enable Cloud Monitoring and Cloud Logging on GKE:
gcloud container clusters update ${CLUSTER_NAME} \ --project=${PROJECT_ID} \ --enable-stackdriver-kubernetes