Skip to content

Instantly share code, notes, and snippets.

@pydevops

pydevops/gke-anthos-register.md

Last active December 8, 2021 03:52
Show Gist options
  • Save pydevops/c2ae4fbe3b89f103abd0594698295128 to your computer and use it in GitHub Desktop.
Save pydevops/c2ae4fbe3b89f103abd0594698295128 to your computer and use it in GitHub Desktop.
Download ZIP
gke connect gateway register anthos
Raw
gke-anthos-register.md 
gcloud services enable connectgateway.googleapis.com
gcloud container hub memberships list
gcloud container hub memberships get-credentials  <your-gke-connect-enabled-cluster-name>

MEMBERSHIP_NAME=my-aks
KUBE_CONTEXT=my-ctx
KUBE_CONFIG=$PWD/kubeconfig
# please make sure the connect-sa service account below has roles/gkehub.connect
SA_KEY_FILE=$PWD/connect-sa.json

# register the aks cluster in the current gcp project
gcloud container hub memberships register ${MEMBERSHIP_NAME} --context=${KUBE_CONTEXT} --kubeconfig=${KUBE_CONFIG} --service-account-key-file=${SA_KEY_FILE}
# unregister the aks cluster in the current gcp project
gcloud container hub memberships unregister  ${MEMBERSHIP_NAME} --context=${KUBE_CONTEXT}  --kubeconfig=${KUBE_CONTEXT}

After the registration completes successfully, then I run the following script to get login token for log in the AKS cluster in the gcp console

#!/bin/bash
set -eu
export KUBECONFIG=$PWD/kubeconfig
export KSA=remote-admin-sa
kubectl get sa $KSA >/dev/null
if  [[ ! $? ]]
then
  kubectl create serviceaccount $KSA
  kubectl create clusterrolebinding ksa-admin-binding \
      --clusterrole cluster-admin \
      --serviceaccount default:$KSA
fi
export SECRET_NAME=$(kubectl get sa $KSA -o jsonpath='{.secrets[0].name}')
kubectl get secret $SECRET_NAME -o jsonpath='{.data.token}' | base64 --decode && echo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment