This page describes how to configure connectivity for the kubectl command-line
tool to access Google Distributed Cloud connected.
Configure kubectl connectivity for Cloud control plane clusters
This section describes how to configure connectivity for the kubectl command-line
tool to access Distributed Cloud connected Cloud control plane clusters.
You have the option to configure kubectl connectivity through the connect gateway
and through Cloud Load Balancing.
Connectivity through the connect gateway
You can configure kubectl connectivity using the connect gateway.
To configure kubectl connectivity through the connect gateway, use
the following command to generate the necessary kubeconfig file:
gcloud edge-cloud container hub memberships get-credentials CLUSTER_ID \
--project=PROJECT_ID
Replace the following:
CLUSTER_ID: the ID of the target cluster.PROJECT_ID: the ID of the target Google Cloud project.REGION: the Google Cloud region in which the cluster has been created.
The connect gateway hub membership name is the ID of the target Distributed Cloud cluster. The connect gateway hub membership project ID can, but does not have to, match the target cluster's project ID.
The generated kubeconfig files contains a connect gateway endpoint URL
similar to the following:
https://connectgateway.googleapis.com/v1/projects/myProject/locations/global/memberships/myCluster
Your kubectl requests are sent to the connect gateway, which forwards it to
the Connect Agent and finally to the Kubernetes API server in the cluster's
Cloud control plane.
Connectivity through Cloud Load Balancing
To configure kubectl connectivity through Cloud Load Balancing, use
the following command to generate the necessary kubeconfig file:
gcloud edge-cloud container clusters get-credentials CLUSTER_ID \
--project=PROJECT_ID \
--location=REGION
Replace the following:
CLUSTER_ID: the ID of the target cluster.PROJECT_ID: the ID of the target Google Cloud project.REGION: the Google Cloud region in which the cluster has been created.
In this case, Cloud Load Balancing serves as an external L4 load balancer
that exposes a single public IP address to the internet and forwards kubectl
requests to the cluster's Cloud control plane running in Google Cloud.
Configure kubectl connectivity for local control plane clusters
This section describes how to configure connectivity for the kubectl command-line
tool to access Distributed Cloud connected local control plane clusters.
By default, the ToR switches automatically advertise the virtual IP addresses of your
local control plane nodes to your local network. You can use the kubectl tool to directly
connect to those virtual IP addresses from your local network.
For situations where direct access to your local network is not available, you have the following options:
- If the local control plane node uses a public IP address, you can connect to it directly from the internet. Your network administrator must configure your firewall to allow inbound traffic to the node on port 443.
- If the local control plane uses a private IP address, you must Configure a bastion host.