Your Browser is Out of Date

Nytro.ai uses technology that works best in other browsers.
For a full experience use one of the browsers below
Google Cloud's Anthos Solution with Bare Metal and VMware on PowerFlex Family
Executive summary Introduction Product overview Solution overview for Anthos on VMware Deploying Anthos on VMware
Deploying Anthos on VMware
Prerequisites
Prepare vCenter
Deploy and configure Layer 4 network load balancer
Deploy Anthos GKE on-prem admin VM on PowerFlex rack
Create Anthos GKE on-prem admin and user cluster on PowerFlex rack
Solution Overview for Anthos on bare metal Deploying Anthos on bare metal Deploying Anthos applications on PowerFlex system Conclusion Appendix

Deploy Anthos GKE on-prem admin VM on PowerFlex rack

Deploy Anthos GKE on-prem admin VM on PowerFlex rack

  • Post physical environment setup, to create a deployment workstation on the PowerFlex management controller vCSA, complete the following steps on any Linux workstation:

    1. Install Cloud SDK and related tools.
      1. To install Cloud SDK, complete the steps mentioned in Installing Google Cloud SDK.
      2. Install anthos-auth and kubectl components by performing the following commands:

    gcloud components install kubectl

    gcloud components install anthos-auth
    1. Configure Google Cloud Project.
      1. Log in to Google Cloud using your account credentials and set the default project ID:

    gcloud auth login

    gcloud config set project [PROJECT_ID]

    where [PROJECT_ID] is your project ID.

    1. Enable the required APIs in the Google Cloud project.

    gcloud services enable \

        anthos.googleapis.com \

        anthosgke.googleapis.com \

        anthosaudit.googleapis.com \

        cloudresourcemanager.googleapis.com \

        container.googleapis.com \

        gkeconnect.googleapis.com \

        gkehub.googleapis.com \

        serviceusage.googleapis.com \

        stackdriver.googleapis.com \

        monitoring.googleapis.com \

        logging.googleapis.com
    1. Grant IAM roles - resourcemanager.projectIamAdmin and serviceusage.serviceUsageAdmin, to your Google account.

    gcloud projects add-iam-policy-binding PROJECT_ID \

        --member="user:ACCOUNT" \

        --role="roles/resourcemanager.projectIamAdmin"

     

    gcloud projects add-iam-policy-binding PROJECT_ID \

        --member="user:ACCOUNT" \

        --role="roles/serviceusage.serviceUsageAdmin"

    where ACCOUNT is your Google Cloud account and [PROJECT_ID] is the associated project ID.

    1. Create a component access service account which is used to download Anthos components from Container Registry.

    gcloud iam service-accounts create component-access-sa \

        --display-name "Component Access Service Account" \

        --project PROJECT_ID
    1. Create JSON key for your component access service account.

    gcloud iam service-accounts keys create component-access-key.json \

       --iam-account component-access-sa@[PROJECT_ID].iam.gserviceaccount.com
    1. Grant the below IAM roles to your component access service account so that Anthos clusters on VMware can do preflight checks:
    • serviceusage.serviceUsageViewer
    • iam.serviceAccountCreator
    • iam.roleViewer

    gcloud projects add-iam-policy-binding PROJECT_ID \

        --member "serviceAccount:component-access-sa@[PROJECT_ID].iam.gserviceaccount.com" \

        --role "roles/serviceusage.serviceUsageViewer"

     

    gcloud projects add-iam-policy-binding PROJECT_ID \

        --member "serviceAccount:component-access-sa@[PROJECT_ID].iam.gserviceaccount.com" \

        --role "roles/iam.serviceAccountCreator"

     

    gcloud projects add-iam-policy-binding PROJECT_ID \

        --member "serviceAccount:component-access-sa@[PROJECT_ID].iam.gserviceaccount.com" \

        --role "roles/iam.roleViewer"

     
    1. Download gkeadm utility and make it executable.

    gsutil cp gs://gke-on-prem-release/gkeadm/1.6.0-gke.7/linux/gkeadm ./

    chmod +x gkeadm
    1. Generate configuration file templates using the gkeadm tool.

    ./gkeadm create config

    The preceding command creates the below files in your current directory:

    1. Create your admin workstation and a set of service account automatically.

    ./gkeadm create admin-workstation --auto-create-service-accounts
    1. On completion of the admin workstation, a command displayed on the console which can be used to create SSH connection to the admin workstation.

    ssh -i /usr/local/google/home/me/.ssh/gke-admin-workstation ubuntu@<admin_workstation_ip>

    If you list the files on the admin workstation, you can see two cluster configuration files, your CA certificate file, and the JSON key files for your service accounts:

    Example output from “ls -l” command:

    admin-cluster.yaml

    connect-agent-sa-2007081316.json

    connect-register-sa-2007081316.json

    log-mon-sa-2007081316.json

    user-cluster.yaml

    vcenter-ca-cert.pem

    component-access-key.json