Adding a GKE cluster will take place in both the Admin UI and in the Google Cloud and Developer consoles.
Before beginning, ensure that the GKE endpoint you’re connecting is accessible from one of your strongDM gateways or relays. For more information on setting up gateways, see this guide.
Login to the Admin UI at https://app.strongdm.com and choose Servers on the left hand navigation.
In the upper right hand section of the screen, click the ‘add server’ button. Under ‘Server Type’ select Google Kubernetes Engine.
Type in a Display Name. This is how the server will show up in the Admin UI—in this case,
Note: Some Kubernetes management interfaces, such as Visual Studio Code, do not function properly with cluster names containing spaces. If you run into problems, please choose a name without spaces for this field.
Enter the endpoint of the GKE cluster. It’s imperative that this endpoint can be reached from the gateway/relay. To verify this, hop on the gateway/relay server, and from a command prompt, type:
$ nc -z <YOUR_ENDPOINT> 443
If your gateway or relay can connect to this hostname, you’ll be able to proceed—in this case,
Enter the Server CA, which is available under the Show Credentials link just to the right of the endpoint in the Google Cloud Console.
Enter an Service Account Key in JSON format. You can generate this key on the Google Developer Console. When generating this key, ensure it is associated with a user with the appropriate level of access to the cluster for your use case. Once generated, upload the key using the button below the Service Account Key box.
NOTE: When your users connect to this cluster, they will have exactly the rights permitted by this Google service account key. See this Google document for more information.
Click the ‘create’ button. Once this is done, the Admin UI will update and show your new server in a green or yellow state. If yellow, click the ‘pencil’ icon to right of the server to re-open the ‘Connection Details’ screen then click ‘Diagnostics’ to determine where the connection is failing.
If any errors occur, please copy them into an email and send to email@example.com.