Cloud Native / Cloud Services / Kubernetes

Tutorial: Connect Amazon EKS and Azure AKS Clusters with Google Anthos

12 Jun 2020 9:53am, by

This week, analyst Janakiram MSV  launches an exclusive series on The New Stack, about Google Cloud Platform’s Kubernetes service, Anthos. Each part of the series focuses on a specific aspect of Anthos. The series covers cluster registration, Anthos configuration management, and launching “click to deploy” applications from the GCP Marketplace.

In the second part of the series, we will register three Kubernetes clusters deployed in Google Kubernetes Engine, Amazon Web Services’ Elastic Kubernetes Service, and Azure Kubernetes Service, all using Google Anthos.

This tutorial starts by launching the clusters and ends with enumerating them as Anthos clusters.

Prerequisites

  • Active AWS, Azure, and GCP accounts
  • Latest AWS, Azure, and GCP CLI tools
  • eksctl
  • kubectx
  • kubens

Launching Kubernetes Clusters in GCP, AWS, and Azure

Assuming you have active accounts with the cloud platforms and the CLIs configured, get started by launching three-node clusters in each cloud.

Since it takes the longest time to launch, let’s start with the EKS cluster.

The second cluster is an Azure AKS cluster.

Finally, we will launch a GKE cluster.

Since we will have to change the context often from one cluster to another, we will merge all the contexts into one configuration and rename them.

The kubectx CLI comes handy in managing the contexts.

Now, we have three contexts – aks, eks, and gke – representing the three clusters. You can use kubectx to easily switch between them.

Preparing and Configuring the GCP Account for Anthos

Before using Anthos, we need to enable a set of APIs by running the below command:

Next, we need to create a service account and a JSON token for external clusters to connect to Anthos.

Run the below commands after setting the project environment variable:

The above command creates a file named anthos-hub-svc.json in the current directory. We will need this file to register the clusters with Anthos.

Registering Clusters with Anthos

Don’t forget to set the PROJECT environment variable.

Let’s start with the GKE Cluster.

Next, it’s the turn of the AKS cluster.

Finally, let’s register the EKS cluster with Anthos

Let’s check if all the three clusters are registered with Anthos.

If you access the Anthos dashboard in the GCP Console, you can see all the three clusters.

When we register a cluster with Anthos, there is a new namespace called the gke-connect that gets created. It runs an agent that maintains the connection between the cluster and the Anthos control plane.

Accessing the Cluster Information through Anthos

When you click on the GKE cluster in the GCP Console, you will see the configuration details such as the version of Kubernetes, number of nodes, and more.

This is not available for the other two clusters. In order to enable Anthos to access the cluster information, we need to create a role and role binding. The secret associated with the service account will be passed onto Anthos to gain access to the cluster.

Run the below commands to create the service account, role, and the role binding.

Create a file called node-reader.yaml and apply to the EKS cluster.

The below commands create the service account, role, and role binding.

Now, let’s retrieve the secret associated with the anthos-user service account.

You will see a long string that’s decoded from a base64 encoded secret. Copy this string and keep it safe.

Access the Anthos dashboard and click on the EKS cluster and click on the login button.

Under the Token, paste the string copied in the previous step and click the Login button.

Now, you can access the EKS cluster information from Anthos.

Repeat the above steps with the aks context to enable access to it.

Congratulations! You have successfully registered three clusters with Anthos.

In the next part of the tutorial, we will use Anthos Config Management to deploy workloads on all the clusters via GitOps. Stay tuned.

Janakiram MSV’s Webinar series, “Machine Intelligence and Modern Infrastructure (MI2)” offers informative and insightful sessions covering cutting-edge technologies. Sign up for the upcoming MI2 webinar at http://mi2.live.

At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: feedback@thenewstack.io.

Amazon Web Services is a sponsor of The New Stack.

Feature image by Kelly Sikkema on Unsplash.

A newsletter digest of the week’s most important stories & analyses.