Fleet Team Management
1. Fleet Team Management
Managing Kubernetes infrastructure for multiple teams can be complex. GKE fleet team management provides platform admins with tools and flexibility to provision and manage infrastructure resources for multiple teams. Fleet team management introduces the concept of team-level abstraction, where admins define team scopes and fleet namespaces for efficient onboarding, access control, and resource optimization. Let's define scopes in GKE. With team scopes, operators and admins can access information defined by the scope, like resource utilization, logs, errors, and metrics. Team scopes can help facilitate resource assessment, troubleshooting, and rollout sequencing upgrades. To access their team scope clusters, members can use Connect gateway to log in with their Google credentials and authenticate with Google groups. Next, let's define namespaces in GKE. With namespaces, operators and developers can access resources defined by the namespace, like deployments, services, and pods. Namespaces can help facilitate resource isolation, access control, and application lifecycle management. To access their namespace resources, users can use kubectl with configured context and authenticate with Kubernetes RBAC. So how does this work? Let's say, for example, an organization has two primary teams, one for the back end and one for the front end. The admin can create separate team scopes, each associated with specific clusters and namespaces. The backend team has access to clusters 1 and 2 with the namespace backend, while the frontend team has access to clusters 2 and 3 with namespaces frontend-foo and frontend-bar. Both teams share cluster 2 while maintaining their isolated namespaces. Team leads are granted admin access, allowing them to manage roles and bindings within their scope, while other team members have editor access. Platform admins can create and configure fleet teams by using gcloud commands, the Google Cloud console, or Terraform. Lets explore the general steps to create and configure teams. First, enable the necessary permissions and APIs for your fleet. Then set up access control using Google Groups. This is the recommended approach. To control team access to fleet resources, assign team members and roles. Each member can be assigned different access levels, scope admin, scope editor, or scope viewer. Create a team scope and give it a unique name. Then add your clusters to the team scope. Make sure each cluster is already part of your fleet and uses Google Groups for access control. Now create fleet namespaces within the team scope. This gives you granular control over resources and isolates each team's work within the fleet. Grant team members access to the scope using their Google groups or individual accounts. This streamlines the process of onboarding teams by providing predefined access controls and resource allocation. Team members can then access their resources using Connect gateway credentials. Admins can manage team scopes and fleet namespaces using the Google Cloud command line interface or the Google Cloud console. Management tasks include listing, updating, and deleting scopes, adding or removing clusters from scopes, creating and deleting fleet namespaces, and managing team member access. Let's explore common commands used to manage team scopes. The gcloud container fleet scopes create command creates a team scope. To add clusters to a team scope, use the gcloud container fleet memberships bindings create command. To create fleet namespaces, use the gcloud container fleet scopes namespaces create command. The gcloud container fleet scopes add app operator binding command grants team members access to the team scope. Use the gcloud container fleet memberships bindings delete to remove clusters from a team scope, and the gcloud container fleet scopes remove command to remove team members from a team scope. Within the Teams page in the Google Cloud console, the monitoring tab displays team scope resource utilization details, like CPU, memory, and disk usage, error and restart counts, and estimated costs. This information can be useful for resource allocation and troubleshooting.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.