Installing Anthos Management Center

This page is for infrastructure operators.

This page describes how to install Anthos Management Center and obtain its URL.

Install Management Center

In this section, you install an admin cluster on bare metal machines, and then install Management Center on top of the admin cluster.

Prepare the admin cluster config

Update the ./actl-workspace/admin/admin.yaml file with settings that match your environment.

vi ./actl-workspace/admin/admin.yaml

Complete the following fields:

  • The sshPrivateKeyPath is the key that's used during installation to access the other nodes that will be part of the cluster. This is the private counterpart of the public key you distributed to the nodes in the Prerequisites.

  • The registryMirrors identifies the location of the all registry mirror where the docker images are stored.

    • registryMirrors.endpoint is the endpoint of the mirror. The endpoint's format is URL_SCHEME://REGISTRY_HOST/v2/IMAGE_PREFIX . For example, if you created the registry on the workstation, then set the endpoint to https://REGISTRY_HOST/v2/library. Note that the /v2/ in between REGISTRY_HOST and IMAGE_PREFIX is necessary.

    • registryMirrors.pullCredentialConfigPath is the path for the credentials. Usually, this is something like /home/USER/.docker/config.json.

    • The registryMirrors.caCertPath is the location of the Certificate Authority that the registry will use to encrypt traffic. This certificate is distributed to the nodes during the installation process to allow them to pull images from the registry. The path is typically /etc/docker/certs.d/REGISTRY_HOST/ca.crt.

  • The controlPlane spec defines which nodes are part of the control plane. If using an high availability deployment, specify three IP addresses, for example:

        # Control plane node pools. Typically, this is either a single machine
        # or 3 machines if using a high availability deployment.
        - address:
        - address:
        - address:
  • The loadBalancer spec defines which type of load balancer is used. The default configuration installs a load balancer onto the running cluster. In this case, at minimum, you need to set the controlPlaneVIP to identify a virtual IP (VIP) address pool to expose the Kubernetes API Server and the addressPools to allocate VIPs on demand to services requesting them. For example:

      mode: bundled
      # There are two load balancer VIPs: one for the control plane and one for the
      # L7 Ingress service.
      # The VIPs must be in the same subnet as the load balancer nodes.
        # ControlPlaneVIP specifies the VIP to connect to the Kubernetes API server.
        # This address must not be in the address pools below.
      # AddressPools is a list of non-overlapping IP ranges for the data plane load
      # balancer.
      # All addresses must be in the same subnet as the load balancer nodes.
      # Address pool configuration is only valid for 'bundled' LB mode in non-admin
      # clusters.
      - name: pool1
        # Each address must be either in the CIDR form (
        # or range form (
  • The last section of the Cluster spec specifies the loginUser. This login must have access to the SSH key specified below and is the user for which the key was distributed in the Prerequisites.

      loginUser: LOGIN_USERNAME

    Replace LOGIN_USERNAME with the username used to log into the user cluster.

  • The nodePool spec identifies the nodes that will host Management Center Console, Prometheus, Grafana and other services on the admin cluster. These nodes are the worker nodes of the admin cluster. For example:

    kind: NodePool
      name: node-pool-1
      namespace: cluster-admin
      # Cannot be changed, must be admin
      clusterName: admin
      - address:

Create the admin cluster

Run the following command to create the admin cluster. It takes approximately 30 minutes. See Known issues if you have problems creating the admin cluster.

cd ~/anthos-baremetal-private-mode
actl clusters baremetal create admin

After the admin cluster is created, check that you have access to it.

export ADMIN_KUBECONFIG=$(pwd)/actl-workspace/admin/admin-kubeconfig

kubectl get nodes --kubeconfig=${ADMIN_KUBECONFIG}

Optional: Register resources

You can edit the ./managementcenter/management-center.yaml config file to automatically register your resources so that they are available when the installation is complete. Alternatively, you can skip this section and manually register your resources after you are finished installing Management Center.

Open the ./managementcenter/management-center.yaml file to customize Management Center installation.

vi ./managementcenter/management-center.yaml

In the file editor, add the following sections:

Register inventory machines

Register inventory machines to the admin cluster for the platform administrator to use later to create a user cluster.

kind: InventoryMachine
  name: IP_ADDRESS
    "KEY": "VALUE"
  address: IP_ADDRESS

Replace the following:

  • IP_ADDRESS: the IP address of the machine, for example
  • KEY:VALUE: a key:value pair, for example "rack": "r1020" to indicate a rack location.

The labels are free-form key-value pairs that are attached to the resource. These labels can be used later in Management Center to filter machines. For example, you can use the labels to identify rack location or special hardware configurations.

Register virtual IP (VIP) address pool

Register an AddressPool to the admin cluster to use later to create user clusters.

kind: AddressPool
  name: anthos-addresspool-default
  description: DESCRIPTION

Replace the following:

  • DESCRIPTION: enter any additional instructions that you want to show in Management Center Console.
  • VIP_ADDRESS_POOL: the VIP address pool range, for example

Register Bootstrap Service

The Bootstrap Service is a mechanism used to preinstall extra resources like Storage Services and GPU drivers into user clusters after they are created to make them immediately available for use.

  1. Create the configmap which contains all the manifests needed to install the service.

    kubectl create configmap <configmap-name> --kubeconfig=ADMIN_KUBECONFIG \
      --from-file=path/to/MANIFESTS --namespace=anthos-management-center

    Replace path/to/MANIFESTS with the path to the manifest files.

  2. Add the following section to the ./managementcenter/management-center.yaml file to create the Bootstrap Service object which refers to the configmap:

    kind: BootstrapService
      namespace: anthos-management-center
      # If set to True, this configuration can be applied to many user clusters,
      # e.g. a GPU driver configuration. If False, this configuration can only be
      # applied to a single user cluster, e.g. a CSI Driver + StorageClass
      # combination which is intended for exclusive use by a single user cluster.
      # Defaults to False.
      isReusable: False
        name: CONFIGMAP_NAME
        namespace: anthos-management-center

    Replace the following:

    • BOOTSTRAP_SERVICE_NAME: the name of the Bootstrap Service.
    • CONFIGMAP_NAME: the name of the configmap that you created in the previous step.

Install Management Center

Install Management Center onto the admin cluster.

Default configuration

These instructions install Management Center with a minimal default configuration.

cd ~/anthos-baremetal-private-mode
actl platform management-center create

Custom configuration

These instructions install Management Center using a custom config. This allows you to customize settings before installing Management Center. To do this, update the ./managementcenter/management-center.yaml file to customize the Management Center installation.

vi ./managementcenter/management-center.yaml

Install Management Center using the custom configuration.

cd ~/anthos-baremetal-private-mode
actl platform management-center create --config managementcenter/management-center.yaml

Get the URL of Management Center

The URL for Management Center is printed out after installing Management Center but can also be retrieved by running the following command:

actl platform management-center describe --kubeconfig=${ADMIN_KUBECONFIG}

You can share the URL that is returned with a platform administrator so that they can access Management Center.

Configure a domain name to access Management Center

To configure your own domain name to access Management Center:

Add an A record to your DNS domain configuration and set it to the IP address returned by the following command:

actl platform management-center describe --kubeconfig=${ADMIN_KUBECONFIG}