01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each GCP project available in your Google Cloud account:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud projects list
--format="table(projectId)"
02 The command output should return the requested GCP project IDS:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
PROJECT_ID
cc-web-project-123123
cc-dev-project-112233
03 Run container clusters list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the name and the region of each GKE cluster provisioned for the selected project:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud container clusters list
--project cc-web-project-123123
--format="table(NAME,ZONE)"
04 The command output should return the requested cluster names and their regions:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
NAME: cc-gke-backend-cluster
ZONE: us-central1
NAME: cc-gke-frontend-cluster
ZONE: us-central1
05 Run container node-pools list command (Windows/macOS/Linux) with the name of the GKE cluster that you want to examine as the identifier parameter, to describe the name of each node pool provisioned for the selected cluster:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud container node-pools list
--cluster=cc-gke-backend-cluster
--region=us-central1
--format="(NAME)"
06 The command output should return the requested GKE node pool names:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
NAME:
cc-gke-backend-pool-001
cc-gke-backend-pool-002
cc-gke-backend-pool-003
07 Run container node-pools describe command (Windows/macOS/Linux) with the name of the cluster node pool that you want to examine as the identifier parameter and custom output filters to determine if the GKE Metadata Server feature is enabled for the selected node pool:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
gcloud container node-pools describe cc-gke-backend-pool-001
--cluster=cc-gke-backend-cluster
--region=us-central1
--format="value(config.workloadMetadataConfig)"
08 The command output should indicate the workload metadata mode configured for the nodes in the selected GKE node pool. The workload metadata mode determines how metadata is exposed to workloads running on the nodes. If mode is set to GCE_METADATA, all metadata is exposed to pods. If mode is set to GKE_METADATA, the GKE Metadata Server restricts pod access to metadata and facilitates Workload Identity:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
mode=GCE_METADATA
If the
container node-pools describe command output returns
mode=GCE_METADATA, as shown in the example above, the GKE Metadata Server feature is not enabled for the nodes running within the selected Google Kubernetes Engine (GKE) cluster node pool.
09 Repeat step no. 7 and 8 for each node pool provisioned for the selected GKE cluster.
10 Repeat steps no. 5 - 9 for each GKE cluster provisioned for the selected GCP project.
11 Repeat steps no. 3 – 10 for each GCP project deployed in your Google Cloud account.