Google Kubernetes Engine (GKE)
Google Kubernetes Engine (GKE)
Section titled “Google Kubernetes Engine (GKE)”GKE is Google’s managed Kubernetes service. Google invented Kubernetes, and GKE offers the tightest integration — managed control plane, automatic upgrades, and deep GCP ecosystem support.
GKE vs Self-Managed Kubernetes
Section titled “GKE vs Self-Managed Kubernetes”| Feature | GKE | Self-managed |
|---|---|---|
| Control plane | Fully managed by Google | You manage |
| Upgrades | Automatic or on-demand | Manual |
| Scaling | Node auto-provisioning | Manual setup |
| Monitoring | Cloud Monitoring built-in | DIY |
| Cost | Control plane is free | Your infrastructure |
Cluster Types
Section titled “Cluster Types”| Mode | Description |
|---|---|
| Autopilot | Google manages nodes — you only define workloads |
| Standard | You manage node pools and sizing |
Autopilot is recommended for most workloads — you pay per pod, not per node.
Creating a Cluster
Section titled “Creating a Cluster”# Autopilot cluster (recommended)gcloud container clusters create-auto my-cluster \ --region=europe-west2
# Standard clustergcloud container clusters create my-cluster \ --zone=europe-west2-a \ --num-nodes=3 \ --machine-type=e2-standard-2Connecting kubectl to GKE
Section titled “Connecting kubectl to GKE”# Generate kubeconfig for your clustergcloud container clusters get-credentials my-cluster \ --region=europe-west2
# Verify connectionkubectl get nodeskubectl get pods -ANode Pools
Section titled “Node Pools”Standard clusters use node pools — groups of identical VMs:
# Add a node poolgcloud container node-pools create gpu-pool \ --cluster=my-cluster \ --zone=europe-west2-a \ --machine-type=n1-standard-4 \ --accelerator=type=nvidia-tesla-t4,count=1 \ --num-nodes=2
# Resize a node poolgcloud container clusters resize my-cluster \ --node-pool=default-pool \ --num-nodes=5 \ --zone=europe-west2-aCluster Autoscaler
Section titled “Cluster Autoscaler”Automatically add/remove nodes based on pending pods:
gcloud container clusters update my-cluster \ --enable-autoscaling \ --min-nodes=1 \ --max-nodes=10 \ --zone=europe-west2-a \ --node-pool=default-poolWorkload Identity
Section titled “Workload Identity”Allows Kubernetes service accounts to act as GCP service accounts without JSON key files:
# Enable Workload Identity on clustergcloud container clusters update my-cluster \ --workload-pool=PROJECT_ID.svc.id.goog \ --region=europe-west2
# Annotate Kubernetes service accountkubectl annotate serviceaccount my-ksa \ iam.gke.io/gcp-service-account=my-gsa@PROJECT_ID.iam.gserviceaccount.com
# Allow the bindinggcloud iam service-accounts add-iam-policy-binding my-gsa@PROJECT_ID.iam.gserviceaccount.com \ --role=roles/iam.workloadIdentityUser \ --member="serviceAccount:PROJECT_ID.svc.id.goog[my-namespace/my-ksa]"Deploying to GKE
Section titled “Deploying to GKE”GKE is standard Kubernetes — use kubectl and standard manifests:
# Deploy an applicationkubectl apply -f deployment.yaml
# Expose with a LoadBalancer (creates GCP Cloud Load Balancer)kubectl expose deployment my-app --type=LoadBalancer --port=80 --target-port=8080
# Get the external IPkubectl get service my-appGKE + Cloud Build CI/CD
Section titled “GKE + Cloud Build CI/CD”steps: - name: 'gcr.io/cloud-builders/docker' args: ['build', '-t', 'gcr.io/$PROJECT_ID/my-app:$SHORT_SHA', '.']
- name: 'gcr.io/cloud-builders/docker' args: ['push', 'gcr.io/$PROJECT_ID/my-app:$SHORT_SHA']
- name: 'gcr.io/cloud-builders/gke-deploy' args: - run - --filename=k8s/ - --image=gcr.io/$PROJECT_ID/my-app:$SHORT_SHA - --cluster=my-cluster - --location=europe-west2Useful Commands
Section titled “Useful Commands”# List clustersgcloud container clusters list
# Upgrade clustergcloud container clusters upgrade my-cluster \ --master --cluster-version=1.30 \ --zone=europe-west2-a
# Delete clustergcloud container clusters delete my-cluster \ --zone=europe-west2-a