Google Distributed Cloud provides you a choice of tools to create clusters and
manage the cluster lifecycle operations (update, upgrade, and delete):
The command-line tool gkectl, which you run on your admin workstation
in your on-premises data center. You create a
configuration file
that describes the cluster network, load balancing, and other cluster
features. You specify this file on the command line to gkectl.
The Google Cloud console, Google Cloud CLI, or
Terraform,
which you can run from any computer that has network connectivity to the
GKE On-Prem API. These standard tools use the
GKE On-Prem API,
which runs on Google Cloud infrastructure. Collectively, the standard
tools are referred to as the GKE On-Prem API clients. To manage the
lifecycle of your clusters, the GKE On-Prem API must store metadata about
your cluster's state in Google Cloud, in the Google Cloud region that you
specify when creating the cluster. This metadata lets the API manage the
cluster lifecycle and doesn't include workload-specific data.
No matter which tool you use to create clusters, the information that
you gather and provide to the tool, such as the IP addresses
of cluster node machines and load balancer VIPs, is the same.
This selection lets you choose the best tool for your use case and
environment. For example:
For your first installations in a development environment, you might
want to use the Google Cloud console because the user interface provides
additional guidance and help.
If your organization already uses the gcloud CLI or Terraform to
manage other Google Cloud resources, you will probably want to use these
tools for Google Distributed Cloud as well.
If your organization has regulatory requirements or restrictions, you
might need to limit your reliance on Google Cloud and use gkectl on
your admin workstation to create clusters and manage cluster lifecycle.
If you create a cluster with gkectl, it will be enrolled with the
GKE On-Prem API by default. You can also
enroll the cluster after it is created,
which lets you use the GKE On-Prem API clients.
Limitations with the GKE On-Prem API clients
The gkectl tool is the most mature as far as features that it supports. We
recommend that you review the functionality for the GKE On-Prem API clients when
making a choice. The following list shows the features that are not supported by
the GKE On-Prem API clients. Check this list from time to time as the
GKE On-Prem API clients evolve.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eGoogle Distributed Cloud offers \u003ccode\u003egkectl\u003c/code\u003e, the Google Cloud console, Google Cloud CLI, and Terraform for creating and managing cluster lifecycles.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003egkectl\u003c/code\u003e is run on an admin workstation, while the other tools, known as GKE On-Prem API clients, operate via the GKE On-Prem API and require cluster metadata to be stored in Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eThe choice of tool depends on the use case and environment, with the Google Cloud console being suitable for initial setups, gcloud CLI/Terraform for organizations already using them, and \u003ccode\u003egkectl\u003c/code\u003e for those with strict requirements.\u003c/p\u003e\n"],["\u003cp\u003eClusters created with \u003ccode\u003egkectl\u003c/code\u003e are automatically enrolled with the GKE On-Prem API, allowing them to be managed by the GKE On-Prem API clients, which can also enroll pre-existing clusters.\u003c/p\u003e\n"],["\u003cp\u003eThe GKE On-Prem API clients have limitations compared to \u003ccode\u003egkectl\u003c/code\u003e, as they do not support features like admin cluster management, secret and certificate rotation, and advanced networking, among others.\u003c/p\u003e\n"]]],[],null,["# Choose a tool to manage cluster lifecycle\n\n\u003cbr /\u003e\n\nGoogle Distributed Cloud provides you a choice of tools to create clusters and\nmanage the cluster lifecycle operations (update, upgrade, and delete):\n\n- The command-line tool `gkectl`, which you run on your admin workstation in your on-premises data center. You create a [configuration file](/anthos/clusters/docs/on-prem/1.16/how-to/user-cluster-configuration-file) that describes the cluster network, load balancing, and other cluster features. You specify this file on the command line to `gkectl`.\n- The Google Cloud console, Google Cloud CLI, or [Terraform](https://www.terraform.io), which you can run from any computer that has network connectivity to the GKE On-Prem API. These standard tools use the [GKE On-Prem API](/anthos/clusters/docs/on-prem-api/reference/rest), which runs on Google Cloud infrastructure. Collectively, the standard tools are referred to as the *GKE On-Prem API clients*. To manage the lifecycle of your clusters, the GKE On-Prem API must store metadata about your cluster's state in Google Cloud, in the Google Cloud region that you specify when creating the cluster. This metadata lets the API manage the cluster lifecycle and doesn't include workload-specific data.\n\nNo matter which tool you use to create clusters, the information that\nyou gather and provide to the tool, such as the IP addresses\nof cluster node machines and load balancer VIPs, is the same.\n\nThis selection lets you choose the best tool for your use case and\nenvironment. For example:\n\n- For your first installations in a development environment, you might want to use the Google Cloud console because the user interface provides additional guidance and help.\n- If your organization already uses the gcloud CLI or Terraform to manage other Google Cloud resources, you will probably want to use these tools for Google Distributed Cloud as well.\n- If your organization has regulatory requirements or restrictions, you might need to limit your reliance on Google Cloud and use `gkectl` on your admin workstation to create clusters and manage cluster lifecycle.\n\nIf you create a cluster with `gkectl`, it will be enrolled with the\nGKE On-Prem API by default. You can also\n[enroll the cluster](/anthos/clusters/docs/on-prem/1.16/how-to/enroll-cluster) after it is created,\nwhich lets you use the GKE On-Prem API clients.\n\nLimitations with the GKE On-Prem API clients\n--------------------------------------------\n\nThe `gkectl` tool is the most mature as far as features that it supports. We\nrecommend that you review the functionality for the GKE On-Prem API clients when\nmaking a choice. The following list shows the features that are not supported by\nthe GKE On-Prem API clients. Check this list from time to time as the\nGKE On-Prem API clients evolve.\n\n- Creating and upgrading admin clusters\n- Secret management and rotation\n- Certificate rotation\n- Authentication\n- Usage metering\n- Application level logging and monitoring\n- Advanced networking\n- Private registry\n- Seesaw load balancer\n- Windows node pools"]]