Getting support

Google's primary support objective is to resolve production incidents as quickly as possible. We do this by understanding your configuration, analyzing logs and metrics, and collaborating with partners to solve incidents quickly.

Google Cloud offers a variety of support packages to accommodate your support needs. All Google Cloud Support packages include support for GKE Enterprise and GKE on VMware. If you have an existing Google Cloud Support package, then you already have support for GKE Enterprise and GKE on VMware.

For more information, see the Google Cloud Support documentation.

Requirements for GKE on VMware Support

To effectively troubleshoot business-critical incidents, you must:

  1. Check that the environment is current with the published end-of-support timeframes (see Version Support Policy below).
  2. Enable Cloud Logging and Cloud Monitoring for system components (for more details, see the Support tools section).
  3. When you open a support case, provide a configuration snapshot using the gkectl diagnose snapshot command.

Support tools

To troubleshoot a GKE on VMware incident, Google Cloud Support relies on three pieces of information:

  • Your environment's configuration
  • Logs from your admin and user clusters
  • Metrics from your admin and user clusters

Configuration

When you open a support case, you are asked to run the gkectl diagnose snapshot --seed-config command and attach the resulting tarball to the support case. gkectl diagnose snapshot --seed-config captures information about Kubernetes and your nodes.

The tool is highly configurable and includes several predefined scenarios. You can also pass a YAML file with a customized set of information to gather. To learn more, refer to Diagnosing Clusters.

You can add an excludeWords field to your configuration file to omit sensitive or confidential information. Be sure to carefully review the information captured by the tool. Highly confidential or sensitive information should not be attached to your support case.

Logs

When you create a new GKE on VMware cluster, Cloud Logging agents are enabled by default and scoped only to system-level components. This replicates system-level logs into the Google Cloud project associated with the cluster. System-level logs are from Kubernetes pods running in one of five namespaces:

  • kube-system
  • gke-system
  • gke-connect
  • istio-system
  • config-management-system
  • knative-serving

Logs can be queried from the Cloud Logging console.

For more details, see Logging and Monitoring.

Metrics

In addition to logs, metrics are also captured by the Cloud Monitoring agent. This replicates system-level metrics into the Google Cloud project associated with the cluster. System-level metrics are from Kubernetes pods running in the same namespaces listed in Logs.

For more details, see Logging and Monitoring.

Google Cloud CLI and remote cluster access

If you open a support case, Cloud Customer Care may ask you for remote read-only access to your clusters to help diagnose and resolve issues more effectively. For the support team to have sufficient access to troubleshoot your cluster issue remotely:

  • Ensure that you've installed and updated to the latest version of the Google Cloud CLI. The Google Cloud CLI must be at version 401.0.0 or higher to give Cloud Customer Care the needed permissions. We recommend that you update Google Cloud CLI regularly to pick up added permissions and other enhancements. To install the latest components of the gcloud CLI, use the gcloud components update command.

  • Ensure the target cluster is registered and you have the project ID, membership name, and kubeconfig file.

        gkectl list admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG
    
        gkectl list clusters --kubeconfig ADMIN_CLUSTER_KUBECONFIG
    
  • To grant access to the cluster, you run a gcloud CLI command that generates and displays a set of Kubernetes role-based access control (RBAC) policies and applies them to the target cluster. See Review the RBAC policies in advance.

For more information about giving Cloud Customer Care remote read-only access to your clusters, see Google Cloud Support for your registered clusters.

How we troubleshoot your environment

Here is an example of a typical support incident:

  1. Someone—for example, the cluster administrator—opens a support case via Google Cloud console or the Google Cloud Support Center, and selects Anthos and GKE on VMware as Category and Component, respectively. They enter the information required and attach the output of gkectl diagnose snapshot to the case.
  2. The support case is routed to a Technical Support Engineer specializing in GKE on VMware.
  3. The support engineer examines the contents of the snapshot to gain context of the environment.
  4. The support engineer examines the logs and metrics in the Google Cloud project, entering the support case ID as the business justification, which is logged internally.
  5. The support engineer responds to the case with an assessment and recommendation. The support engineer and the user continue troubleshooting until they come to a resolution.

Collaborative Support Partners

Google maintains collaborative support relationships with select partners to deliver a more seamless support experience for GKE on VMware. With these relationships, Google is able to collaborate closely with that partner on behalf of our shared customers.

To benefit from Collaborative Support, you must maintain support agreements with both Google and the partner in question.

Google currently has a collaborative support relationship in place with the partners specified on the Collaborative Support Partners page.

Data about support issues may be shared with Collaborative Support Partners, as described in Google's Technical Support Services Guidelines.

What does Google support?

Generally, the Cloud Support team supports all software components shipped as part of GKE on VMware. The table below details this further:

Google Cloud Support Collaborative Support Not Supported
Kubernetes and the container runtime
VMware vSphere (vCenter Server and ESXi)
VMware products beyond vSphere
Canonical Ubuntu for guest/node OS
F5 BIG-IP load balancers
Customer code (see Developer Support below)
vCenter controller
Hardware and hyper-converged infrastructure solutions as listed in the Collaborative Support Partners page
Customer choice of host OS
F5 controller

Physical server, storage, and network
Calico and related network policies

External DNS, DHCP, and identity systems
Ingress controller

Calico Enterprise Edition


Prometheus and Grafana
Stackdriver Monitoring, Stackdriver Logging, and Stackdriver agents
Identity federation with OIDC compliant providers
Hub, Connect, and the Connect Agent
Cloud Run for Anthos / Knative
Bundled LoadBalancer (Seesaw)

Version Support Policy

Support for GKE on VMware follows the GKE Enterprise Version Support Policy. Starting with GKE Enterprise version 1.14, Google supports each GKE on VMware minor version for 12 months after the initial release of the minor version, or until the release of the third subsequent minor version, whichever is longer.

The following table shows the supported and unsupported versions of this product:

Release version Release date Earliest end of life date
1.28 (latest) December 14, 2023 December 14, 2024
1.16 August 23, 2023 August 23, 2024
1.15 May 2, 2023 May 2, 2024
1.14 (unsupported) December 21, 2022 December 21, 2023
1.13 (unsupported) September 29, 2022 August 17, 2023
1.12 (unsupported) July 7, 2022 March 29, 2023
1.11 (unsupported) April 27, 2022 December 21, 2022
1.10 (unsupported) December 22, 2021 September 22, 2022
1.9 (unsupported) September 29, 2021 June 29, 2022
1.8 (unsupported) June 28, 2021 March 28, 2022
1.7 (unsupported) March 25, 2021 December 25, 2021
1.6 (unsupported) December 10, 2020 September 10, 2021
1.5 (unsupported) September 24, 2020 June 24, 2021
1.4 (unsupported) June 25, 2020 March 25, 2021
1.3 (unsupported) March 23, 2020 December 23, 2020
1.2 (unsupported) December 20, 2019 September 20, 2020
1.1 (unsupported) September 26, 2019 June 26, 2020
1.0 (unsupported) July 25, 2019 April 25, 2020

Supported features

This document lists the features for GKE on VMware for supported releases. The table is not intended to be an exhaustive list, but it highlights some of the benefits of upgrading your clusters to the latest supported version.

Features are listed by their product launch stage, either as Preview or General Availability. Features listed as Preview are covered by the Pre-GA Offerings Terms of the Google Cloud Terms of Service. Preview offerings are intended for use in test environments only and might have limited support. Changes to pre-GA products and features might not be compatible with other pre-GA versions. General Availability features are open to all customers, and are fully supported. For more information, see Product launch stages.

For information about supported Anthos components and their compatibility, see Anthos version and upgrade support.

Feature/capability 1.15 1.16 1.28 (latest)
Regional fleet membership - - GA
Version skew n+2 admin cluster - user cluster - - Preview
Version skew n+2 node pool - user cluster - - Preview
Max surge setting for node pool updates - - Preview
cgroup v2 for nodes - - Preview
DSR mode for Dataplane V2 - Preview GA
BinAuthz for Controlplane V2 user clusters - - GA
Storage vMotion for SPBM clusters - - Preview
User-managed admin workstation - Preview GA
Storage migration tool - Preview Preview
Seesaw to MetalLB migration - Preview GA
Disable bundled ingress - GA GA
Admin cluster prepared credentials - Preview GA
Storage policy for a user cluster Preview GA GA
Storage policy for an admin cluster Preview Preview GA
Node auto repair GA GA GA
High availability admin cluster Preview GA GA
VM-Host affinity Preview GA GA
Generate configuration files from an existing cluster GA GA GA
Managed Service for Prometheus system metrics collection Preview GA GA
Upgrade and rollback of nodepools GA GA GA
Update private registry credentials GA GA GA
Admin cluster backup and restore with gkectl Preview Preview Preview
User cluster nodepool autoscaling GA GA GA
Cluster automatic node resizing GA GA GA
Multiple vSphere cluster support GA GA GA
Multiple vSphere data centers support GA GA GA
OpenID Connect (OIDC) support for authentication to clusters GA GA GA
CA certificate rotation GA GA GA
Workload Identity support GA GA GA
AIS with LDAP authentication support GA GA GA
Always-on secrets encryption without hardware security module (HSM) GA GA GA
Update vCenter CA certificates with gkectl GA GA GA
Egress NAT gateway GA GA GA
Admin cluster fleet registration GA GA GA
Windows node pool support GA GA GA
containerd runtime for Windows node pool GA GA GA
Container-optimized OS node pool support GA GA GA
CoreDNS as the cluster DNS provider GA GA GA
User cluster lifecycle in the Google Cloud console GA GA GA
Admin cluster node creation with Container-optimized OS GA GA GA
Multi-NIC capability for Pods GA GA GA
MetalLB load balancer option GA GA GA
gkectl update admin support for enabling and disabling Cloud Logging and Cloud Monitoring GA GA GA
Windows Dataplane V2 support GA GA GA
Summary API metrics GA GA GA
gkectl update credentials support for updating component access service account key GA GA GA
Prepared credentials for user cluster GA GA GA
Asynchronous upgrade of user cluster GA GA GA
Sequential update of node pools GA GA GA
Create volume snapshot with vSphere CSI driver Preview Preview Preview
Create user cluster with ControlPlaneV2 enabled GA GA GA

Shared Responsibility Model

Running a business-critical production application on GKE on VMware requires multiple parties to carry different responsibilities. These responsibilities are described at GKE Enterprise shared responsibility.

Developer Support

Google doesn't provide support specifically for your application workloads. However, we do provide best-effort developer support to ensure your developers can easily run applications on GKE on VMware. We believe that engaging earlier during development can prevent critical incidents later in the deployment.

This best-effort Developer Support is available to customers with any paid support package and is treated as a P3 priority for an issue blocking a launch, or a P4 priority for general consultation. In this classification, priority level 0 is the highest priority.