GKE Enterprise shared responsibility

Running a business-critical application on GKE Enterprise requires multiple parties to carry different responsibilities. While not an exhaustive list, this topic lists the roles and responsibilities for each GKE clusters product for both Google and the customer.

GKE on Google Cloud

Google's responsibilities

Customer's responsibilities

  • Maintain your workloads, including your application code, build files, container images, data, Role-based access control (RBAC)/IAM policy, and containers and pods that you are running.
  • Enroll clusters in auto-upgrade (default) or upgrade clusters to supported versions.
  • Monitor the cluster and applications and respond to any alerts and incidents using technologies such as the security posture dashboard and Google Cloud Observability.
  • Provide Google with environmental details when requested for troubleshooting purposes.

GKE on VMware

Google's responsibilities

  • Maintain and distribute the GKE on VMware software package including Kubernetes, vCenter and F5 controllers, Ingress controller, Connect, Logging, and Monitoring agents, and the gkectl command line tool.

  • Maintain and distribute the Ubuntu admin workstation and node machine images including regular patching and security fixes.

  • Continually scan components with the Artifact Analysis API and patch known vulnerabilities.

  • Notify users of available upgrades for GKE on VMware, and producing upgrade scripts for the previous version; GKE on VMware supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4).

  • Provide Google Cloud integrations for Connect and Google Cloud Observability.

  • Troubleshoot, provide workarounds, and correct the root cause of any issues related to Google-provided components.

Customer's responsibilities

  • Overall system administration for on-premises clusters.

  • Maintain your workloads, including your application code, build files, container images, data, Role-based access control (RBAC)/IAM policy, and containers and pods that you are running.

  • Operate, maintain, and patch infrastructure, including networks, servers, storage, and connectivity to Google Cloud.

  • Operate, maintain, and patch vSphere and network load balancers.

  • Maintain support contracts with VMware and F5 (if deployed).

  • Upgrade GKE on VMware to a supported version on a regular basis.

  • Deploy and test your workloads on updated node machine images. Deploy and test updated admin workstation images in your environment. Raise concerns to Google through Cloud Customer Care.

  • Monitor clusters and applications and respond to any incidents.

  • Ensure Logging and Monitoring agents are deployed to clusters. Without logs, support is available on a best-effort basis.

  • Provide Google with environmental details (for example, network configuration) when requested for troubleshooting purposes.

GKE on Bare Metal

Google's responsibilities

  • Maintain and distribute the GKE on Bare Metal software package including Kubernetes, Ingress controller, Connect and Logging and Monitoring agents, and the bmctl command line tool.

  • Continually scan components with the Artifact Analysis API and patch known vulnerabilities.

  • Notify users of available upgrades for GKE on Bare Metal, and produce upgrade instructions for the previous version; GKE on Bare Metal supports sequential upgrades between minor versions and patch releases (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4).

  • Provide Google Cloud integrations for Connect and Google Cloud Observability.

  • Troubleshoot, provide workarounds, and correct the root cause of any issues related to Google-provided components.

Customer's responsibilities

  • Provide overall system administration for clusters.

  • Maintain your workloads, including your application code, build files, container images, data, RBAC/IAM policy, and containers and pods that you are running.

  • Operate, maintain, and patch infrastructure, including networks, servers, storage, and connectivity to Google Cloud.

  • Maintain support contracts with vendors.

  • Upgrade GKE on Bare Metal to a supported version on a regular basis.

  • Deploy and test your workloads on updated node machine images. Deploy and test updated Admin workstation images in your environment. Raise concerns to Google through Cloud Customer Care.

  • Monitor clusters and applications and respond to any incidents.

  • Ensure Logging and Monitoring agents are deployed to clusters. Without logs, support is available on a best-effort basis.

  • Provide Google with environmental details (for example, network configuration) when requested for troubleshooting purposes.

GKE on AWS (multi-cloud)

Google's responsibilities

  • Maintain and distribute the GKE on AWS software package including Kubernetes, base images, the AWS integration features, the Ingress controller, the Connect agent, and the anthos-gke command line tool.

  • Continually scan components with the Artifact Analysis API and patch known vulnerabilities.

  • Maintain and distribute the management service, control plane, and node pool machine images, including regular patching and security fixes.

  • Notify users of available upgrades for GKE on AWS, and produce upgrade instructions for the previous version. GKE on AWS supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4).

  • Provide Google Cloud integrations for Connect and Google Cloud Observability.

  • Troubleshoot, provide workarounds, and correct the root cause of any issues related to Google-provided components.

Customer's responsibilities

  • Provide overall system administration for GKE on AWS clusters. For example, configuring them to work within the corporate VPC environment.

  • Maintain your workloads, including your application code, build files, container images, data, RBAC/IAM policy, and containers and pods that you are running.

  • Operate and maintain the AWS environment, including networking configuration, and connectivity to Google Cloud.

  • Maintain support contracts with AWS.

  • Upgrade GKE on AWS to a supported version on a regular basis.

  • Monitor clusters and applications and respond to any incidents.

  • Ensure Logging and Monitoring agents are deployed to clusters. Without logs, support is available on a best-effort basis.

  • Provide Google with environmental details (for example, AWS VPC configuration) when requested for troubleshooting purposes.

GKE on Azure

Google's responsibilities

  • Maintain and distribute the GKE on Azure software package including Kubernetes, base images, Azure integrations, the Ingress controller, the Connect agent, and the Google Cloud CLI.

  • Continually scan components with the Artifact Analysis API and patch known vulnerabilities.

  • Maintain and distribute the management service, control plane, and node pool machine images, including regular patching and security fixes.

  • Notify users of available upgrades for GKE on Azure, and produce upgrade instructions for the previous version. GKE on Azure supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4).

  • Provide Google Cloud integrations for Connect and Google Cloud Observability.

  • Troubleshoot, provide workarounds, and correct the root cause of any issues related to Google-provided components.

Customer's responsibilities

  • Provide overall system administration for GKE on Azure clusters. For example, configuring them to work within the corporate VPC environment.

  • Maintain your workloads, including your application code, build files, container images, data, RBAC/IAM policy, and containers and pods that you are running.

  • Operate and maintain the Azure environment, including networking configuration, and connectivity to Google Cloud.

  • Maintain support contracts with Azure.

  • Upgrade GKE on Azure to a supported version on a regular basis.

  • Monitor clusters and applications and respond to any incidents.

  • Ensure Logging and Monitoring agents are deployed to clusters. Without logs, support is available on a best-effort basis.

  • Provide Google with environmental details (for example, Azure VNet configuration) when requested for troubleshooting purposes.

GKE Enterprise attached clusters

Google's responsibilities

  • Provide a list of supported Kubernetes distributions and versions.

  • Notify users of available upgrades for GKE Enterprise components, and produce upgrade instructions for the previous version. GKE Enterprise supports sequential upgrades only (1.2 → 1.3 → 1.4 only and not 1.2 → 1.4).

  • Provide Google Cloud integrations for Connect and Google Cloud Observability.

  • Troubleshooting, providing workarounds, and correcting the root cause of any issues related to Google-provided components.

Customer's responsibilities

  • Provide a modern Kubernetes platform that meets Google's specifications. The platform includes, but is not limited to: hardware, OS, Kubernetes API server, VPC configuration, and other attributes.

  • Maintain your workloads, including your application code, build files, container images, data, RBAC/IAM policy, and containers and pods that you are running.

  • Operate, maintain, and patch infrastructure, including networks, servers, storage, and connectivity to Google Cloud.

  • Operate, maintain, and patch any infrastructure needed to run cluster.

  • Maintain support contracts with third-parties. For example: networking, container orchestration, computing resource, and storage vendors.

  • Upgrade Kubernetes to a supported version on a regular basis.

  • Monitor clusters and applications and respond to any incidents.

  • Keep your clusters connected to Google services.

  • Provide Google with environmental details (for example, network configuration) when requested for troubleshooting purposes.

What's next