This document describes how to deploy your applications to Google Kubernetes Engine clusters.
Google Cloud Deploy allows you to deploy your container-based workloads to any Google Kubernetes Engine cluster. All Google Cloud Deploy features are supported when you deploy to GKE targets.
Before you begin
Have one or more GKE clusters to deploy to.
If you don't have any GKE clusters to deploy to, you can create them.
Make sure your execution service account has the roles and permissions it needs.
skaffold.yaml file, the
deploy stanza includes
indicates that Skaffold is rendering for, and deploying to, Kubernetes
(GKE). And the manifests you use for this application are
listed under there.
Create your target configuration
Each target can be configured in your delivery pipeline YAML, or can be in a
separate file. Also, you can configure more than one target in the same file,
but they must be in different
kind: Target stanzas.
In the target definition, create a
gke stanza to point to the
The syntax for specifying a GKE cluster is as follows:
gke: cluster: projects/[project_name]/locations/[location]/clusters/[cluster_name]
This GKE resource identifier uses the following elements:
project_name] is the name of the Google Cloud project in which you're running this cluster.
The cluster you are deploying to does not need to be in the same project as your delivery pipeline.
location] is the region in which the cluster was created.
cluster_name] is the name given to the cluster when it was created.
You can find this name in the list of clusters for your project, in the Google Cloud console.
The following is an example target configuration, pointing to a GKE cluster:
apiVersion: deploy.cloud.google.com/v1 kind: Target metadata: name: dev description: development cluster gke: cluster: projects/my-app/locations/us-central1/clusters/my-app-dev-cluster
Create your Skaffold configuration
This section provides and explains an example of a simple Skaffold configuration to use when deploying to a GKE cluster.
The following is an example
skaffold.yaml file for deployment to a
apiVersion: skaffold/v3alpha1 kind: Config metadata: name: gke-application deploy: kubectl: manifests: - [MANIFEST]
Using Skaffold with Google Cloud Deploy describes in more detail how to use Skaffold with your delivery pipeline.
Prepare your Kubernetes manifests
To deploy your application to GKE, you provide Google Cloud Deploy with one or more Kubernetes manifests, which are rendered and then applied to the target cluster or clusters to deploy your application.
If you don't have those manifests, create them before you try to deploy using a Google Cloud Deploy delivery pipeline.
You can use Kustomize or Helm to help you create manifests. You can also use Kustomize or Helm if your manifests are templated and need to be rendered.
Putting it all together
Now that you have your Kubernetes manifests, your
and your Google Cloud Deploy target definitions, and you've
registered your targets
as Google Cloud Deploy resources, you can now
invoke your delivery pipeline
to create a release and progress it through the progression of targets defined
in the pipeline.
Deploy to a private cluster
You can deploy your application to a private GKE cluster, using either of two options:
Use a Virtual Private Cloud network
You can configure a target to deploy to a private GKE cluster connected to a Virtual Private Cloud network:
A private cluster is a VPC-native cluster whose nodes and Pods are isolated by default from the public internet.
If you plan to use the internal IP of the private cluster target, then set
gkein the target configuration.
In Cloud Build, create a private worker pool that you can use to deploy to this private cluster.
Configure the execution environment to use that private pool.
You must use this pool for
RENDER. You can also use it for
VERIFY. Here's an example that uses
executionConfigs: - usages: - RENDER - DEPLOY workerPool: "projects/p123/locations/us-central1/workerPools/wp123"
See Accessing private GKE clusters with Cloud Build private pools for more information.
Project and permissions considerations
You can configure a target to use a private worker pool that can deploy to a private cluster. But there are some things to note if resources are in different projects.
- When Google Cloud Deploy and the worker pool are in separate projects
To communicate with a private pool that has access to a VPC and that's in a different project from your target, the Google Cloud Deploy service agent needs sufficient permissions to talk to that project.
The execution service account also needs permissions to access the Cloud Storage bucket.
- When the worker pool and the cluster are in separate projects
If the private GKE cluster is in a different project from the private worker pool, the execution service account requires sufficient permissions to talk to the project the cluster is in.
Use Anthos targets and connect gateway
You can configure a target to deploy to a private GKE cluster using Anthos targets and connect gateway.
This approach does not require that you use a Virtual Private Cloud or virtual private network connections.
Invoke your delivery pipeline to create a release
Learn more about configuring Google Cloud Deploy targets
Learn more about using Skaffold with Google Cloud Deploy
Learn about Google Cloud Deploy execution environments.
Learn more about GKE