Choose a tool to manage cluster lifecycle

Google Distributed Cloud provides you a choice of tools to create clusters and manage the cluster lifecycle operations (update, upgrade, and delete):

  • The command-line tool gkectl, which you run on your admin workstation in your on-premises data center. You create a configuration file that describes the cluster network, load balancing, and other cluster features. You specify this file on the command line to gkectl.
  • The Google Cloud console, Google Cloud CLI, or Terraform, which you can run from any computer that has network connectivity to the GKE On-Prem API. These standard tools use the GKE On-Prem API, which runs on Google Cloud infrastructure. Collectively, the standard tools are referred to as the GKE On-Prem API clients. To manage the lifecycle of your clusters, the GKE On-Prem API must store metadata about your cluster's state in Google Cloud, in the Google Cloud region that you specify when creating the cluster. This metadata lets the API manage the cluster lifecycle and doesn't include workload-specific data.

No matter which tool you use to create clusters, the information that you gather and provide to the tool, such as the IP addresses of cluster node machines and load balancer VIPs, is the same.

This selection lets you choose the best tool for your use case and environment. For example:

  • If you enable advanced cluster, you must use gkectl to create the cluster.
  • For your first installations in a development environment, you might want to use the Google Cloud console because the user interface provides additional guidance and help.
  • If your organization already uses the gcloud CLI or Terraform to manage other Google Cloud resources, you will probably want to use these tools for Google Distributed Cloud as well.
  • If your organization has regulatory requirements or restrictions, you might need to limit your reliance on Google Cloud and use gkectl on your admin workstation to create clusters and manage cluster lifecycle.

If you create a cluster with gkectl, it will be enrolled with the GKE On-Prem API by default. You can also enroll the cluster after it is created, which lets you use the GKE On-Prem API clients.

Limitations with the GKE On-Prem API clients

The gkectl tool is the most mature as far as features that it supports. We recommend that you review the capabilities for the GKE On-Prem API clients when making a choice. The following list shows the features that are not supported by the GKE On-Prem API clients.

  • Secret management and rotation
  • Certificate rotation
  • Authentication
  • Usage metering
  • Application level logging and monitoring
  • Advanced networking
  • Private registry
  • Seesaw load balancer
  • Windows node pools

The following list describes additional limitations with the GKE On-Prem API clients:

  • Only Terraform is supported for creating and upgrading admin clusters.
  • The kind of load balancer for an admin cluster and its user clusters must be the same. The only exception is if the admin cluster uses Seesaw, then the user clusters can use MetalLB. If you want your admin and user clusters to use different kinds of load balancers, you must create the clusters using gkectl.
  • When you create a user cluster using the Google Cloud console, all the vCenter settings are inherited from the admin cluster. If you need a user cluster to have different vCenter settings from its admin cluster, use the gcloud CLI, Terraform, or gkectl to create the user cluster.

Check on these limitations from time to time as the GKE On-Prem API clients evolve.