Overview of Cluster Administration

In Google Kubernetes Engine, cluster administration refers to how you create, configure, and manage your GKE clusters.

Basic cluster administration tasks, such as bringing up a Kubernetes-powered cluster, are handled for you by Google Cloud Platform. You perform these tasks using GCP interfaces, such as gcloud command-line tool, the GKE API and Google Cloud Platform Console. You also use these interfaces to control your cluster's structural configuration: the number and type of nodes in the cluster and how those nodes are upgraded and repaired.

You perform administration tasks relating to your cluster's behavior using the Kubernetes interfaces: the Kubernetes API and the kubectl command-line interface. These tasks include networking and security settings, such as network policy enforcement and role-based access control.

Basic cluster administration

Basic cluster administration tasks are specific to GKE clusters on Google Cloud Platform and typically do not involve the Kubernetes system itself; you perform these tasks entirely by using the GCP Console, the gcloud command-line interface, or the GKE API.

Cluster-level configuration

They include creating, upgrading, and deleting GKE clusters. You can also control your cluster's maintenance periods, set up cluster-level autoscaling, and enable or disable logging and monitoring for your cluster.

Node configuration

GKE offers a range of node configuration options for your cluster's nodes. For example, you can create one or more node pools; node pools are groups of nodes within your cluster that share a common configuration. Your cluster can consist of a single (default) node pool, or multiple node pools.

You can set other node options on a per-pool basis, including:

Configuring cluster networking

Another aspect of cluster administration is to enable and control various networking features for your cluster. Most networking features are set at cluster creation: when you create a cluster using a GCP interface, you must enable the networking features that you want to use. Some of these features might require further configuration using Kubernetes interfaces, such as the kubectl command-line interface.

For example, to enable network policy enforcement on your GKE cluster, you must first enable the feature using GCP Console or gcloud command-line tool. Then, you specify the actual network policy rules using the Kubernetes network policy API or kubectl command-line interface.

See the following guide for information on the specifics of enabling networking features on GKE clusters:

Configuring cluster security

GKE contains a mix of GCP-specific and Kubernetes security features that you can use with your cluster. You can manage GCP-level security, such as IAM, via GCP interfaces like the GCP Console. You manage intra-cluster security features, such as role-based access control, using Kubernetes APIs and other interfaces.

The following security features are specific to Google Cloud Platform:

Intra-cluster Kubernetes security features you can use on GKE include:

Was this page helpful? Let us know how we did:

Send feedback about...

Kubernetes Engine