In Kubernetes Engine, cluster administration refers to how you create, configure, and manage your Kubernetes Engine clusters.
Basic cluster administration tasks, such as bringing up a Kubernetes-powered
cluster, are handled for you by Google Cloud Platform. You perform these tasks
using GCP interfaces, such as gcloud command-line tool, the
Kubernetes Engine API and Google Cloud Platform Console. You also use these interfaces
to control your cluster's structural configuration: the number and type of
nodes in the cluster and how those nodes are upgraded and repaired.
You perform administration tasks relating to your cluster's behavior using the
Kubernetes interfaces: the Kubernetes API and the kubectl command-line
interface. These tasks include networking and security settings, such as network
policy enforcement and role-based access control.
Basic cluster administration
Basic cluster administration tasks are specific to Kubernetes Engine
clusters on Google Cloud Platform and typically do not involve the Kubernetes
system itself; you perform these tasks entirely by using the
GCP Console, the gcloud command-line interface, or the
Kubernetes Engine API.
Cluster-level configuration
They include creating, upgrading, and deleting Kubernetes Engine clusters. You can also control your cluster's maintenance periods, set up cluster-level autoscaling, and enable or disable logging and monitoring for your cluster.
Node configuration
Kubernetes Engine offers a range of node configuration options for your cluster's nodes. For example, you can create one or more node pools; node pools are groups of nodes within your cluster that share a common configuration. Your cluster can consist of a single (default) node pool, or multiple node pools.
You can set other node options on a per-pool basis, including:
Configuring cluster networking
Another aspect of cluster administration is to enable and control various
networking features for your cluster. Most networking features are set at
cluster creation: when you create a cluster using a GCP interface, you must
enable the networking features that you want to use. Some of these features
might require further configuration using Kubernetes interfaces, such as the
kubectl command-line interface.
For example, to enable network policy enforcement
on your Kubernetes Engine cluster, you must first enable the feature using
GCP Console or gcloud command-line tool. Then, you specify
the actual network policy rules using the Kubernetes network policy API or
kubectl command-line interface.
See the following guide for information on the specifics of enabling networking features on Kubernetes Engine clusters:
Configuring cluster security
Kubernetes Engine contains a mix of GCP-specific and Kubernetes security features that you can use with your cluster. You can manage GCP-level security, such as IAM, via GCP interfaces like the GCP Console. You manage intra-cluster security features, such as role-based access control, using Kubernetes APIs and other interfaces.
The following security features are specific to Google Cloud Platform:
Intra-cluster Kubernetes security features you can use on Kubernetes Engine include:
