Cluster administration overview

In Google Kubernetes Engine, cluster administration refers to how you create, configure, and manage your GKE clusters.

Basic cluster administration tasks, such as bringing up a Kubernetes-powered cluster, are handled for you by Google Cloud Platform. You perform these tasks using GCP interfaces, such as gcloud command-line tool, the GKE API and Google Cloud Platform Console. You also use these interfaces to control your cluster's structural configuration: the number and type of nodes in the cluster and how those nodes are upgraded and repaired.

You perform administration tasks relating to your cluster's behavior using the Kubernetes interfaces: the Kubernetes API and the kubectl command-line interface. These tasks include networking and security settings, such as network policy enforcement and role-based access control.

Basic cluster administration

Basic cluster administration tasks are specific to GKE clusters on Google Cloud Platform and typically do not involve the Kubernetes system itself; you perform these tasks entirely by using the GCP Console, the gcloud command-line interface, or the GKE API.

Cluster-level configuration

They include creating, upgrading, and deleting GKE clusters. You can also control your cluster's maintenance periods, set up cluster-level autoscaling, and enable or disable logging and monitoring for your cluster.

Node configuration

GKE offers a range of node configuration options for your cluster's nodes. For example, you can create one or more node pools; node pools are groups of nodes within your cluster that share a common configuration. Your cluster can consist of a single (default) node pool, or multiple node pools.

You can set other node options on a per-pool basis, including:

Configuring cluster networking

Another aspect of cluster administration is to enable and control various networking features for your cluster. Most networking features are set at cluster creation: when you create a cluster using a GCP interface, you must enable the networking features that you want to use. Some of these features might require further configuration using Kubernetes interfaces, such as the kubectl command-line interface.

For example, to enable network policy enforcement on your GKE cluster, you must first enable the feature using GCP Console or gcloud command-line tool. Then, you specify the actual network policy rules using the Kubernetes network policy API or kubectl command-line interface.

See the following guide for information on the specifics of enabling networking features on GKE clusters:

Configuring cluster security

GKE contains a mix of GCP-specific and Kubernetes security features that you can use with your cluster. You can manage GCP-level security, such as IAM, via GCP interfaces like the GCP Console. You manage intra-cluster security features, such as role-based access control, using Kubernetes APIs and other interfaces.

The following security features are specific to Google Cloud Platform:

Intra-cluster Kubernetes security features you can use on GKE include:

Role-based access control

Was this page helpful? Let us know how we did:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated February 14, 2019.