This page shows you how to use Pub/Sub to receive notifications about your Google Kubernetes Engine (GKE) clusters.
GKE, by default, routes these notifications to Cloud Logging. You can use all the capabilities of Cloud Logging, including querying and viewing logs, and configuring log-based alerting policies. To find these logs in Cloud Logging, see Viewing cluster notifications in Cloud Logging.
Overview
When certain events occur that are relevant to your GKE clusters, such as important scheduled upgrades or available security bulletins, GKE publishes notifications about those events as messages to Pub/Sub topics that you configure. You can receive these notifications on a Pub/Sub subscription, integrate with third-party services, and filter for the notification types you want to receive.
To learn more about the benefits of cluster notifications, how notifications work, and why filtering is important, refer to Cluster notifications. You can configure cluster notifications in new and existing Standard clusters, and by updating existing Autopilot clusters.
Before you begin
Before you start, make sure you have performed the following tasks:
- Enable the Google Kubernetes Engine API. Enable Google Kubernetes Engine API
- If you want to use the Google Cloud CLI for this task,
install and then
initialize the
gcloud CLI. If you previously installed the gcloud CLI, get the latest
version by running
gcloud components update.
- Create a Pub/Sub topic. You can create a topic in your cluster's project, or a different project in your organization.
Permissions for cross-project cluster notifications
To use a Pub/Sub topic from a different project than your cluster,
grant the following roles from your topic project to the
service-PROJECT_NUMBER@container-enginer-robot.iam.gserviceaccount.com
service account in your cluster project:
Enable cluster notifications on a new cluster
You can enable GKE cluster notifications on a new Standard cluster using the Google Cloud CLI or the Google Cloud console. To enable notification on Autopilot clusters, you must first create an Autopilot cluster and then update the cluster to use cluster notifications.
You can choose to create one topic for all clusters, or create multiple topics for groups of clusters.
gcloud
To enable cluster notifications on a new cluster, run the following command:
gcloud container clusters create CLUSTER_NAME \
--location=CONTROL_PLANE_LOCATION \
--notification-config=pubsub=ENABLED,pubsub-topic=projects/TOPIC_PROJECT_ID/topics/TOPIC_NAME,filter=NOTIFICATION_TYPE
Replace the following:
CLUSTER_NAME: the name of your new cluster.CONTROL_PLANE_LOCATION: the Compute Engine location of the control plane of your cluster. Provide a region for regional clusters, or a zone for zonal clusters.TOPIC_PROJECT_ID: the Google Cloud project ID of the project of your Pub/Sub topic. If your topic project is different from your cluster project, ensure that you've granted the required permissions. For more information, see Permissions for cross-project cluster notifications.TOPIC_NAME: the name of your Pub/Sub topic.NOTIFICATION_TYPE: a pipe (|) delimited list of the notification types you want to receive. For example,filter="UpgradeEvent|SecurityBulletinEvent"only sendsUpgradeEventandSecurityBulletinEventnotifications, ignoring all other types.
Console
To enable cluster notifications on a new Standard cluster, perform the following:
Go to the Google Kubernetes Engine page in the Google Cloud console.
Click add_box Create.
On the Create cluster dialog, next to GKE Standard, click Configure.
In the navigation pane, in the Cluster section, click Automation.
Select the Enable notifications checkbox.
From the drop-down list, select the Pub/Sub topic you created.
To filter notifications, select the Filter notification types checkbox, and then select the notification types you want to receive.
Continue to configure the cluster.
Click Create.
After enabling notifications, choose the type of subscription for your topic.
Enable cluster notifications on an existing cluster
You can enable GKE cluster notifications on an existing cluster using the Google Cloud CLI or the Google Cloud console.
You can choose to create one topic for all clusters, or create multiple topics for groups of clusters.
gcloud
To enable cluster notifications on an existing cluster, run the following command:
gcloud container clusters update CLUSTER_NAME \
--location=CONTROL_PLANE_LOCATION \
--notification-config=pubsub=ENABLED,pubsub-topic=projects/TOPIC_PROJECT_ID/topics/TOPIC_NAME,filter=NOTIFICATION_TYPE
Replace the following:
CLUSTER_NAME: the name of your cluster.CONTROL_PLANE_LOCATION: the Compute Engine location of the control plane of your cluster. Provide a region for regional clusters, or a zone for zonal clusters.TOPIC_PROJECT_ID: the Google Cloud project ID of the project of your Pub/Sub topic. If your topic project is different from your cluster project, ensure that you've granted the required permissions. For more information, see Permissions for cross-project cluster notifications.TOPIC_NAME: the name of your Pub/Sub topic.NOTIFICATION_TYPE: a pipe (|) delimited list of the notification types you want to receive. For example,filter="UpgradeEvent|SecurityBulletinEvent"only sendsUpgradeEventandSecurityBulletinEventnotifications, ignoring all other types.
Console
To enable cluster notifications on an existing cluster, perform the following:
Go to the Google Kubernetes Engine page in the Google Cloud console.
Click the name of the cluster you want to modify.
In the Automation section, next to Notifications, click Edit notifications.
In the Edit notifications dialog, select the Enable notifications checkbox.
From the drop-down list, select the Pub/Sub topic you created.
To filter notifications, select the Filter notification types checkbox, and then select the notification types you want to receive.
Click Save changes.
After enabling notifications, choose the type of subscription for your topic.
Filter cluster notifications
You can filter notifications by notification type to ensure that you receive notifications that you want.
You can choose to filter notifications using the following methods:
- GKE: Specify values for
filterin the--notification-configflag, as shown in the previous examples for enabling cluster notifications. - Pub/Sub: Configure your Pub/Sub subscription to filter messages when you create a subscription.
Modify existing filters in GKE
To modify your existing GKE cluster notification filters, follow the
instructions in Enable notifications on an existing cluster
and specify the new notification types to filter in the gcloud command
or select the new types in the Google Cloud console.
Disable filters in GKE
You can disable your GKE notification filters and receive all notification types applicable to your cluster using the gcloud CLI or the Google Cloud console.
gcloud
To disable filters using the gcloud CLI, run the following command:
gcloud container clusters update CLUSTER_NAME \
--location=CONTROL_PLANE_LOCATION \
--notification-config=pubsub=ENABLED,pubsub-topic=projects/TOPIC_PROJECT_ID/topics/TOPIC_NAME
Console
To disable filters using the Google Cloud console, perform the following:
Go to the Google Kubernetes Engine page in the Google Cloud console.
Click the name of the cluster you want to modify.
In the Automation section, next to Notifications, click Edit notifications.
In the Edit notifications dialog, clear the Filter notification types checkbox.
Click Save changes.
Verify setup for cluster notifications
On Autopilot mode, you can verify cluster notifications as follows:
- Start a control plane upgrade.
- Wait for GKE to automatically upgrade your nodes to the new version. The time taken might vary based on configured maintenance windows and exclusions.
- After GKE upgrades your nodes, check your Pub/Sub subscription.
On Standard mode, you can verify cluster notifications as follows:
Upgrade a specific node pool to a new version. If you don't want to change the GKE version on your nodes, you can upgrade to the same version currently on the nodes.
After GKE upgrades your nodes, check your Pub/Sub subscription.
You can only manually verify setup for the UpgradeEvent notification type. If
your filters are configured to ignore this type, you won't see a message.
Disable cluster notifications
You can disable cluster notifications using the gcloud CLI or the Google Cloud console.
gcloud
To disable notifications using the gcloud CLI, run the following command:
gcloud container clusters update CLUSTER_NAME \
--location=CONTROL_PLANE_LOCATION \
--notification-config=pubsub=DISABLED
Console
To disable notifications using the Google Cloud console, perform the following:
Go to the Google Kubernetes Engine page in the Google Cloud console.
Click the name of the cluster you want to modify.
In the Automation section, next to Notifications, click Edit notifications.
In the Edit notifications dialog, clear the Enable notifications checkbox.
Click Save changes.
Optionally, delete the Pub/Sub topic you created for notifications.
What's next
- Learn more about cluster notifications.
- Learn about configuring Pub/Sub notifications.
- Learn how to configure cluster notifications for third-party services.