This page shows you how to create a Google Kubernetes Engine (GKE) alpha cluster, which is a cluster with Kubernetes alpha features enabled in GKE. You can also read more about cluster configuration choices and about cluster architecture.
Before you begin
Before you start, make sure you have performed the following tasks:
- Enable the Google Kubernetes Engine API. Enable Google Kubernetes Engine API
- If you want to use the Google Cloud CLI for this task,
install and then
initialize the
gcloud CLI. If you previously installed the gcloud CLI, get the latest
version by running
gcloud components update
.
- Ensure you have the correct permission to create clusters. At minimum, you should be a Kubernetes Engine Cluster Admin.
- Ensure that you're already familiar with the limitations of alpha clusters.
Set up IAM service accounts for GKE
GKE uses IAM service accounts that are attached to your nodes to
run system tasks like logging and monitoring. At a minimum, these node service accounts
must have the
Kubernetes Engine Default Node Service Account
(roles/container.defaultNodeServiceAccount
) role on your project. By default,
GKE uses the
Compute Engine default service account,
which is automatically created in your project, as the node service account.
To grant the roles/container.defaultNodeServiceAccount
role to the
Compute Engine default service account, complete the following steps:
console
- Go to the Welcome page:
- In the Project number field, click Copy to clipboard.
- Go to the IAM page:
- Click Grant access.
- In the New principals field, specify the following value:
ReplacePROJECT_NUMBER-compute@developer.gserviceaccount.com
PROJECT_NUMBER
with the project number that you copied. - In the Select a role menu, select the Kubernetes Engine Default Node Service Account role.
- Click Save.
gcloud
- Find your Google Cloud project number:
gcloud projects describe PROJECT_ID \ --format="value(projectNumber)"
Replace
PROJECT_ID
with your project ID.The output is similar to the following:
12345678901
- Grant the
roles/container.defaultNodeServiceAccount
role to the Compute Engine default service account:gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \ --role="roles/container.defaultNodeServiceAccount"
Replace
PROJECT_NUMBER
with the project number from the previous step.
Create an alpha cluster
You can create an alpha cluster by using the gcloud CLI or the Google Cloud console.
gcloud
Run the following command:
gcloud container clusters create CLUSTER_NAME \
--enable-kubernetes-alpha \
--no-enable-autorepair \
--no-enable-autoupgrade \
--region COMPUTE_REGION
Replace the following:
CLUSTER_NAME
: the name you choose for the cluster.COMPUTE_REGION
: the Compute Engine region for the cluster. For zonal clusters, use the--zone COMPUTE_ZONE
option.--cluster-version VERSION
: (optional) specifies the GKE version to run in the cluster. If omitted, the cluster runs the current default version documented in Versioning and upgrades.
We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
To specify a custom service account in the gcloud CLI, add the following flag to your command:
--service-account=SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com
Replace SERVICE_ACCOUNT_NAME with the name of your minimally-privileged service account.
You are prompted to acknowledge a warning that the alpha cluster is not upgraded and is deleted after 30 days:
This will create a cluster with all Kubernetes Alpha features enabled.
- This cluster will not be covered by the GKE SLA and should
not be used for production workloads.
- You will not be able to upgrade the master or nodes.
- The cluster will be deleted after 30 days.
Console
Go to the Google Kubernetes Engine page in the Google Cloud console.
Click add_box Create.
In the Cluster basics section, complete the following:
- Enter the Name for your cluster.
- For the Location type, select Zonal, and then select the zone for your cluster.
- If you are creating a multi-zonal cluster, select the Specify default node locations checkbox, and then choose additional zones in which you'd like the node pools to run.
From the Release channel drop-down list, select No channel.
Optional: Specify a control plane version from the Version drop-down list.
Optional (available with GKE Enterprise): If you want to register your new cluster to a fleet, go to the Fleet registration section, and follow the Google Cloud console instructions for Create and register a new cluster to complete your cluster registration.
From the navigation pane, under Node Pools, click default-pool.
In the Node pool details section, complete the following:
- Enter a Name for the default Node pool.
- Optional: Choose the Node version.
- Enter the Number of nodes to create in the cluster. You must have available resource quota for the nodes and their resources (such as firewall routes).
- Optional: You can choose to disable node auto-upgrades, however we recommend that you review the considerations before disabling node auto-upgrades before choosing this option.
- Clear Enable auto-upgrade and Enable auto-repair.
From the navigation pane, under Node Pools, click Nodes.
From the Image type drop-down list, select the node image.
Choose the default Machine configuration to use for the instances. Each machine type is billed differently. The default machine type is
e2-medium
. For machine type pricing information, refer to the machine type price sheet.From the Boot disk type drop-down list, select the disk type.
Enter the Boot disk size.
Optional: From the navigation pane, under Node Pools, click Security.
- Optionally, specify a custom IAM service account for your nodes:
- In the Advanced settings page, expand the Security section.
- In the Service account menu, select your preferred service account.
We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
From the navigation pane, under Cluster, click Features.
Click Enable Kubernetes alpha features in this cluster.
Read and acknowledge the warning by selecting I understand the consequences.
Click Create.
Interact with a cluster using kubectl
After you create a cluster, you need to
configure kubectl
before you can interact with the cluster from the command line.
Check when an alpha cluster expires
To check when alpha clusters expire, run the following command:
gcloud container clusters list
What's next
- Learn more about the types of clusters you can create.
- Learn about managing your clusters.
- Learn how to delete clusters.