This page explains how to create a Google Kubernetes Engine (GKE) cluster in Autopilot mode. The Autopilot mode of operation is a hands-off Kubernetes experience that lets you focus on your services and applications, while Google takes care of node management and infrastructure. You can schedule your Pods without having to plan your node usage. After you create an Autopilot cluster, you can deploy your workload and scale your application as needed. GKE provisions, configures, and manages the resources and hardware to run your workload.
Before you begin
Before you start, make sure you have performed the following tasks:
- Ensure that you have enabled the Google Kubernetes Engine API. Enable Google Kubernetes Engine API
- Ensure that you have installed the Cloud SDK.
Set up default gcloud
settings using one of the following methods:
- Using
gcloud init
, if you want to be walked through setting defaults. - Using
gcloud config
, to individually set your project ID, zone, and region.
Using gcloud init
If you receive the error One of [--zone, --region] must be supplied: Please specify
location
, complete this section.
-
Run
gcloud init
and follow the directions:gcloud init
If you are using SSH on a remote server, use the
--console-only
flag to prevent the command from launching a browser:gcloud init --console-only
-
Follow the instructions to authorize
gcloud
to use your Google Cloud account. - Create a new configuration or select an existing one.
- Choose a Google Cloud project.
- Choose a default Compute Engine zone for zonal clusters or a region for regional or Autopilot clusters.
Using gcloud config
- Set your default project ID:
gcloud config set project PROJECT_ID
- If you are working with zonal clusters, set your default compute zone:
gcloud config set compute/zone COMPUTE_ZONE
- If you are working with Autopilot or regional clusters, set your default compute region:
gcloud config set compute/region COMPUTE_REGION
- Update
gcloud
to the latest version:gcloud components update
Create an Autopilot cluster
You can create an Autopilot cluster by using the gcloud
command-line tool or
the Google Cloud Console.
gcloud
To create a public Autopilot cluster using the gcloud
command-line tool,
run the following command:
gcloud container clusters create-auto CLUSTER_NAME \
--region REGION \
--project=PROJECT_ID
Replace the following:
CLUSTER_NAME
: the name of your new Autopilot cluster.REGION
: the region for your cluster, such asus-central1
.PROJECT_ID
: your project ID.
You can specify additional options when creating your Autopilot cluster, for example the name of your network or specifying a private cluster.
--network
specifies the network that your cluster connects to.--subnetwork
specifies the subnetwork that your cluster connects to.--enable-master-authorized-network
specifies that access to the public endpoint is restricted to IP address ranges that you authorize.--master-authorized-networks
specifies the address for the group of machines authorized to access the public endpoint.--cluster-ipv4-cidr
specifies the Pod address range.--services-ipv4-cidr
specifies the Service address range.--enable-private-nodes
creates a private cluster with no external IP addresses.--master-ipv4-cidr
specifies an internal address range for the control plane (for private clusters).--enable-private-endpoint
indicates that the cluster is managed using the private IP address of the control plane API endpoint (for private clusters).
For the full list of options, run the following command:
gcloud container clusters create-auto --help
Console
To create an Autopilot cluster with the Google Cloud Console, perform the following tasks:
Visit the Google Kubernetes Engine menu in Cloud Console.
Click add_box Create.
In the Autopilot section, click Configure.
Enter the Name for your cluster.
Select a region for your cluster.
Choose a public or private cluster.
(Optional) Expand Networking Options to specify network settings:
- If you choose a private cluster:
- To create a control plane that is accessible from authorized external IP addresses, select the Access control plane using its external IP address checkbox. Clear this checkbox to disable public endpoint access.
- (Optional) Set the Control plane IP range, for example
172.16.0.0/28
.
- If you want to create a cluster with limited access to the public
endpoint, select the Enable control plane authorized networks
checkbox.
- Click Add Authorized Network to grant access to a specific set of addresses that you designate.
- For Name, enter the desired name for the network.
- For Network, enter a CIDR range that you want to grant allowed access to your cluster control plane.
- Click Done. Add additional authorized networks as needed.
- Enter a Network and Node subnet, or accept the
default
setting. This option generates a subnet for your cluster. - In the Pod address range field, enter a pod range, mask, or
accept the defaults (example:
10.0.0.0/14
). - In the Service address range field, enter a service range pod
range, mask, or accept the defaults (example:
10.4.0.0/19
).
- If you choose a private cluster:
(Optional) Expand Advanced options to specify more settings:
- Select a release channel for the control plane.
- Click Enable Maintenance Window
to control when automatic cluster maintenance occurs on your clusters.
- Click Add maintenance exclusion. For weekly maintenance, select the start time and length, and then select the days of the week that the maintenance window occurs on. Switch to the custom editor to edit the rule directly,
- In the Metadata field, enter a description of your cluster.
- Click Add label to add key-value pairs to help organize your clusters.
Click Create.
Enabling outbound internet access on private clusters with Cloud NAT
By default, Autopilot clusters are public. If you created a private Autopilot cluster, these nodes do not have external IP addresses. To make outbound internet connections from your cluster, for example pulling images from DockerHub, you must configure Cloud NAT. Cloud NAT lets private clusters send outbound packets to the internet and receive any corresponding established inbound response packets. Perform the following tasks to create a NAT configuration on a Cloud Router.
gcloud
To NAT your cluster using the gcloud
command-line tool, run the following commands:
Create a Cloud Router :
gcloud compute routers create NAT_ROUTER \ --network NETWORK \ --region REGION \ --project=PROJECT_ID
Replace the following:
NAT_ROUTER
: the name of your Cloud Router.NETWORK
: the network name that you want to create the Cloud Router for. For example, if you want to NAT your default network, use thedefault
network name when creating the router.REGION
: the region for your cluster, such asus-central1
.PROJECT_ID
: your project ID.
Add a configuration to the router. This configuration allows all instances in the region to use Cloud NAT for all primary and alias IP ranges. It also automatically allocates the external IP addresses for the NAT gateway. For more options, see the gcloud command-line interface documentation.:
gcloud compute routers nats create NAT_CONFIG \ --region REGION \ --router NAT_ROUTER \ --nat-all-subnet-ip-ranges \ --auto-allocate-nat-external-ips \ --project=PROJECT_ID
Replace the following:
NAT_CONFIG
: the name of your NAT configuration.REGION
: the region for your cluster, such asus-central1
.NAT_ROUTER
: the name of your Cloud Router.PROJECT_ID
: your project ID.
Console
In the Google Cloud Console, go to the Cloud NAT page.
Click Get started or Create NAT gateway.
Enter a Gateway name.
Choose a VPC network.
Set the Region for the NAT gateway.
Select or create a Cloud Router in the region.
Click Create.
Connecting to the cluster
After creating your cluster, you need to get authentication credentials to connect to the cluster.
gcloud
gcloud container clusters get-credentials CLUSTER_NAME \
--region REGION \
--project=PROJECT_ID
Replace the following:
CLUSTER_NAME
: the name of your new Autopilot cluster.REGION
: the region for your cluster, such asus-central1
.PROJECT_ID
: your project ID.
This command configures kubectl
to use the cluster you created.
Console
In the cluster list, beside the cluster that you want to connect to, click more_vert Actions, and then click Connect.
Click Run in Cloud Shell when prompted. The generated command is copied into your Cloud Shell, for example:
gcloud container clusters get-credentials autopilot-cluster --region us-east1 --project autopilot-test
Press Enter to run the command.
Verifying the cluster mode
You can verify that your cluster is an Autopilot cluster by using the
gcloud
command-line tool or the Google Cloud Console.
gcloud
To verify that your cluster is created in Autopilot mode, run the following command:
gcloud container clusters describe CLUSTER_NAME \
--region REGION
Replace the following:
CLUSTER_NAME
: the name of your Autopilot cluster.REGION
: the region for your cluster, such asus-central1
.
The output of the command contains the following:
autopilot:
enabled: true
Console
To verify that your cluster is created in Autopilot mode:
Visit the Google Kubernetes Engine menu in Cloud Console.
Find your cluster in the cluster list. In the Mode column, the status shows Autopilot.
Verifying the cluster configuration
To see all of your resources across namespaces, run the following command:
kubectl get all --all-namespaces
You'll see the new resources for the cluster such as Pods, Services, Deployments, and DaemonSets for the cluster.