Using Dataplane V2

Standard

This page explains how to enable Dataplane V2 for Google Kubernetes Engine (GKE).

Creating a GKE cluster with Dataplane V2

You can enable Dataplane V2 when creating new clusters with GKE version 1.17.9 and later by using the gcloud tool or the Kubernetes Engine API.

gcloud

To create a new cluster with Dataplane V2, use the following command:

gcloud beta container clusters create CLUSTER_NAME \
    --enable-dataplane-v2 \
    --enable-ip-alias \
    --release-channel CHANNEL_NAME \
    --zone CLUSTER_LOCATION

Replace the following:

CLUSTER_NAME: the name of your new cluster.
CHANNEL_NAME: a release channel that includes GKE version 1.17.9 or later.
CLUSTER_LOCATION: the location of the cluster. These arguments are mutually exclusive. See Types of clusters for more information.

API

To create a new cluster with Dataplane V2, specify the datapathProvider field in the networkConfig object in your cluster create request.

The following JSON snippet shows the configuration needed to enable Dataplane V2:

"cluster":{
   "initialClusterVersion":"VERSION",
   "ipAllocationPolicy":{
      "useIpAliases":true
   },
   "networkConfig":{
      "datapathProvider":"ADVANCED_DATAPATH"
   },
   "releaseChannel":{
      "channel":"CHANNEL_NAME"
   }
}

Replace the following:

VERSION: your cluster version, which must be GKE 1.17.9 or later.
CHANNEL_NAME: a release channel that includes GKE version 1.17.9 or later.

Troubleshooting

Check the state of the system Pods:
```
kubectl -n kube-system get pods -l k8s-app=cilium -o wide
```
If Dataplane V2 is running, you will see Pods with the prefix anetd- running. anetd is the networking controller for Dataplane V2.

If the issue is with services or network policy enforcement, check the anetd Pod logs:

kubectl -n kube-system get events --field-selector involvedObject.name=anetd
kubectl -n kube-system logs -l k8s-app=cilium

If Pod creation is failing, check the kubelet logs for clues. You can do this in GKE using ssh:
```
gcloud compute ssh node -- sudo journalctl -u kubelet
```
Replace node with the name of the VM instance.

What's next

Use network policy logging to record when connections to Pods are allowed or denied by your cluster's network policies.
Learn how Dataplane V2 works.