Using Dataplane V2


This page explains how to enable Dataplane V2 for Google Kubernetes Engine (GKE).

Creating a GKE cluster with Dataplane V2

You can enable Dataplane V2 when creating new clusters with GKE version 1.20.6-gke.700 and later by using the gcloud tool or the Kubernetes Engine API.

Console

To create a new cluster with Dataplane V2, perform the following tasks:

  1. Go to the Google Kubernetes Engine page in Cloud Console.

    Go to Google Kubernetes Engine

  2. Click Create.

  3. Click Configure to configure a Standard cluster.

  4. In the Networking section, select the Enable Dataplane V2 checkbox. The Enable Kubernetes Network Policy option is disabled when you select Enable Dataplane V2 because network policy enforcement is built into Dataplane V2.

  5. Click Create.

gcloud

To create a new cluster with Dataplane V2, use the following command:

gcloud beta container clusters create CLUSTER_NAME \
    --enable-dataplane-v2 \
    --enable-ip-alias \
    --release-channel CHANNEL_NAME \
    --zone CLUSTER_LOCATION
 

Replace the following:

  • CLUSTER_NAME: the name of your new cluster.
  • CHANNEL_NAME: a release channel that includes GKE version 1.20.6-gke.700 or later. If you prefer not to use a release channel, you can also use the --version flag instead of --release-channel, specifying version 1.20.6-gke.700 or later.
  • CLUSTER_LOCATION: the location of the cluster. These arguments are mutually exclusive. See Types of clusters for more information.

API

To create a new cluster with Dataplane V2, specify the datapathProvider field in the networkConfig object in your cluster create request.

The following JSON snippet shows the configuration needed to enable Dataplane V2:

"cluster":{
   "initialClusterVersion":"VERSION",
   "ipAllocationPolicy":{
      "useIpAliases":true
   },
   "networkConfig":{
      "datapathProvider":"ADVANCED_DATAPATH"
   },
   "releaseChannel":{
      "channel":"CHANNEL_NAME"
   }
}

Replace the following:

  • VERSION: your cluster version, which must be GKE 1.20.6-gke.700 or later.
  • CHANNEL_NAME: a release channel that includes GKE version 1.20.6-gke.700 or later.

Troubleshooting

  1. Check the state of the system Pods:

    kubectl -n kube-system get pods -l k8s-app=cilium -o wide
    

    If Dataplane V2 is running, you will see Pods with the prefix anetd- running. anetd is the networking controller for Dataplane V2.

  2. If the issue is with services or network policy enforcement, check the anetd Pod logs:

    kubectl -n kube-system get events --field-selector involvedObject.name=anetd
    kubectl -n kube-system logs -l k8s-app=cilium
    
  3. If Pod creation is failing, check the kubelet logs for clues. You can do this in GKE using ssh:

    gcloud compute ssh node -- sudo journalctl -u kubelet
    

    Replace node with the name of the VM instance.

What's next