Using Compute Engine sole-tenant nodes in GKE

This page shows you how to use Compute Engine sole-tenant nodes in Google Kubernetes Engine (GKE).

Sole-tenant nodes are dedicated physical servers that run a specific project's VMs. You can use sole-tenant nodes to keep your VMs physically separated from VMs in other projects or to group your VMs together on the same host hardware.

Before you begin

Before you start, make sure you have performed the following tasks:

Set up default gcloud settings using one of the following methods:

  • Using gcloud init, if you want to be walked through setting defaults.
  • Using gcloud config, to individually set your project ID, zone, and region.

Using gcloud init

If you receive the error One of [--zone, --region] must be supplied: Please specify location, complete this section.

  1. Run gcloud init and follow the directions:

    gcloud init

    If you are using SSH on a remote server, use the --console-only flag to prevent the command from launching a browser:

    gcloud init --console-only
  2. Follow the instructions to authorize gcloud to use your Google Cloud account.
  3. Create a new configuration or select an existing one.
  4. Choose a Google Cloud project.
  5. Choose a default Compute Engine zone.

Using gcloud config

  • Set your default project ID:
    gcloud config set project project-id
  • If you are working with zonal clusters, set your default compute zone:
    gcloud config set compute/zone compute-zone
  • If you are working with regional clusters, set your default compute region:
    gcloud config set compute/region compute-region
  • Update gcloud to the latest version:
    gcloud components update

Requesting additional quota

Sole-tenant nodes are large (for example, 96 vCPUs and 624 GB memory), and the default project quotas are too low to handle them.

You must request a quota increase for Compute Engine API CPUs on the quotas page to create sole-tenant nodes. For more information about requesting an increase, see Quotas.

The number of CPUs you need depends on the following:

  • Your current CPU quota usage.
  • The size of the node group.
  • The node template.

Examine the number of cores of your sole-tenant node type, and request a CPU limit of at least that amount, preferably with headroom of 10 extra CPUs.

Creating a sole-tenant node template

A sole-tenant node template is a regional resource that defines and applies properties to every node when creating a node group. For more information, see node types.

Console

  1. Go to the Sole-tenant nodes page.

    Go to the Sole-tenant nodes page

  2. Click Create node template.

  3. Specify a Name and Region for your node template.

  4. Select a Node type.

  5. Optionally, add one or more Node affinity labels.

  6. Click Create to create the node template.

gcloud

Use the gcloud compute sole-tenancy node-templates create command to create a node template:

gcloud compute sole-tenancy node-templates create TEMPLATE_NAME \
  --node-type=NODE_TYPE \
  --node-affinity-labels=AFFINITY_LABELS \
  --region=REGION

Replace the following:

  • TEMPLATE_NAME: name for the new node template.

  • NODE_TYPE: node type for sole-tenant nodes created based on this template. Use the gcloud compute sole-tenancy node-types list command to get a list of the node types available in each zone.

  • AFFINITY_LABELS: keys and values, [KEY=VALUE,...], for affinity labels. Affinity labels let you logically group nodes and node groups and later, when provisioning VMs, you can specify affinity labels on the VMs to schedule VMs on a specific set of nodes or node groups. For more information, see Node affinity and anti-affinity.

  • REGION: region to create the node template in. You can use this template to create node groups in any zone of this region.

The output is similar to this:

Created [https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/nodeTemplates/template-name].

Creating a sole-tenant node group

A node group is a set of sole-tenant nodes in a specific zone from the same sole-tenant node template. For regional clusters and node pools available in multiple zones, you must create a node group with the same name in each zone.

Console

To create a sole-tenant node group, perform the following steps:

  1. Go to the Sole-tenant nodes page.

    Go to the Sole-tenant nodes page

  2. Click Create node group.

  3. Specify a Name for your node template.

  4. Select the same Region you created your node template in, then select a Zone in that Region.

  5. Select your Node template.

  6. Optionally, enable Autoscaling mode.

  7. Specify the Number of nodes you want in the group.

  8. Optionally, change the Maintenance Policy.

  9. Click Create to create the node group.

gcloud

Create a node group from the template:

gcloud compute sole-tenancy node-groups create group-name --zone compute-zone \
  --node-template template-name --target-size target-size

Replace the following:

  • group-name: the name you want your new node group to have.
  • compute-zone: the zone where this node group is located. This zone must be in the same region as the node template that you are using.
  • template-name: the name of the node template that your are using.
  • target-size: the number of nodes you want to create in the group.

The output is similar to this:

Created [https://www.googleapis.com/compute/beta/projects/my-project/zones/us-central1-a/nodeGroups/group-name].

Create a GKE sole-tenant node pool

Now that you have created a sole-tenant node group in Compute Engine, you can create a sole-tenant node pool.

If you already have a GKE cluster, you can add a sole-tenant node pool to it. If not, create a cluster with [gcloud container clusters create]](/sdk/gcloud/reference/continaer/clusters/create).

If you are using a regional cluster or if your node pool is available in multiple zones, you must create a node group with the same name in each of those zones. If you cannot re-use the name in each zone, create separate node pools for each zone.

  1. Create a new node pool with a specified node group:

    For zonal node pools:

     gcloud container node-pools create node-pool-name \
       --node-group group-name --cluster cluster-name \
       --zone compute-zone --machine-type=node-group-machine-type \
       --node-locations=node-group-zone
    

    For regional node pools:

      gcloud container node-pools create node-pool-name \
        --node-group group-name --cluster cluster-name \
        --region compute-region --machine-type=node-group-machine-type \
        --node-locations=node-group-zone,[node-group-zone,…]
    

    Replace the following:

    • node-pool-name: a name for the new node pool.
    • group-name: the name of the existing sole-tenancy node group you want to use.
    • cluster-name: the name of the cluster in which you're creating the node pool.
    • compute-zone: the same zone as your cluster.
    • compute-region: the same region as your cluster.
    • machine-type: the node pool machine type.
    • node-group-zone: the sole-tenancy node group zone(s).

  2. Verify the node pool is created:

      kubectl get nodes
    

You should see a list of nodes in the Ready state in the node pool that you just created. You can also view the sole-tenant nodes on the Sole-tenant page.

Cleaning up

To remove the resources created in preceding examples, perform the following steps:

  1. Delete the sole-tenant node pool:

    gcloud  container node-pools delete node-pool-name
    
  2. Delete the sole-tenant node group:

    gcloud beta compute sole-tenant node-groups delete group-name --zone compute-zone
    
  3. Delete the sole-tenant node template:

    gcloud beta compute sole-tenancy node-templates delete template-name \
        --region compute-region
    

What's next