GKE Enterprise deployment options
This page shows the Google Cloud and Google Kubernetes Engine (GKE) Enterprise edition features that are available on each of the following GKE Enterprise supported environments:
- Google Kubernetes Engine (GKE) on Google Cloud
- Google Distributed Cloud (GKE on-premises):
- GKE Multi-Cloud:
- GKE on AWS
- GKE on Azure
- GKE attached clusters, which are third-party Kubernetes clusters registered to your fleet.
This page is for Operators who define IT solutions and system architecture in accordance with company strategy in coordination with key stakeholders. To learn more about common roles and example tasks that we reference in Google Cloud content, see Common GKE Enterprise user roles and tasks.
Enabling GKE Enterprise
Follow the instructions in Enable GKE Enterprise to enable the Anthos API on your fleet host project. Enabling GKE Enterprise lets you use all the following GKE Enterprise features without incurring additional charges:
- Config Sync
- Policy Controller
- Config Controller
- Cloud Service Mesh
- Knative serving support
- Migrate to Containers
- GKE Identity Service
- Binary Authorization
- Multi Cluster Ingress
- Cloud Logging and Cloud Monitoring for GKE Enterprise system components
- Advanced features in the security posture dashboard
- Compliance dashboard
- Node to node encryption
- FQDN network policies
See the GKE pricing page for more information about enterprise tier pricing. GKE Enterprise charges are applied per managed vCPU. For Standard mode GKE on Google Cloud clusters, there are no separate GKE charges. For Autopilot clusters, billing uses the Autopilot pricing model in addition to GKE Enterprise per-vCPU charges.
Pricing options for GKE on Google Cloud
If you only want to use GKE on Google Cloud, you have the following options for enterprise and multi-cluster features:
You can choose to enable GKE Enterprise to have access to all GKE Enterprise features for a single per-vCPU charge, as described above.
You can choose to not enable GKE Enterprise and pay only for the enterprise features you use, in addition to the GKE charges. Only a subset of GKE Enterprise features are available to purchase separately. See the following feature pricing guides for detailed information.
See the GKE pricing page for GKE pricing at the standard tier. These GKE charges include the use of the following enterprise and multi-cluster features at no additional cost:
Features available on GKE clusters on Google Cloud
GKE on Google Cloud supports all GKE Enterprise features. For more general details, including the benefits of running workloads on GKE, see the GKE product overview.
Clusters on Google Cloud are enrolled in the enterprise tier on a cluster by cluster basis, and can become enterprise-tier clusters as long as GKE Enterprise is enabled in their project. To use the full range of GKE Enterprise features, however, you must also register the cluster to a fleet, though you can use a subset of enterprise features without fleets. You can see which features require fleets in the following table.
A small number of GKE Enterprise features aren't supported on Autopilot clusters. These are also shown in the table.
Feature | Available on GKE standard clusters | Available on Autopilot clusters | Available without fleet membership |
---|---|---|---|
Config Sync | |||
Policy Controller | |||
Config Controller | |||
Cloud Service Mesh in-cluster | |||
Managed Cloud Service Mesh | |||
Knative serving | |||
Migrate to Containers | |||
GKE Identity Service | |||
Binary Authorization | |||
Multi Cluster Ingress | |||
Cloud Logging and Cloud Monitoring for GKE Enterprise system components | |||
Advanced security posture and compliance monitoring | |||
Node to node encryption | |||
FQDN network policies |
Features available on clusters outside of Google Cloud
The following tables show which key Google Cloud and GKE Enterprise features are available on clusters outside of Google Cloud.
For details about which versions of the GKE Enterprise features are supported on each environment, see the version support matrix.
Plugins and load balancers
GKE Enterprise clusters outside of Google Cloud use a combination of built-in GKE Enterprise capabilities along with platform-native capabilities.
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
Network plugin | ||||||
Container storage interface (CSI) & hybrid storage | ||||||
Bundled L4 load balancer | ||||||
Platform-native load balancers | N/A | N/A | N/A |
Operations and management
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
GKE Enterprise dashboard in the Google Cloud console | ||||||
Connect Gateway | ||||||
Cloud Logging and Cloud Monitoring | ||||||
Prometheus/Grafana |
Security and Identity
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
GKE Identity Service | ||||||
Fleet workload identity | ||||||
Cloud Audit Logs | ||||||
Binary Authorization |
Service management
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
Cloud Service Mesh in-cluster | * | |||||
Managed Cloud Service Mesh | ||||||
Service dashboards in the Google Cloud console | * | |||||
Cloud Service Mesh certificate authority | ||||||
Cloud Service Mesh integration with Certificate Authority Service |
* For the list of attached clusters that Cloud Service Mesh supports, see Supported platforms.
Configuration management
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
Policy Controller | * | |||||
Config Sync | ||||||
Config Controller |
* To install Policy Controller, AKS clusters must not have the Azure Policy add-on.
Application deployment
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
Knative serving | ||||||
Google Cloud Marketplace |
Application migration
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
Migrate to Containers |
VM management
Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
---|---|---|---|---|---|---|
VM Runtime on Google Distributed Cloud |
What's next
- GKE Enterprise technical overview
- Version and upgrade support
- Managed Cloud Service Mesh supported features
- In-cluster Cloud Service Mesh supported features