Configuring a processing cluster on Google Cloud for Windows workloads

This topic describes how to set up Google Kubernetes Engine (GKE) or Anthos cluster on Google Cloud for migrating Windows VMs. You'll use the processing cluster to generate migrated container artifacts, operate and monitor the migration.

Before you begin

Before creating a processing cluster, you'll need:

A user with GKE Administrator privileges. These privileges are only necessary for the setup portion.
Prerequisites for migration. See Prerequisites for migrating Windows VMs using Google Cloud processing clusters for more.

Note: You will need to use the same VPC for your Migrate for Compute Engine infrastructure and your GKE clusters.
Configured your environment as described in Enabling Google services and configuring service accounts.

Set your project defaults

Before you start, make sure you have performed the following tasks:

Ensure that you have enabled the Google Kubernetes Engine API.

Enable Google Kubernetes Engine API

Ensure that you have installed the Cloud SDK.

Set up default gcloud settings using one of the following methods:

Using gcloud init, if you want to be walked through setting defaults.
Using gcloud config, to individually set your project ID, zone, and region.

Using gcloud init

If you receive the error One of [--zone, --region] must be supplied: Please specify location, complete this section.

Run gcloud init and follow the directions:
```
gcloud init
```
If you are using SSH on a remote server, use the --console-only flag to prevent the command from launching a browser:
```
gcloud init --console-only
```
Follow the instructions to authorize gcloud to use your Google Cloud account.
Create a new configuration or select an existing one.
Choose a Google Cloud project.
Choose a default Compute Engine zone for zonal clusters or a region for regional or Autopilot clusters.

Note: You can override these default settings in gcloud commands using the --project, --zone, and --region flags.

Using gcloud config

Set your default project ID:
```
gcloud config set project PROJECT_ID
```
If you are working with zonal clusters, set your default compute zone:
```
gcloud config set compute/zone COMPUTE_ZONE
```
If you are working with Autopilot or regional clusters, set your default compute region:
```
gcloud config set compute/region COMPUTE_REGION
```
Update gcloud to the latest version:
```
gcloud components update
```

Note: You can override these default settings in gcloud commands using the --project, --zone, and --region flags.

Create a cluster for Windows workloads

Use the gcloud container command to create a cluster and the necessary node pool. See the command documentation for other flags you might want to use.

Your cluster must:

Be located on Google Cloud - Anthos clusters on VMware and Anthos clusters on AWS are not supported for Windows migrations.
Use GKE 1.16 or later.
- If you are using GKE versions earlier than 1.18.10-gke.2100 or 1.19.3-gke.2100, we recommend that you enable the Compute Engine persistent disk CSI Driver and make standard-rwo the default StorageClass on your cluster.
Specify cloud-platform for the --scopes value.
Specify --enable-ip-alias to makes the cluster VPC-native.
Use any operating system, such as Container-Optimized OS or Ubuntu.
Contain a Windows node pool used to process the migration with an image-type set to WINDOWS_LTSC.

Note: As of Migrate for Anthos and GKE version 1.7.5, you must use an image-type of WINDOWS_LTSC. In previous releases, you could use an image-type of WINDOWS_SAC. WINDOWS_SAC is no longer supported.

Creating a cluster using Windows Server node pools includes additional information you might find useful for creating clusters to run node pools running Windows Server.

About clusters for Compute Engine sources

A migration source represents the source platform from which you'll be migrating. For example, VMware, AWS, Azure, or Compute Engine are all types of source platforms. As part of the migration, Migrate for Anthos and GKE creates a snapshot of the disk images from a VM running on the source platform.

When the source platform is Compute Engine, you can only snapshot a specific disk at most once every 10 minutes, or 6 times an hour. To avoid hitting this limit, we recommend that you create the cluster in the same zone as the Compute Engine VM. When the cluster is in the same zone as the VM, Migrate for Anthos and GKE can clone the disk, rather than create a snapshot, which is a more efficient process and bypasses the snapshot limit.

See Creating frequent snapshots efficiently for more on the limit.

Creating the cluster

The example below creates a simple processing cluster that can get you started using Migrate for Anthos and GKE. For more advanced options, see:

Creating a cluster on a shared VPC
Creating a private cluster

The gcloud command offers many configuration options that you might want to set. These include choosing node machine types, specifying the --network and --subnetwork, and enabling Alias IP addresses. See gcloud container clusters create for more information.

Create the cluster:
```
gcloud container clusters create cluster-name \
 --project project-name \
 --zone=gcp-zone \
 --enable-ip-alias \
 --num-nodes=1 \
 --machine-type=e2-standard-4 \
 --cluster-version=1.16 \
 --network network \
 --subnetwork subnetwork
```
Note: When the source platform is Compute Engine, we recommend that you set gcp-zone to the same zone hosting the Compute Engine VM.

Edit the parameters in the command examples to match your own needs. For example, set project to the name of your Google Cloud project and set zone to your compute zone.

We requires a machine-type of "e2-standard-2" or larger. See Types of clusters for more information.
Create the Windows node pool used to process the migration:
```
gcloud container node-pools create node-pool-name \
 --cluster=cluster-name \
 --image-type=WINDOWS_LTSC \
 --num-nodes=1 \
 --scopes "cloud-platform" \
 --machine-type=e2-standard-4
```
Note: If you use the Google Cloud Console to create the cluster, be sure to select Allow full access to all Cloud APIs under default-pool > Security. This setting corresponds to the --scopes "cloud-platform" setting in the gcloud command.

Connect to the cluster:

gcloud container clusters get-credentials cluster-name \
 --zone gcp-zone --project project-name

Creating a cluster on a shared VPC

A common environment creates clusters with a Shared VPC. With Shared VPC, you designate one project as the host project, and you can attach other projects, called service projects, to the host project.

Shown below is an example command to create a cluster in a Shared VPC environment:

gcloud container clusters create cluster-name \
  --project project-name \
  --zone=gcp-zone \
  --machine-type "e2-standard-2" \
  --image-type "UBUNTU" \
  --num-nodes "1" \
  --enable-ip-alias \
  --username "admin" \
  --cluster-version=1.16 \
  --cluster-ipv4-cidr=ipRange \
  --services-ipv4-cidr=ipRange \
  --cluster-secondary-range-name pods-range \
  --services-secondary-range-name svc-range \
  --network projects/projectId/global/networks/vpcId \
  --subnetwork projects/projectId/regions/region/subnetworks/subnetwork \
  --addons HorizontalPodAutoscaling,HttpLoadBalancing \
  --no-enable-autoupgrade \
  --no-enable-autorepair \
  --tags networkTags \   # optional
  --labels key=value     # optional

See Setting up clusters with Shared VPC for a complete description of this command and its options.

Creating a private cluster

Private clusters give you the ability to isolate nodes from having inbound and outbound connectivity to the public internet. This isolation is achieved as the nodes have internal IP addresses only.

Migrate for Anthos and GKE supports the use of private clusters. However, when using a private cluster, the control plane node must be able to reach the Migrate for Anthos and GKE infrastructure pod on port 9443.

Therefore, you must add port 9443 to the firewall rules of the control plane node. For more, see Creating a private cluster.

Next Steps

Installing Migrate for Anthos and GKE