RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://cloud.google.com/kubernetes-engine/docs/how-to/creating-an-autopilot-cluster below:

Create an Autopilot cluster | Google Kubernetes Engine (GKE)

This page explains how to create a Google Kubernetes Engine (GKE) cluster in

. Autopilot is a GKE mode of operation that lets you focus on your services and applications, while GKE manages your nodes and infrastructure. When you deploy your workloads, GKE provisions, configures, and manages the resources and hardware, including when you scale.

Before you begin

Before you start, make sure that you have performed the following tasks:

Enable the Google Kubernetes Engine API.

Enable Google Kubernetes Engine API

If you want to use the Google Cloud CLI for this task, install and then initialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running gcloud components update. Note: For existing gcloud CLI installations, make sure to set the compute/region property. If you use primarily zonal clusters, set the compute/zone instead. By setting a default location, you can avoid errors in the gcloud CLI like the following: One of [--zone, --region] must be supplied: Please specify location. You might need to specify the location in certain commands if the location of your cluster differs from the default that you set.

Ensure you have the correct permissions to create clusters. At minimum, you should be a Kubernetes Engine Cluster Admin.
If you want to register your new cluster to a fleet, ensure that you have the required APIs and permissions.

Caution: If you have the organization policy constraint constraints/compute.vmExternalIpAccess configured to Deny All or to restrict external IPs to specific VM instances at the organization, folder, or project level where you are trying to create a public GKE Autopilot cluster, then your cluster creation operations will fail. See the troubleshooting information for details. Set up IAM service accounts for GKE

GKE uses IAM service accounts that are attached to your nodes to run system tasks like logging and monitoring. At a minimum, these node service accounts must have the Kubernetes Engine Default Node Service Account (roles/container.defaultNodeServiceAccount) role on your project. By default, GKE uses the Compute Engine default service account, which is automatically created in your project, as the node service account.

Best practice: Instead of using the Compute Engine default service account, create a custom service account for your nodes to use and give it only the permissions that GKE needs to run system tasks. For more information, see Use a least privileged service account.

To grant the roles/container.defaultNodeServiceAccount role to the Compute Engine default service account, complete the following steps:

console

Go to the Welcome page:
Go to Welcome
In the Project number field, click content_copy Copy to clipboard.
Go to the IAM page:
Go to IAM
Click person_add Grant access.
In the New principals field, specify the following value:
```
PROJECT_NUMBER-compute@developer.gserviceaccount.com
```
Replace PROJECT_NUMBER with the project number that you copied.
In the Select a role menu, select the Kubernetes Engine Default Node Service Account role.
Click Save.

gcloud

Find your Google Cloud project number:
```
gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)"
```
Replace PROJECT_ID with your project ID.

The output is similar to the following:
```
12345678901
```

Grant the roles/container.defaultNodeServiceAccount role to the Compute Engine default service account:

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
    --role="roles/container.defaultNodeServiceAccount"

Replace PROJECT_NUMBER with the project number from the previous step.

Create an Autopilot cluster

The minimum information that you need to specify when creating a new Autopilot cluster is a name, project (usually the current project), and region (usually the default region for command line tools). However, there are many more possible configuration settings, some of which can't be changed after cluster creation. Ensure that you understand which settings can't be changed after cluster creation, and that you choose the right setting when creating a cluster if you don't want to have to create it again.

You can see an overview of cluster configuration options in About cluster configuration choices, and a complete list of possible options in the gcloud container clusters create-auto and Terraform google_container_cluster reference guides.

You can create an Autopilot cluster by using the Google Cloud CLI, the Google Cloud console, or by using Terraform:

gcloud

Run the following command:

gcloud container clusters create-auto CLUSTER_NAME \
    --location=LOCATION \
    --project=PROJECT_ID

Replace the following:

CLUSTER_NAME: the name of your new Autopilot cluster.
LOCATION: the region for your cluster.
PROJECT_ID: your project ID.

We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.

To specify a custom service account in the gcloud CLI, add the following flag to your command:

--service-account=SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com

Replace SERVICE_ACCOUNT_NAME with the name of your minimally-privileged service account.

Caution: You cannot modify the IAM service account on an existing Autopilot cluster.

For a list of other options that you can specify, see the gcloud container clusters create-auto reference documentation.

Console

Perform the following tasks:

In the Google Cloud console, go to the Create an Autopilot cluster page.

Go to Create an Autopilot cluster
In the Cluster basics section, complete the following:
Enter the Name for your cluster.
Select a region for your cluster.
1. Optional (available with GKE Enterprise): If you want to register your new cluster to a fleet, go to the Fleet registration section, and follow the Google Cloud console instructions for Create and register a new cluster to complete your cluster registration.
For the Networking section, refer to Customize your network isolation for configuration instructions.
Optionally, specify a custom IAM service account for your nodes:
1. In the Advanced settings page, expand the Security section.
2. In the Service account menu, select your preferred service account.
We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
Optionally, configure other settings such as maintenance windows and advanced security features.
Click Create.

Terraform

To create an Autopilot cluster using Terraform, refer to the following example:

To create an Autopilot cluster that uses a custom IAM service account, follow these steps:

Create an IAM service account and grant it the roles/container.defaultNodeServiceAccount role on the project:
Create an Autopilot cluster that uses the new service account:

To learn more about using Terraform, see Terraform support for GKE.

Create an Autopilot cluster with a specific release channel and version

By default, GKE enrolls new Autopilot clusters in the Regular release channel, with the default GKE version in the channel. You can change the release channel when you create an Autopilot cluster using the gcloud CLI, the Google Cloud console, or by using Terraform.

You can also set a specific GKE version when you create a cluster using the gcloud CLI. Setting the cluster version is only useful if you have a specific version requirement. To set the cluster version, specify the --cluster-version flag in the gcloud container clusters create-auto command. The version that you specify must be an available GKE version.

The following instructions for setting the release channel and version are optional. Unless you require a specific GKE version, we recommend that you keep the default release channel setting.

gcloud

Run the following command:

gcloud container clusters create-auto CLUSTER_NAME \
    --location=LOCATION \
    --release-channel=RELEASE_CHANNEL

Replace RELEASE_CHANNEL with the name of the release channel for the cluster. The default is Regular.

Optionally, specify --cluster-version=CLUSTER_VERSION, replacing CLUSTER_VERSION with the GKE version for the cluster, like 1.29.4-gke.1043002. The version that you specify applies until a newer version becomes the default in your release channel. GKE then automatically upgrades your cluster to the new default version. If you omit this flag, GKE sets the version to the release channel's default version.

To check the available versions, refer to What versions are available in a channel?. You can run any minor version in your selected channel or choose a subset of patch versions from other channels.

Console

To set the release channel when you create an Autopilot cluster, do the following:

In the Google Cloud console, go to the Create an Autopilot cluster page.

Go to Create an Autopilot cluster
In the Cluster basics section, complete the following:
1. Specify a Name.
2. Select a Region.
In the Advanced settings section, choose a release channel.
Optionally, configure other settings for your new cluster.
Click Create.

Terraform

To set the release channel and the cluster version when you create an Autopilot cluster using Terraform, refer to the following example:

To learn more about using Terraform, see Terraform support for GKE.

You can also change the release channel and GKE version for existing clusters. For instructions, refer to Manually upgrading a control plane and to Selecting a new release channel.

Connect to the cluster gcloud

gcloud container clusters get-credentials CLUSTER_NAME \
    --location=LOCATION \
    --project=PROJECT_ID

This command configures kubectl to use the cluster you created.

Console

In the cluster list, beside the cluster that you want to connect to, click more_vert Actions, and then click Connect.

Click Run in Cloud Shell when prompted. The generated command is copied into your Cloud Shell, for example:

gcloud container clusters get-credentials autopilot-cluster --location=us-central1 --project=autopilot-test

Press Enter to run the command.

Verify the cluster mode

You can verify that your cluster is an Autopilot cluster by using the gcloud CLI or the Google Cloud console.

gcloud

To verify that your cluster is created in Autopilot mode, run the following command:

gcloud container clusters describe CLUSTER_NAME \
    --location=LOCATION

The output contains the following:

autopilot:
  enabled: true

Console

To verify that your cluster is created in Autopilot mode, do the following:

Go to the Google Kubernetes Engine page in the Google Cloud console.

Go to Google Kubernetes Engine
Find your cluster in the cluster list. Under Mode, it should say Autopilot.

What's next

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4