This page shows you how to create a Standard zonal cluster, with the default features enabled, in Google Kubernetes Engine (GKE). Zonal clusters have a single control plane instance in a single zone. Depending on your availability requirements, you can choose to distribute your nodes for your zonal cluster in a single zone or in multiple zones.
Best practice: Use regional clusters to run your production workloads as they offer higher availability than zonal clusters. In a regional cluster, the control plane is replicated across multiple zones in a region. Caution: After you create a cluster, you cannot change it from zonal to regional, or regional to zonal. To learn about the different cluster availability types, see Cluster availability.This page is for Operators, Cloud architects, and Developers, who need to create and configure clusters, and who deploy workloads on GKE. To learn more about common roles and example tasks that we reference in Google Cloud content, see Common GKE Enterprise user roles and tasks.
Before reading this page, ensure that you're familiar with cluster configuration choices.
Before you beginBefore you start, make sure you have performed the following tasks:
gcloud components update. Note: For existing gcloud CLI installations, make sure to set the compute/region and compute/zone properties. By setting default locations, you can avoid errors in gcloud CLI like the following: One of [--zone, --region] must be supplied: Please specify location.cos-metrics-enabled flag enabled by default. This setting allows kernel crash logs to be collected using dmesg. The report does not include any user logs, and does not intentionally collect any PII. It can potentially include user logs if you write logs from a privileged container and bind mount /dev/kmsg. And certain PII, for example process name, may appear in the report if kernel includes them in the error messages, such as OOM kills. Caution: If you have the organization policy constraint constraints/compute.vmExternalIpAccess configured to Deny All or to restrict external IPs to specific VM instances at the organization, folder, or project level where you are trying to create a public GKE cluster, then your cluster creation operations will fail. See the troubleshooting information for details. Set up IAM service accounts for GKE
GKE uses IAM service accounts that are attached to your nodes to run system tasks like logging and monitoring. At a minimum, these node service accounts must have the Kubernetes Engine Default Node Service Account (roles/container.defaultNodeServiceAccount) role on your project. By default, GKE uses the Compute Engine default service account, which is automatically created in your project, as the node service account.
To grant the roles/container.defaultNodeServiceAccount role to the Compute Engine default service account, complete the following steps:
PROJECT_NUMBER-compute@developer.gserviceaccount.comReplace
PROJECT_NUMBER with the project number that you copied.gcloud projects describe PROJECT_ID \
--format="value(projectNumber)"
Replace PROJECT_ID with your project ID.
The output is similar to the following:
12345678901
roles/container.defaultNodeServiceAccount role to the Compute Engine default service account:
gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
--role="roles/container.defaultNodeServiceAccount"
Replace PROJECT_NUMBER with the project number from the previous step.
The minimum information that you need to specify when creating a new zonal cluster is a name, project (usually the current project), and zone (usually the default location for command line tools), using the default settings for all other values. However, there are more possible configuration settings, only some of which are described in this section and some of which can't be changed after cluster creation. Ensure that you understand which settings can't be changed after cluster creation, and that you choose the right setting when creating a cluster if you don't want to have to create it again.
You can see an overview of cluster configuration options in About cluster configuration choices, and a complete list of possible options in the gcloud container clusters create and Terraform google_container_cluster reference guides.
You can create a zonal cluster by using the gcloud CLI, the Google Cloud console, or Terraform.
If you're developing GKE applications with Cloud Code for VS Code, try creating clusters with Cloud Code.
gcloudTo create a zonal cluster with the gcloud CLI, use one of the following commands.
Note: If you are creating a single-zone cluster, you can omit the--node-locations flag from the command.
Replace the following:
CLUSTER_NAME: the name of your new cluster.CHANNEL: the type of release channel, which can be one of rapid, regular, stable, or None. By default, the cluster is enrolled in the regular release channel unless at least one of the following flags is specified: --cluster-version, --release-channel, --no-enable-autoupgrade, and --no-enable-autorepair.CONTROL_PLANE_LOCATION: the Compute Engine zone of the control plane of your cluster.VERSION: the version you want to specify for your cluster.COMPUTE_ZONE,COMPUTE_ZONE1,[...]: the zones in which nodes are created. You can specify as many zones as needed for your cluster. All zones must be in the same region as the cluster's control plane, specified by the --location flag. For zonal clusters, --node-locations must contain the cluster's primary zone.We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
To specify a custom service account in the gcloud CLI, add the following flag to your command:
--service-account=SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com
Replace SERVICE_ACCOUNT_NAME with the name of your minimally-privileged service account.
Using a specific release channel:
To create a new cluster using a specific release channel, run the following command:
gcloud container clusters create CLUSTER_NAME \
--release-channel CHANNEL \
--location CONTROL_PLANE_LOCATION \
--node-locations COMPUTE_ZONE,COMPUTE_ZONE1
Using a specific version:
To create a new cluster using a specific cluster version, run the following command:
gcloud container clusters create CLUSTER_NAME \
--cluster-version VERSION \
--location CONTROL_PLANE_LOCATION \
--node-locations COMPUTE_ZONE,COMPUTE_ZONE1
Note: If you specify a cluster version, the cluster uses that specific version and is enrolled in the most mature release channel where that version is available.
Using the default version for clusters not enrolled in a release channel:
To create a new cluster using the default version for clusters not enrolled in a release channel, you don't need to specify a cluster version, but you do need to set the release channel to None:
gcloud container clusters create CLUSTER_NAME \
--release-channel None \
--location CONTROL_PLANE_LOCATION \
--node-locations COMPUTE_ZONE,COMPUTE_ZONE1
Example
The following command creates a multi-zonal cluster named example-cluster, where the cluster control plane is located in the us-central-a zone, and there are three node locations. The cluster is enrolled in the regular release channel.
When the --num-nodes flag is omitted, the default number of per-zone nodes created by the cluster is three. Because three zones were specified, this command creates a nine-node cluster with three nodes each in us-central1-a, us-central1-b, and us-central1-c.
gcloud container clusters create example-cluster \
--location us-central1-a \
--node-locations us-central1-a,us-central1-b,us-central1-c
Console
To create a zonal cluster with the Google Cloud console, perform the following tasks:
In the Google Cloud console, go to the Create a Kubernetes cluster page.
In the Cluster basics section, complete the following:
Choose a release channel. You can, optionally, select No channel from the drop-down list, however we recommend that you review the comparison between clusters enrolled and not enrolled in a release channel before choosing this option. GKE automatically upgrades clusters not in a release channel with versions from the Stable channel.
Optional: Specify a control plane version from the Version drop-down list.
Optional: Configure other settings for your new cluster.
Optional (available with GKE Enterprise): If you want to register your new cluster to a fleet, go to the Fleet registration section, and follow the Google Cloud console instructions for Create and register a new cluster to complete your cluster registration.
From the navigation pane, under Node Pools, click default-pool.
In the Node pool details section, complete the following:
From the navigation pane, under Node Pools, click Nodes.
From the Image type drop-down list, select the node image.
Choose the default Machine configuration to use for the instances. Each machine type is billed differently. The default machine type is e2-medium. For machine type pricing information, refer to the machine type price sheet.
From the Boot disk type drop-down list, select the disk type.
Enter the Boot disk size.
Optional: From the navigation pane, under Node Pools, click Security.
We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
Click Create.
To create a zonal cluster with a single-zone node pool using Terraform, refer to the following example:
To create a zonal cluster with a multi-zone node pool using Terraform, refer to the following example:
To learn more about using Terraform, see Terraform support for GKE.
Interact with a cluster using kubectlAfter you create a cluster, you need to configure kubectl before you can interact with the cluster from the command line.
GKE previously supported templates for clusters. Those templates were removed from the Google Cloud console, but are still accessible from the following links:
If you're new to Google Cloud, create an account to evaluate how GKE performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
Try GKE freeRetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4