Creating a GKE Cluster
Prerequisites
Some setup in Google Kubernetes Engine is required.
Service Account Token
Create a service account using Google Kubernetes Engine. GKE uses this account to operate your cluster. Creating this account also generates a private key used for authentication.
The service account requires the following roles:
-
Compute Viewer:
roles/compute.viewer
-
Project Viewer:
roles/viewer
-
Kubernetes Engine Admin:
roles/container.admin
-
Service Account User:
roles/iam.serviceAccountUser
For help obtaining a private key for your service account, refer to the Google cloud documentation here. You will need to save the key in JSON format.
Provisioning a GKE Cluster
Deploying to GKE will incur charges. |
1. Create a Cloud Credential
-
Click ☰ > Cluster Management.
-
In the left navigation bar, click Cloud Credentials.
-
Click Create.
-
Enter a name for your Google cloud credentials.
-
In the Service Account text box, paste your service account private key JSON, or upload the JSON file.
-
Click Create.
Result: You have created credentials that Rancher will use to provision the new GKE cluster.
2. Create the GKE Cluster
Use Rancher to set up and configure your Kubernetes cluster. To successfully create a GKE cluster with Rancher, your GKE must be in Standard mode. GKE has two modes of operation when creating a Kubernetes cluster, Autopilot and Standard mode. The cluster configuration for Autopilot mode has restrictions on editing the kube-system namespace. However, Rancher needs to create resources in the kube-system namespace during installation. As a result, you will not be able to create a GKE cluster in Autopilot mode. For more information about the difference between GKE Autopilot mode and Standard mode, visit Compare GKE Autopilot and Standard.
-
Click ☰ > Cluster Management.
-
On the Clusters page, click Create.
-
Click Google GKE.
-
Enter a Cluster Name.
-
Optional: Use Member Roles to configure user authorization for the cluster. Click Add Member to add users that can access the cluster. Use the Role drop-down to set permissions for each user.
-
Optional: Add Kubernetes labels or annotations to the cluster.
-
Enter your Google project ID and your Google cloud credentials.
-
Fill out the rest of the form. For help, refer to the GKE cluster configuration reference.
-
Click Create.
Result: You have successfully deployed a GKE cluster.
Your cluster is created and assigned a state of Provisioning. Rancher is standing up your cluster.
You can access your cluster after its state is updated to Active.
Active clusters are assigned two Projects:
-
Default
, containing thedefault
namespace -
System
, containing thecattle-system
,ingress-nginx
,kube-public
, andkube-system
namespaces
Private Clusters
Private GKE clusters are supported. Note: This advanced setup can require more steps during the cluster provisioning process. For details, see this section.
Configuration Reference
For details on configuring GKE clusters in Rancher, see this page.
Updating Kubernetes Version
The Kubernetes version of a cluster can be upgraded to any version available in the region or zone for the GKE cluster. Upgrading the master Kubernetes version does not automatically upgrade worker nodes. Nodes can be upgraded independently.
GKE has removed basic authentication in 1.19+. In order to upgrade a cluster to 1.19+, basic authentication must be disabled in the Google Cloud. Otherwise, an error will appear in Rancher when an upgrade to 1.19+ is attempted. You can follow the Google documentation. After this, the Kubernetes version can be updated to 1.19+ via Rancher. |
Syncing
The GKE provisioner can synchronize the state of a GKE cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see Syncing.
For information on configuring the refresh interval, see this section.
Programmatically Creating GKE Clusters
The most common way to programmatically deploy GKE clusters through Rancher is by using the Rancher2 Terraform provider. The documentation for creating clusters with Terraform is here.