GKE Overview

Google Kubernetes Engine (GKE) is Google Cloud’s fully managed Kubernetes service that eliminates the need to install, operate, and maintain your own Kubernetes control plane. GKE runs the Kubernetes control plane across multiple Google Cloud zones, automatically handles updates and patching, and offers both Standard (you manage nodes) and Autopilot (fully managed) cluster modes.

What Is GKE?

GKE is a managed Kubernetes service where Google Cloud operates the Kubernetes control plane (API server, etcd, scheduler, controller manager) for you. You deploy applications and manage workloads, while Google Cloud ensures the control plane is highly available, secure, and up-to-date.

Think of GKE like a managed database service: Google Cloud handles the complex infrastructure, backups, high availability, and updates, while you focus on using it to run your applications.

graph TB subgraph gcp_managed[GCP Managed - You Don't Manage] CP[Control Plane] --> API[API Server] CP --> ETCD[etcd Database] CP --> SCHED[Scheduler] CP --> CM[Controller Manager] end subgraph your_responsibility[Your Responsibility] VPC[Your VPC Network] --> NODES[Worker Nodes Standard Mode] NODES --> APPS[Your Applications] NODES --> CONFIG[Node Configuration] end subgraph autopilot[Autopilot Mode] AUTO[Autopilot] --> AUTO_APPS[Your Applications] AUTO --> AUTO_MANAGED[Fully Managed Nodes] end CP -.->|Manages| NODES CP -.->|Manages| AUTO APPS -->|Uses| CP AUTO_APPS -->|Uses| CP style CP fill:#e1f5ff style NODES fill:#fff4e1 style AUTO fill:#e8f5e9 style APPS fill:#f3e5f5

How GKE Differs from Self-Managed Kubernetes

When you run Kubernetes yourself (using kubeadm, kops, or other tools), you’re responsible for everything:

Aspect	Self-Managed	GKE Standard	GKE Autopilot
Control Plane Setup	You install and configure	GCP provides and manages	GCP provides and manages
High Availability	You configure multi-master	GCP handles automatically	GCP handles automatically
Upgrades	You plan and execute	GCP handles with your approval	GCP handles automatically
Security Patches	You apply manually	GCP applies automatically	GCP applies automatically
Node Management	You manage nodes	You manage nodes	GCP manages nodes
Backups	You configure etcd backups	GCP handles control plane backups	GCP handles everything
Monitoring	You set up monitoring	You set up monitoring	GCP provides monitoring
Cost	Infrastructure costs only	$0.10/hour per cluster + nodes	Pay per pod resource usage

Self-Managed Kubernetes:

Full control over control plane and node configuration
Responsibility for availability, upgrades, and maintenance
Requires Kubernetes expertise for operations
Lower cost but higher operational overhead

GKE Standard:

Google Cloud manages control plane operations
Automatic high availability and health monitoring
Simplified upgrades and maintenance
You manage nodes (full control)
Higher cost but reduced operational burden

GKE Autopilot:

Google Cloud manages control plane and nodes
Fully managed operations
Pay per pod resource usage
Minimal operational overhead
Best for simplified operations

GKE Architecture

GKE runs across multiple components in your Google Cloud project:

graph TB subgraph region[Google Cloud Region] subgraph gke_service[GKE Service] CP[GKE Control Plane] EP[API Endpoint] end subgraph your_vpc[Your VPC Network] subgraph zone1[Zone 1] N1[Worker Node 1] FW1[Firewall Rules] end subgraph zone2[Zone 2] N2[Worker Node 2] FW2[Firewall Rules] end subgraph zone3[Zone 3] N3[Worker Node 3] FW3[Firewall Rules] end end subgraph gcp_services[Google Cloud Services] IAM[Cloud IAM] PD[Persistent Disk] LB[Cloud Load Balancing] MON[Cloud Monitoring] end end EP -->|kubectl/API| CP CP -->|Manages| N1 CP -->|Manages| N2 CP -->|Manages| N3 N1 --> FW1 N2 --> FW2 N3 --> FW3 N1 -->|Uses| IAM N1 -->|Uses| PD N1 -->|Uses| LB N1 -->|Sends Metrics| MON style CP fill:#e1f5ff style N1 fill:#fff4e1 style N2 fill:#fff4e1 style N3 fill:#fff4e1 style IAM fill:#f3e5f5

Control Plane Components

The GKE control plane consists of:

API Server:

Handles all API requests (kubectl, applications, controllers)
Validates and processes requests
Stores state in etcd
Runs across multiple zones

etcd:

Distributed key-value store for cluster state
Stores all Kubernetes objects (pods, services, deployments, etc.)
Replicated across zones for durability

Scheduler:

Decides which node should run each pod
Considers resource requirements, constraints, and affinity rules
Runs as a highly available service

Controller Manager:

Runs controllers that maintain desired state
ReplicaSet controller, Deployment controller, etc.
Ensures actual state matches desired state

Data Plane (Worker Nodes)

Worker nodes run in your VPC network and are your responsibility in Standard mode:

Compute Engine VMs - Virtual machines running Kubernetes node components
Container Runtime - containerd for running containers
kubelet - Agent that communicates with the control plane
kube-proxy - Network proxy for service networking
VPC CNI - Network plugin for pod networking

Key Features and Capabilities

Standard vs Autopilot Modes

GKE offers two deployment modes:

Standard Mode:

graph TB USER[You] --> CP[Control Plane GCP Managed] USER --> NODES[Nodes You Manage] NODES --> APPS[Applications] CP --> CONFIG[Configuration] NODES --> CONFIG style CP fill:#e1f5ff style NODES fill:#fff4e1 style APPS fill:#e8f5e9

You manage node pools and nodes
Full control over node configuration
Choose machine types and sizes
Manage node lifecycle
Better for specific requirements

Autopilot Mode:

graph TB USER[You] --> CP[Control Plane GCP Managed] USER --> APPS[Applications] CP --> NODES[Nodes GCP Managed] NODES --> APPS CP --> AUTO[Auto-Scaling Auto-Optimization] NODES --> AUTO style CP fill:#e1f5ff style NODES fill:#e8f5e9 style APPS fill:#fff4e1

Google Cloud manages nodes automatically
Pay only for requested resources (CPU, memory)
Automatic scaling and optimization
Enhanced security defaults
Simplified operations

High Availability

GKE control planes run across multiple zones automatically:

graph TB subgraph region[Single Google Cloud Region] subgraph zone1[Zone 1] API1[API Server 1] ETCD1[etcd 1] end subgraph zone2[Zone 2] API2[API Server 2] ETCD2[etcd 2] end subgraph zone3[Zone 3] API3[API Server 3] ETCD3[etcd 3] end end LB[Load Balancer] --> API1 LB --> API2 LB --> API3 ETCD1 <-->|Replication| ETCD2 ETCD2 <-->|Replication| ETCD3 ETCD3 <-->|Replication| ETCD1 style LB fill:#e1f5ff style API1 fill:#fff4e1 style API2 fill:#fff4e1 style API3 fill:#fff4e1

Control plane components distributed across 3+ zones
Automatic failover if a component becomes unhealthy
No single point of failure for the control plane
99.95% uptime SLA for Standard clusters
99.9% uptime SLA for Autopilot clusters

Google Cloud Integration

GKE integrates deeply with Google Cloud services:

VPC Integration:

Native VPC networking with alias IP ranges
Firewall rules for network security
Private clusters with private endpoints
No overlay networks needed

Cloud IAM Integration:

Use Cloud IAM for Kubernetes authentication
Workload Identity for pod-level Google Cloud permissions
No need to manage separate Kubernetes user accounts

Storage Integration:

Persistent Disk for block storage
Filestore for shared file storage
Automatic volume provisioning

Load Balancing:

Google Cloud Load Balancing integration
HTTP(S) Load Balancing for Ingress
Network Load Balancing for services
Automatic load balancer creation

Monitoring:

Cloud Monitoring for metrics
Cloud Logging for log aggregation
Cloud Trace for distributed tracing
Cloud Operations Suite integration

Security Features

Workload Identity:

Pods can assume Google Cloud service accounts
No need to store service account keys
Secure pod-to-GCP authentication

Binary Authorization:

Container image verification
Policy enforcement for image deployment
Integration with container image registries

Encryption:

Control plane encryption at rest (etcd)
Encryption in transit (TLS for API server)
Persistent Disk encryption support
Secrets encryption with Google KMS

Network Security:

Private clusters (no public endpoint)
Firewall rules for network isolation
Network policies with Calico
VPC Flow Logs integration

Shielded GKE Nodes:

Secure boot
Virtual Trusted Platform Module (vTPM)
Integrity monitoring

Confidential GKE:

Confidential computing support
Encrypted memory for sensitive workloads
Data in use protection

Multi-Cluster Features

GKE Hub:

Multi-cluster management
Multi-cluster services
Config Sync for GitOps
Policy Controller for governance

Multi-Cluster Services:

Service discovery across clusters
Load balancing across clusters
Geographic distribution

Use Cases and When to Choose GKE

Ideal Use Cases

✅ Google Cloud-Native Applications - Applications already using Google Cloud services (Cloud SQL, Cloud Storage, Pub/Sub)

✅ Multi-Cluster Requirements - Need advanced multi-cluster management features

✅ Autopilot Simplicity - Want fully managed operations with minimal overhead

✅ Kubernetes Expertise - Benefit from Google’s Kubernetes expertise (original creators)

✅ Security-First Organizations - Need Binary Authorization, Workload Identity, and confidential computing

✅ Global Workloads - Need multi-region deployment with GKE Hub

✅ Cost Optimization - Want to use preemptible VMs and sustained use discounts

✅ Simplified Operations - Prefer Autopilot mode for minimal node management

When to Consider Alternatives

❌ Non-GCP Infrastructure - If you’re primarily on AWS or Azure, their managed services may be better

❌ Very Small Clusters - For small development clusters, GKE control plane cost ($0.10/hour) may be excessive

❌ Full Control Required - If you need to customize control plane components extensively

❌ Specific Node Requirements - If you need very specific node configurations not supported by Autopilot

Pricing Model

GKE pricing consists of different components depending on cluster mode:

Standard Mode Pricing

Control Plane Cost:

$0.10 per hour per cluster (~$73/month)
Covers control plane management and high availability
Charged regardless of cluster size or usage
No additional charges for control plane operations

Data Plane Cost: You pay for the resources you use:

Compute Engine VMs - Standard Compute Engine pricing for worker nodes
Persistent Disk - Storage costs for persistent volumes
Data Transfer - Standard Google Cloud data transfer pricing
Load Balancers - Cloud Load Balancing costs if used
Other Google Cloud Services - Cloud Monitoring, Cloud Logging, etc.

Autopilot Mode Pricing

No Control Plane Cost:

Control plane included at no additional charge
No per-cluster hourly fee

Pay Per Pod Resource:

CPU - $0.0004875 per vCPU-second
Memory - $0.0000025 per GiB-second
Storage - Persistent Disk costs apply
Pay only for requested resources (requests, not usage)
No charge for node infrastructure

Example Autopilot Cost:

Pod with 1 vCPU and 2 GiB memory:
CPU: 1 vCPU × $0.0004875/sec × 86,400 sec/day = $42.12/day
Memory: 2 GiB × $0.0000025/sec × 86,400 sec/day = $0.432/day
Total: ~$42.55/day per pod (if running 24/7)

Cost Optimization Strategies

Use preemptible VMs for non-critical workloads (up to 80% savings)
Use sustained use discounts for predictable workloads
Right-size machine types based on actual usage
Use Autopilot for variable workloads (pay per pod)
Implement cluster autoscaling to scale down during low usage
Use committed use discounts for long-term workloads

Comparison with Other Managed Services

GKE vs EKS (Amazon Elastic Kubernetes Service)

Feature	GKE	EKS
Control Plane Cost	$0.10/hour (Standard), Free (Autopilot)	$0.10/hour
Autopilot Mode	Yes (fully managed)	Fargate (serverless)
Multi-Cluster Management	GKE Hub (native)	Manual/Tools
GCP Integration	Native	Limited
AWS Integration	Limited	Native
Free Control Plane	Yes (Autopilot)	No

Choose GKE if: You’re on Google Cloud, need multi-cluster features, or want Autopilot mode.

Choose EKS if: You’re on AWS or need AWS service integration.

GKE vs AKS (Azure Kubernetes Service)

Feature	GKE	AKS
Control Plane Cost	$0.10/hour (Standard), Free (Autopilot)	Free
Autopilot Mode	Yes	Virtual Nodes (limited)
Windows Support	Limited	Full support
GCP Integration	Native	Limited
Azure Integration	Limited	Native

Choose GKE if: You’re on Google Cloud or need advanced multi-cluster features.

Choose AKS if: You’re on Azure or need Windows containers.

GKE Standard vs Autopilot

Aspect	Standard	Autopilot
Node Management	You manage	GCP manages
Control Plane Cost	$0.10/hour	Free
Node Cost	Compute Engine pricing	Pay per pod resource
Control	Full control over nodes	Limited node control
Use Case	Specific requirements	Simplified operations

Choose Standard if: You need specific node configurations or have predictable workloads.

Choose Autopilot if: You want simplified operations and variable workloads.

Getting Started with GKE

To get started with GKE, you’ll need:

Google Cloud Project - With billing enabled
VPC Network - Virtual private cloud for your cluster
IAM Permissions - For cluster and node pool creation
kubectl - Kubernetes command-line tool
gcloud CLI - For Google Cloud service interaction

Typical workflow:

graph LR A[Create Project] --> B[Enable APIs] B --> C[Create GKE Cluster] C --> D[Create Node Pool] D --> E[Configure kubectl] E --> F[Deploy Applications] style A fill:#e1f5ff style C fill:#fff4e1 style F fill:#e8f5e9

See the Cluster Setup guide for detailed instructions.

Topics

Cluster Setup - Step-by-step guide to creating GKE clusters
Networking - VPC-native networking and service networking
Storage - Persistent Disk, Filestore, and persistent volumes
Security - Workload Identity, Cloud IAM, and security best practices