GKE Overview

Google Kubernetes Engine (GKE) is Google Cloud’s fully managed Kubernetes service that eliminates the need to install, operate, and maintain your own Kubernetes control plane. GKE runs the Kubernetes control plane across multiple Google Cloud zones, automatically handles updates and patching, and offers both Standard (you manage nodes) and Autopilot (fully managed) cluster modes.

What Is GKE?

GKE is a managed Kubernetes service where Google Cloud operates the Kubernetes control plane (API server, etcd, scheduler, controller manager) for you. You deploy applications and manage workloads, while Google Cloud ensures the control plane is highly available, secure, and up-to-date.

Think of GKE like a managed database service: Google Cloud handles the complex infrastructure, backups, high availability, and updates, while you focus on using it to run your applications.

graph TB subgraph gcp_managed[GCP Managed - You Don't Manage] CP[Control Plane] --> API[API Server] CP --> ETCD[etcd Database] CP --> SCHED[Scheduler] CP --> CM[Controller Manager] end subgraph your_responsibility[Your Responsibility] VPC[Your VPC Network] --> NODES[Worker Nodes<br/>Standard Mode] NODES --> APPS[Your Applications] NODES --> CONFIG[Node Configuration] end subgraph autopilot[Autopilot Mode] AUTO[Autopilot] --> AUTO_APPS[Your Applications] AUTO --> AUTO_MANAGED[Fully Managed Nodes] end CP -.->|Manages| NODES CP -.->|Manages| AUTO APPS -->|Uses| CP AUTO_APPS -->|Uses| CP style CP fill:#e1f5ff style NODES fill:#fff4e1 style AUTO fill:#e8f5e9 style APPS fill:#f3e5f5

How GKE Differs from Self-Managed Kubernetes

When you run Kubernetes yourself (using kubeadm, kops, or other tools), you’re responsible for everything:

AspectSelf-ManagedGKE StandardGKE Autopilot
Control Plane SetupYou install and configureGCP provides and managesGCP provides and manages
High AvailabilityYou configure multi-masterGCP handles automaticallyGCP handles automatically
UpgradesYou plan and executeGCP handles with your approvalGCP handles automatically
Security PatchesYou apply manuallyGCP applies automaticallyGCP applies automatically
Node ManagementYou manage nodesYou manage nodesGCP manages nodes
BackupsYou configure etcd backupsGCP handles control plane backupsGCP handles everything
MonitoringYou set up monitoringYou set up monitoringGCP provides monitoring
CostInfrastructure costs only$0.10/hour per cluster + nodesPay per pod resource usage

Self-Managed Kubernetes:

  • Full control over control plane and node configuration
  • Responsibility for availability, upgrades, and maintenance
  • Requires Kubernetes expertise for operations
  • Lower cost but higher operational overhead

GKE Standard:

  • Google Cloud manages control plane operations
  • Automatic high availability and health monitoring
  • Simplified upgrades and maintenance
  • You manage nodes (full control)
  • Higher cost but reduced operational burden

GKE Autopilot:

  • Google Cloud manages control plane and nodes
  • Fully managed operations
  • Pay per pod resource usage
  • Minimal operational overhead
  • Best for simplified operations

GKE Architecture

GKE runs across multiple components in your Google Cloud project:

graph TB subgraph region[Google Cloud Region] subgraph gke_service[GKE Service] CP[GKE Control Plane] EP[API Endpoint] end subgraph your_vpc[Your VPC Network] subgraph zone1[Zone 1] N1[Worker Node 1] FW1[Firewall Rules] end subgraph zone2[Zone 2] N2[Worker Node 2] FW2[Firewall Rules] end subgraph zone3[Zone 3] N3[Worker Node 3] FW3[Firewall Rules] end end subgraph gcp_services[Google Cloud Services] IAM[Cloud IAM] PD[Persistent Disk] LB[Cloud Load Balancing] MON[Cloud Monitoring] end end EP -->|kubectl/API| CP CP -->|Manages| N1 CP -->|Manages| N2 CP -->|Manages| N3 N1 --> FW1 N2 --> FW2 N3 --> FW3 N1 -->|Uses| IAM N1 -->|Uses| PD N1 -->|Uses| LB N1 -->|Sends Metrics| MON style CP fill:#e1f5ff style N1 fill:#fff4e1 style N2 fill:#fff4e1 style N3 fill:#fff4e1 style IAM fill:#f3e5f5

Control Plane Components

The GKE control plane consists of:

API Server:

  • Handles all API requests (kubectl, applications, controllers)
  • Validates and processes requests
  • Stores state in etcd
  • Runs across multiple zones

etcd:

  • Distributed key-value store for cluster state
  • Stores all Kubernetes objects (pods, services, deployments, etc.)
  • Replicated across zones for durability

Scheduler:

  • Decides which node should run each pod
  • Considers resource requirements, constraints, and affinity rules
  • Runs as a highly available service

Controller Manager:

  • Runs controllers that maintain desired state
  • ReplicaSet controller, Deployment controller, etc.
  • Ensures actual state matches desired state

Data Plane (Worker Nodes)

Worker nodes run in your VPC network and are your responsibility in Standard mode:

  • Compute Engine VMs - Virtual machines running Kubernetes node components
  • Container Runtime - containerd for running containers
  • kubelet - Agent that communicates with the control plane
  • kube-proxy - Network proxy for service networking
  • VPC CNI - Network plugin for pod networking

Key Features and Capabilities

Standard vs Autopilot Modes

GKE offers two deployment modes:

Standard Mode:

graph TB USER[You] --> CP[Control Plane<br/>GCP Managed] USER --> NODES[Nodes<br/>You Manage] NODES --> APPS[Applications] CP --> CONFIG[Configuration] NODES --> CONFIG style CP fill:#e1f5ff style NODES fill:#fff4e1 style APPS fill:#e8f5e9
  • You manage node pools and nodes
  • Full control over node configuration
  • Choose machine types and sizes
  • Manage node lifecycle
  • Better for specific requirements

Autopilot Mode:

graph TB USER[You] --> CP[Control Plane<br/>GCP Managed] USER --> APPS[Applications] CP --> NODES[Nodes<br/>GCP Managed] NODES --> APPS CP --> AUTO[Auto-Scaling<br/>Auto-Optimization] NODES --> AUTO style CP fill:#e1f5ff style NODES fill:#e8f5e9 style APPS fill:#fff4e1
  • Google Cloud manages nodes automatically
  • Pay only for requested resources (CPU, memory)
  • Automatic scaling and optimization
  • Enhanced security defaults
  • Simplified operations

High Availability

GKE control planes run across multiple zones automatically:

graph TB subgraph region[Single Google Cloud Region] subgraph zone1[Zone 1] API1[API Server 1] ETCD1[etcd 1] end subgraph zone2[Zone 2] API2[API Server 2] ETCD2[etcd 2] end subgraph zone3[Zone 3] API3[API Server 3] ETCD3[etcd 3] end end LB[Load Balancer] --> API1 LB --> API2 LB --> API3 ETCD1 <-->|Replication| ETCD2 ETCD2 <-->|Replication| ETCD3 ETCD3 <-->|Replication| ETCD1 style LB fill:#e1f5ff style API1 fill:#fff4e1 style API2 fill:#fff4e1 style API3 fill:#fff4e1
  • Control plane components distributed across 3+ zones
  • Automatic failover if a component becomes unhealthy
  • No single point of failure for the control plane
  • 99.95% uptime SLA for Standard clusters
  • 99.9% uptime SLA for Autopilot clusters

Google Cloud Integration

GKE integrates deeply with Google Cloud services:

VPC Integration:

  • Native VPC networking with alias IP ranges
  • Firewall rules for network security
  • Private clusters with private endpoints
  • No overlay networks needed

Cloud IAM Integration:

  • Use Cloud IAM for Kubernetes authentication
  • Workload Identity for pod-level Google Cloud permissions
  • No need to manage separate Kubernetes user accounts

Storage Integration:

  • Persistent Disk for block storage
  • Filestore for shared file storage
  • Automatic volume provisioning

Load Balancing:

  • Google Cloud Load Balancing integration
  • HTTP(S) Load Balancing for Ingress
  • Network Load Balancing for services
  • Automatic load balancer creation

Monitoring:

  • Cloud Monitoring for metrics
  • Cloud Logging for log aggregation
  • Cloud Trace for distributed tracing
  • Cloud Operations Suite integration

Security Features

Workload Identity:

  • Pods can assume Google Cloud service accounts
  • No need to store service account keys
  • Secure pod-to-GCP authentication

Binary Authorization:

  • Container image verification
  • Policy enforcement for image deployment
  • Integration with container image registries

Encryption:

  • Control plane encryption at rest (etcd)
  • Encryption in transit (TLS for API server)
  • Persistent Disk encryption support
  • Secrets encryption with Google KMS

Network Security:

  • Private clusters (no public endpoint)
  • Firewall rules for network isolation
  • Network policies with Calico
  • VPC Flow Logs integration

Shielded GKE Nodes:

  • Secure boot
  • Virtual Trusted Platform Module (vTPM)
  • Integrity monitoring

Confidential GKE:

  • Confidential computing support
  • Encrypted memory for sensitive workloads
  • Data in use protection

Multi-Cluster Features

GKE Hub:

  • Multi-cluster management
  • Multi-cluster services
  • Config Sync for GitOps
  • Policy Controller for governance

Multi-Cluster Services:

  • Service discovery across clusters
  • Load balancing across clusters
  • Geographic distribution

Use Cases and When to Choose GKE

Ideal Use Cases

Google Cloud-Native Applications - Applications already using Google Cloud services (Cloud SQL, Cloud Storage, Pub/Sub)

Multi-Cluster Requirements - Need advanced multi-cluster management features

Autopilot Simplicity - Want fully managed operations with minimal overhead

Kubernetes Expertise - Benefit from Google’s Kubernetes expertise (original creators)

Security-First Organizations - Need Binary Authorization, Workload Identity, and confidential computing

Global Workloads - Need multi-region deployment with GKE Hub

Cost Optimization - Want to use preemptible VMs and sustained use discounts

Simplified Operations - Prefer Autopilot mode for minimal node management

When to Consider Alternatives

Non-GCP Infrastructure - If you’re primarily on AWS or Azure, their managed services may be better

Very Small Clusters - For small development clusters, GKE control plane cost ($0.10/hour) may be excessive

Full Control Required - If you need to customize control plane components extensively

Specific Node Requirements - If you need very specific node configurations not supported by Autopilot

Pricing Model

GKE pricing consists of different components depending on cluster mode:

Standard Mode Pricing

Control Plane Cost:

  • $0.10 per hour per cluster (~$73/month)
  • Covers control plane management and high availability
  • Charged regardless of cluster size or usage
  • No additional charges for control plane operations

Data Plane Cost: You pay for the resources you use:

  • Compute Engine VMs - Standard Compute Engine pricing for worker nodes
  • Persistent Disk - Storage costs for persistent volumes
  • Data Transfer - Standard Google Cloud data transfer pricing
  • Load Balancers - Cloud Load Balancing costs if used
  • Other Google Cloud Services - Cloud Monitoring, Cloud Logging, etc.

Autopilot Mode Pricing

No Control Plane Cost:

  • Control plane included at no additional charge
  • No per-cluster hourly fee

Pay Per Pod Resource:

  • CPU - $0.0004875 per vCPU-second
  • Memory - $0.0000025 per GiB-second
  • Storage - Persistent Disk costs apply
  • Pay only for requested resources (requests, not usage)
  • No charge for node infrastructure

Example Autopilot Cost:

Pod with 1 vCPU and 2 GiB memory:
CPU: 1 vCPU × $0.0004875/sec × 86,400 sec/day = $42.12/day
Memory: 2 GiB × $0.0000025/sec × 86,400 sec/day = $0.432/day
Total: ~$42.55/day per pod (if running 24/7)

Cost Optimization Strategies

  • Use preemptible VMs for non-critical workloads (up to 80% savings)
  • Use sustained use discounts for predictable workloads
  • Right-size machine types based on actual usage
  • Use Autopilot for variable workloads (pay per pod)
  • Implement cluster autoscaling to scale down during low usage
  • Use committed use discounts for long-term workloads

Comparison with Other Managed Services

GKE vs EKS (Amazon Elastic Kubernetes Service)

FeatureGKEEKS
Control Plane Cost$0.10/hour (Standard), Free (Autopilot)$0.10/hour
Autopilot ModeYes (fully managed)Fargate (serverless)
Multi-Cluster ManagementGKE Hub (native)Manual/Tools
GCP IntegrationNativeLimited
AWS IntegrationLimitedNative
Free Control PlaneYes (Autopilot)No

Choose GKE if: You’re on Google Cloud, need multi-cluster features, or want Autopilot mode.

Choose EKS if: You’re on AWS or need AWS service integration.

GKE vs AKS (Azure Kubernetes Service)

FeatureGKEAKS
Control Plane Cost$0.10/hour (Standard), Free (Autopilot)Free
Autopilot ModeYesVirtual Nodes (limited)
Windows SupportLimitedFull support
GCP IntegrationNativeLimited
Azure IntegrationLimitedNative

Choose GKE if: You’re on Google Cloud or need advanced multi-cluster features.

Choose AKS if: You’re on Azure or need Windows containers.

GKE Standard vs Autopilot

AspectStandardAutopilot
Node ManagementYou manageGCP manages
Control Plane Cost$0.10/hourFree
Node CostCompute Engine pricingPay per pod resource
ControlFull control over nodesLimited node control
Use CaseSpecific requirementsSimplified operations

Choose Standard if: You need specific node configurations or have predictable workloads.

Choose Autopilot if: You want simplified operations and variable workloads.

Getting Started with GKE

To get started with GKE, you’ll need:

  1. Google Cloud Project - With billing enabled
  2. VPC Network - Virtual private cloud for your cluster
  3. IAM Permissions - For cluster and node pool creation
  4. kubectl - Kubernetes command-line tool
  5. gcloud CLI - For Google Cloud service interaction

Typical workflow:

graph LR A[Create Project] --> B[Enable APIs] B --> C[Create GKE Cluster] C --> D[Create Node Pool] D --> E[Configure kubectl] E --> F[Deploy Applications] style A fill:#e1f5ff style C fill:#fff4e1 style F fill:#e8f5e9

See the Cluster Setup guide for detailed instructions.

Topics

  • Cluster Setup - Step-by-step guide to creating GKE clusters
  • Networking - VPC-native networking and service networking
  • Storage - Persistent Disk, Filestore, and persistent volumes
  • Security - Workload Identity, Cloud IAM, and security best practices

See Also