Deploying Google Kubernetes Engine: Clusters, Node Pools, and Workloads

From VMs to Containers

GKE is Google Cloud's managed Kubernetes service. Google runs the control plane; you run containerized workloads, building on what you learned with Compute Engine.

Two GKE Modes

As of 2026, GKE offers two modes: Standard (you manage node pools) and Autopilot (Google manages nodes, you focus on Pods and workloads).

GKE Standard

In Standard, you pick machine types, node counts, and many cluster options. You pay for control plane (for some clusters) and nodes. Ideal when you need hardware and OS control.

GKE Autopilot

In Autopilot, you do not manage nodes. You specify Pod CPU/memory, and Google provisions capacity. Billing is Pod-based and security best practices are enforced.

Exam Angle

Know when to choose Autopilot vs Standard: Autopilot for simplicity and managed ops; Standard for custom hardware, OS, and advanced tuning.

Autopilot via Console

In Console: Kubernetes Engine > Clusters > Create, select Autopilot, name it `autopilot-demo`, pick a region, keep defaults, and click Create.

Autopilot via gcloud

Use `create-auto` for Autopilot:

```bash

gcloud container clusters create-auto autopilot-demo \

--region=us-central1

```

Standard via gcloud

Use `create` for Standard:

```bash

gcloud container clusters create standard-demo \

--zone=us-central1-a \

--num-nodes=3 \

--machine-type=e2-standard-4

```

Command Pattern to Remember

`create-auto` = Autopilot, no node flags; `create` = Standard, you specify zone/region and node settings. This pattern is a common exam cue.

Zonal Clusters

Zonal clusters run control plane and nodes in one zone (for example `us-central1-a`). They are simpler and cheaper but vulnerable to zone outages.

Regional Clusters

Regional clusters spread control plane and nodes across multiple zones in a region (like `us-central1-a/b/c`), improving availability at higher cost.

When to Use Which

Production, high-availability workloads → regional. Dev/test and cost-sensitive workloads → zonal is often fine.

Exam Cues

`--zone` = zonal; `--region` = regional. Multi-zone resilience hints toward regional clusters or multi-zonal node pools.

Public vs Private

Public clusters expose the control plane via public IP and may give nodes external IPs. Private clusters keep nodes internal-only and can restrict API access.

Why Private?

Private clusters improve isolation: nodes lack public IPs, and the control plane can be reachable only from your VPC or allowed networks.

Key Flags

For Standard: use VPC-native networking plus `--enable-private-nodes` and optionally `--enable-private-endpoint` and master authorized networks.

Networking Tools

Private clusters often rely on Cloud NAT for outbound internet access and VPN/Interconnect or Private Service Connect for private control plane access.

What Are Node Pools?

Node pools are groups of nodes with shared config (machine type, disk, labels). A cluster can have multiple pools for different workloads and cost profiles.

Cluster Autoscaler

Cluster autoscaler changes node counts in a pool based on unschedulable Pods. Enable it with min/max node settings on Standard node pools.

Horizontal Pod Autoscaler

HPA scales Pod replicas using metrics like CPU. It is configured in Kubernetes YAML, not in GKE node pool settings.

Upgrades and Channels

Use release channels (rapid/regular/stable) and enable node auto-upgrade and auto-repair for safer, more automated cluster maintenance.

Autopilot Difference

In Autopilot, you do not manage node pools or cluster autoscaler. Google handles node provisioning and upgrades automatically.

Get Cluster Credentials

Use `gcloud container clusters get-credentials` with the cluster name, region/zone, and project so `kubectl` can reach the GKE API server.

Deployment + Service YAML

A Deployment defines Pods and replica count; a Service with `type: LoadBalancer` exposes them via a Google Cloud external load balancer.

Apply and Inspect

Run `kubectl apply -f hello-deploy.yaml`, then `kubectl get pods` and `kubectl get service` to confirm Pods are running and an external IP is assigned.

Exam Focus

Know that `type: LoadBalancer` provisions a cloud load balancer, and that `get-credentials` is required before using `kubectl` against a new GKE cluster.

Scenario A: Startup Web API

Minimal ops skills, simple web API. Think: Autopilot for managed ops, and likely a regional cluster for higher availability.

Scenario B: GPUs and Spot Nodes

GPU and spot workloads point toward Standard mode with multiple node pools (GPU, general-purpose, spot) plus labels and taints.

Scenario C: Banking Security

Strong isolation needs imply a private cluster: private nodes, private endpoint, VPN/Interconnect, and Cloud NAT for outbound access.