The product described by this documentation, GKE on Azure, is now in maintenance mode and will be shut down on March 17, 2027.

Deploy an application on GKE on Azure

This page describes how to create a cluster and node pool, and then deploy asample application using GKE on Azure.

Terraform support

If you're familiar with Terraform, you can use theTerraform scripts available on GitHub to automate the prerequisites and create a cluster.

Before you begin

Before creating a cluster, you must complete theprerequisites. In particular, you mustprovide the following resources:

An Azure virtual network where the cluster will run.
A subnet for the Kubernetes control plane replicas.
Azure role assignments that will grant GKE on Azure access to yourAzure environment using a service principal.
A AzureClient resource that GKE on Azure uses to authenticateto Azure services and manage resources in your Azure account.
An SSH key pair for accessing Azure virtual machines in the cluster.

It is your responsibility to create and manage these resources, which can beshared between all your clusters. All other underlying Azure resources for yourcluster are managed by GKE on Azure.

Set default settings for the gcloud CLI

Use the gcloud CLI to configure default settings for yourdefault project and Google Cloud region.

Your project has a project ID as a unique identifier. When you create aproject, you can use the automatically generated project ID or you can createyour own.

Your Google Cloud region is a location where your clusters will be managedfrom. For example,us-west1. SeeManagement regions for more details.

When you configure these default settings, you don't need to include them whenyou run the Google Cloud CLI. You can also specify settings or override defaultsettings by passing the--project and--location flags to theGoogle Cloud CLI.

When you create GKE on Azure resources after configuring your defaultproject and location, the resources are automatically created in that projectand location.

Note: The gcloud CLI might return an error if these settings areeither not configured or not specified.

To set defaults, follow these steps:

Set the default project:
```
gcloud config set projectPROJECT_ID
```
ReplacePROJECT_ID with your project ID.
Set the default management location:
```
gcloud config set container_azure/locationGOOGLE_CLOUD_LOCATION
```
ReplaceGOOGLE_CLOUD_LOCATION with your location,such asus-west1.

Note: thecontainer_azure/location property was previously namedazure/location. If you have previously set the propertyazure/location, itsvalue is copied tocontainer_azure/location next time yourun a command.

Select Azure resource IDs for your cluster

Select a resource group ID

Save your cluster's resource group to an environment variablerunning the following command:

CLUSTER_RESOURCE_GROUP_ID=$(azgroupshow--queryid--outputtsv\--resource-group=CLUSTER_RESOURCE_GROUP_NAME)

ReplaceCLUSTER_RESOURCE_GROUP_NAME with the name of the resource group to provision your cluster resources in, that you set up in the Create an Azure resource group prerequisite step.

Select a virtual network ID

Save your cluster's VNet ID to an environment variable by running the followingcommand:

VNET_ID=$(aznetworkvnetshow--queryid--outputtsv\--resource-group=VNET_RESOURCE_GROUP_NAME\--name=VNET_NAME)

Replace the following:

VNET_RESOURCE_GROUP_NAME with the name of the resource groupthat contains your virtual network, as set up in theCreate an Azure virtual networkprerequisite step.
VNET_NAME with the name of your virtual network, as set up in theCreate an Azure virtual networkprerequisite step.

Select a subnet ID

Save your cluster's subnet ID to an environment variable by running the following command:

SUBNET_ID=$(aznetworkvnetsubnetshow--queryid--outputtsv\--resource-groupVNET_RESOURCE_GROUP_NAME\--vnet-nameVNET_NAME\--nameSUBNET_NAME)

Replace:

VNET_RESOURCE_GROUP_NAME with an existing resource groupname that contains your virtual network. This can be the resource group namethat you set up inCreate an Azure virtual network.
VNET_NAME with the name of your virtual network. This canbe the name of your virtual network that you set up inCreate an Azure virtual network.
SUBNET_NAME with the name of your subnet— forexample,default.

Select CIDR ranges for your cluster

Kubernetes requires two CIDR ranges to be provided for the cluster. These CIDRranges should be chosen so that they do not overlap with CIDR ranges used byyour VPC subnets. They should be large enough for the maximum expected size ofyour cluster.

Pod address CIDR range: When a newPod is created, it is allocated an IPaddress from this range. Example range: 192.168.208.0/20
Service address CIDR range: When a new Service is created, it isallocated an IP address from this range. Example range: 192.168.224.0/20

Create a cluster

Use the following command to create a cluster under GKE on Azure.

gcloudcontainerazureclusterscreateazure-cluster-0\--cluster-version1.33.4-gke.900\--azure-regionAZURE_REGION\--fleet-projectFLEET_PROJECT_ID\--clientCLIENT_NAME\--resource-group-id$CLUSTER_RESOURCE_GROUP_ID\--vnet-id$VNET_ID\--subnet-id$SUBNET_ID\--pod-address-cidr-blocksPOD_CIDR_BLOCK\--service-address-cidr-blocksSERVICE_CIDR_BLOCK\--ssh-public-key"SSH_PUBLIC_KEY"\--tags"google:gkemulticloud:cluster=azure-cluster-0"

Replace:

AZURE_REGION: asupported Azure regionassociated to your Google Cloud region
FLEET_PROJECT_ID with thefleet host project ID where thecluster will be registered.
CLIENT_NAME: yourAzureClientname.
POD_CIDR_BLOCK: your cluster'sPod address range
SERVICE_CIDR_BLOCK: your cluster'sService address range
SSH_PUBLIC_KEY with the text of your SSH public key ascreated in theCreate an SSH key pairprerequisite step. If you saved your public key to an environment variable inthat step, you can use${SSH_PUBLIC_KEY}.

For more information and optional parameters, see thegcloud container azure clusters createreference page.

Create a node pool

Create a node pool with the Google Cloud CLI:

gcloudcontainerazurenode-poolscreatepool-0\--clusterazure-cluster-0\--node-version1.33.4-gke.900\--vm-sizeStandard_B2s\--max-pods-per-node110\--min-nodes1\--max-nodes5\--ssh-public-key"SSH_PUBLIC_KEY"\--subnet-id$SUBNET_ID\--tags"google:gkemulticloud:cluster=azure-cluster-0"

ReplaceSSH_PUBLIC_KEY with the text of your SSH public key, as created in theCreate an SSH key pair prerequisite step. If you saved your public key to an environment variable, you can use${SSH_PUBLIC_KEY}.

View your cluster status

After you create a cluster and node pool, you can view a cluster's status withthe Google Cloud CLI or the Google Cloud console. To view the cluster's status,choose if you are using the Google Cloud CLI or Google Cloud console and follow thesesteps:

gcloud

Use thegcloud container azure clusters describe command to get detailsabout your cluster:

gcloud container azure clusters describeCLUSTER_NAME \    --locationGOOGLE_CLOUD_LOCATION

Replace the following:

CLUSTER_NAME: your cluster's name
GOOGLE_CLOUD_LOCATION: the name of the Google Cloudlocation that manages the cluster

Google Cloud console

In the Google Cloud console, go to theGoogle Kubernetes Engine clustersoverview page.
Go to GKE clusters
Your clusters are listed by their name and location.
Click the cluster's name. A panel with information on the cluster,including its status and enabled features, appears.

Get authentication credentials for the cluster

After creating your cluster, you need to get authentication credentials tointeract with the cluster:

gcloud container azure clusters get-credentials azure-cluster-0

This command configureskubectl to access the cluster you created usingConnect gateway. You need atleast one node pool to use Connect gateway because it relies on theConnect agent, which runs as a Deployment in the cluster.

Deploy an application to the cluster

Now that you have created a cluster, you can deploy a containerized applicationto it. For this quickstart, you can deploy our example web application,hello-app.

You use Kubernetes objects to create and manage yourcluster's resources. You use the Deployment object for deployingstateless applications like web servers.Service objects define rulesand load balancers for accessing your application from the internet.

Create the Deployment

To runhello-app in your cluster, you need to deploy the application byrunning the following command:

kubectl create deployment hello-server --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0

This Kubernetes command,kubectl create deployment creates a Deployment namedhello-server. The Deployment'sPod runs thehello-app container image.

In this command:

--image specifies a container image to deploy. In this case, the commandpulls the example image from an Artifact Registry repository,us-docker.pkg.dev/google-samples/containers/gke/hello-app. The:1.0indicates the specific image version to pull. If you don't specify aversion, the image tagged withlatest is used.

Expose the Deployment

After deploying the application, you need to expose it to the internet so thatusers can access it. You can expose your application by creating a Service, aKubernetes resource that exposes your application to external traffic.

To expose your application, run the followingkubectl expose command:

kubectl expose deployment hello-server --type LoadBalancer --port 80 --target-port 8080

Passing in the--type LoadBalancer flag creates an Azure loadbalancer for your container. The--port flag initializes public port 80 to theinternet and the--target-port flag routes the traffic to port 8080 of theapplication.

Load balancers are billed according to Azure load balancer pricing.

Inspect and view the application

Inspect the running Pods by usingkubectl get pods:
```
kubectl get pods
```
You should see onehello-server Pod running on your cluster.
Inspect thehello-server Service by usingkubectl get service:
```
kubectl get service hello-server
```
From this command's output, copy the Service's external IP address from theEXTERNAL-IP column.
Note: You might need to wait several minutes before the Service'sexternal IP address is available. If the application's external IP is<pending>, runkubectl get service again.
View the application from your web browser by using the external IP with theexposed port:
```
http://EXTERNAL-IP
```

You have just deployed a containerized web application toGKE on Azure.

Clean up

Delete the application's Service and Deployment:

kubectl delete service hello-serverkubectl delete deployment hello-server

Delete your node pool by runninggcloud container azure node-pools delete:

gcloud container azure node-pools delete pool-0 --cluster azure-cluster-0

Delete your cluster by runninggcloud container azure clusters delete:
```
gcloud container azure clusters delete azure-cluster-0
```

What's next

Install Anthos Config Management

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-24 UTC.

Movatterモバイル変換