Sole-tenant node clusters

Dataproc clusters can be created on Compute Enginesole-tenant nodes. A sole-tenant nodeis a Compute Engine server that is dedicated to hosting your project'sVMs only. Creating a Dataproc cluster on a sole tenant nodekeeps the cluster's VMs physically separate from VMs in other projects. Theclusters function as standard Dataproc clusters, but withadditional hardware isolation to address security and compliance concerns.

Dataproc sole-tenant node clusters are created in auser-specifiedsole-tenant node group. Each cluster's master, worker, andsecondary worker instances will be created within this sole-tenant node group.

Caution: Dataproc defaults to preemptible VMs forsecondary workers,which are not supported by Compute Engine sole-tenant nodes.If you plan to use secondary workers with your sole-tenant cluster, bymanuallyadding them or using anautoscaling policy that scales up secondary workers, you must set your secondary worker type to non-preemptible.

First steps

  1. SeeBefore you begin.

  2. Create a sole-tenant node template.

  3. Create a sole-tenant node group.

    • Useautoscaling node groupsif you will createautoscaling clustersin the sole-tenant node group.

      Node group autoscaling recommendations:

      • Make sure the node group'smax-nodes is sufficient forthemaxInstances of clusters you will create inthe sole-tenant node group.
      • Use the default ormigrate-within-node-group node groupmaintenance policy; VMs may be unavailable for up to one hourwith therestart-in-place policy.

Creating a sole-tenant cluster

gcloud Command

To create a sole-tenant cluster, pass the--node-group flag to thegcloud dataproc clusters create command.

Flag notes:

  • --region (required): Must match the region of the sole-tenant-group.
  • --node-group (required): You can specify the sole tenant node group name ("node-group-name") or the sole-tenant node group resource URI ("projects/project-id/zones/zone/nodeGroups/node-group-name").
  • --zone (required): The cluster zone must match the sole-tenant node group zone.
gcloud dataproc clusters createcluster-name \    --region=region \    --zone=zone \    --node-group=node group resource name or URI \    ... other args

REST API

Create a sole-tenant cluster using aclusters.create request that specifies theNodeGroupAffinity.nodeGroupUri of the sole-tenant node group.

Note: the cluster zone specified in thezoneUri field must match the sole-tenant node group zone.

An easy way to examine and construct the JSON body of a Dataproc API clusters request is to open the DataprocCreate a cluster Google Cloud console page, fill in the applicable fields on the page, then click theEquivalent REST button at the bottom of the left panel to view the POST request with the completed JSON request body.

Console

Currently, creating a sole-tenant Dataproc cluster is not supported in the Google Cloud console.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.