Deploy to a Google Kubernetes Engine cluster

This document describes how to deploy your applications to Google Kubernetes Engineclusters.

Cloud Deploy lets you deploy your container-based workloads to anyGoogle Kubernetes Enginecluster. All Cloud Deploy features are supported when you deploy toGKE targets.

Before you begin

Have one or more GKE clusters to deploy to.
If you don't have any GKE clusters to deploy to, you cancreate them.
Have a Cloud Deploy delivery pipeline.
Make sure yourexecution service accounthas theroles and permissions it needs.

In thisskaffold.yaml file, thedeploy stanza includeskubectl, whichindicates that Skaffold is rendering for, and deploying to, Kubernetes(GKE). And the manifests you use for this application arelisted under there.

Create yourtarget configuration

Each target can be configured in your delivery pipeline YAML, or can be in aseparate file. Also, you can configure more than one target in the same file,but they must be in differentkind: Target stanzas.

Targets must be defined in the same project and region as the delivery pipeline.But the clusters the targets deploy to can be in different projects and regions,as long as the service account has access to those projects.

In the target definition, create agke stanza to point to theGKE cluster:

gke:cluster:projects/[project_name]/locations/[location]/clusters/[cluster_name]

This GKE resource identifier uses the following elements:

[project_name] is the name of the Google Cloud project in whichyou're running this cluster.
The cluster you are deploying to doesnot need to be in the same project asyour delivery pipeline.
[location] is the region in which the cluster was created.
[cluster_name] is the name given to the cluster when it was created.
You can find this name in the list of clusters for your project, in theGoogle Cloud console.

The following is an example target configuration, pointing to a GKEcluster:

      apiVersion: deploy.cloud.google.com/v1      kind: Target      metadata:       name: dev      description: development cluster      gke:       cluster: projects/my-app/locations/us-central1/clusters/my-app-dev-cluster

Create your Skaffold configuration

This section provides and explains an example of a simple Skaffold configurationto use when deploying to a GKE cluster.

The following is anexampleskaffold.yaml file for deployment to aGKE cluster:

apiVersion:skaffold/v4beta7kind:Configmetadata:name:gke-applicationmanifests:rawYaml:-deployment.yamldeploy:kubectl:{}

Using Skaffold with Cloud Deploydescribes in more detail how to use Skaffold with your delivery pipeline.

Prepare your Kubernetes manifests

To deploy your application to GKE, you provideCloud Deploy with one or more Kubernetes manifests, which arerendered and then applied to the targetcluster or clusters to deploy your application.

If you don't have those manifests, create them before you try to deploy usinga Cloud Deploy delivery pipeline.

You canuse Kustomize or Helmto help you create manifests. You can also use Kustomize or Helm if yourmanifests are templated and need to be rendered.

Putting it all together

Now that you have your Kubernetes manifests, yourskaffold.yaml configuration,and your Cloud Deploy target definitions, and you'veregistered your targetsas Cloud Deploy resources, you can nowinvoke your delivery pipelineto create a release and progress it through the progression of targets definedin the pipeline.

Deploy using a proxy

You can specify a proxy for your target GKE cluster. Thisis for organizations that are set up to access their clusters through an HTTPproxy only.

To do so, add aproxyUrl property to thegke stanza in the target config:

gke:cluster:projects/my-app/locations/us-central1/clusters/my-app-dev-clusterproxyUrl:[URL]

WhereURL is the URL of the proxy.

Deploy to a private cluster

You can deploy your application to a private GKE cluster,using one of three options:

Use a DNS endpoint

This is the simplest way to connect to a private cluster.

Enable the DNS-based endpoint on your cluster.
SetdnsEndpoint totrue undergke in thetarget configuration.
If your cluster doesn't have an IP-based endpoint configured, you can skipthis step; Cloud Deploy will connect to the DNS endpoint bydefault since it is the control plane's only endpoint.

Use a Virtual Private Cloud network

You can configure a target to deploy to aprivate GKE clusterconnected to aVirtual Private Cloud network:

Create your private cluster
A private cluster is a VPC-native cluster whose nodes and Pods are isolatedby default from the public internet.
If you plan to use the internal IP of the private cluster target, then setinternalIp totrue undergke in thetarget configuration.
In Cloud Build,create a private worker poolthat you can use to deploy to this private cluster.
Configure the execution environment to use that private pool.
You must use this pool forRENDER. You can also use it forDEPLOY and forVERIFY. Here's an example that usesRENDER andDEPLOY:
```
executionConfigs:-usages:-RENDER-DEPLOYworkerPool:"projects/p123/locations/us-central1/workerPools/wp123"
```

SeeAccess private GKE clusters from Cloud Build private pools using Identity Service for GKEandAccess private GKE clusters with Cloud Build private poolsfor more information.

Project and permissions considerations

You can configure a target to use a private worker pool that can deploy to aprivate cluster. But there are some things to note if resources are in differentprojects.

When Cloud Deploy and the worker pool are in separate projects

To communicate with a private pool that has access to a VPC and that's in adifferent project from your target, the Cloud Deployservice agent needssufficient permissions to talk to that project.

Theexecution service accountalso needs permissions to access the Cloud Storage bucket.

When the worker pool and the cluster are in separate projects

If the private GKE cluster is in a different project fromthe private worker pool, theexecution service accountrequires sufficient permissions to talk to the project the cluster is in.

Use GKE attached clusters targets and connect gateway

You can configure a target to deploy to aprivate GKE clusterwith targets that useGKE attached clustersandconnect gateway.

This approach does not require that you use a Virtual Private Cloud or virtual privatenetwork connections.

What's next

Try thequickstart: deploy an application to GKE
Invoke your delivery pipeline tocreate a release
Learn more aboutconfiguring Cloud Deploy targets
Learn more aboutusing Skaffold with Cloud Deploy
Learn about Cloud Deployexecution environments.
Learn more aboutGKE

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.

Movatterモバイル変換

Deploy to a Google Kubernetes Engine cluster Stay organized with collections Save and categorize content based on your preferences.