GKE deployment options
This page shows the Google Cloud features thatare available on each of the following environments:
- Google Kubernetes Engine (GKE) on Google Cloud
- Google Distributed Cloud (GKE on-premises):
- GKE Multi-Cloud:
- GKE on AWS
- GKE on Azure
- GKE attached clusters,which are third-party Kubernetes clusters registered to yourfleet.
This page is for Operators who define IT solutions and systemarchitecture in accordance with company strategy in coordination with keystakeholders. To learn more about common roles and example tasks that wereference in Google Cloud content, seeCommon GKEuser roles and tasks.
Enable GKE and related features
This section describes how to enable the features that are described onthis page.
Enable GKE
To enable GKE, enable the GKE API.
Enabling this API gives you access to the GKE, which includesthe following features:
- Config Sync
- Policy Controller
- Config Controller
- Migrate to Containers
- GKE Identity Service
- Cloud Logging andCloud Monitoring for GKE system components
- Security posture dashboard
- Node to node encryption
- FQDN network policies
Enable related products and features
To use the following products and features with GKE, you mustenable each of these features individually. For more information, see thefollowing links.
See the following pricing guides for detailed information about how theseproducts and features are billed.
Features available on GKE clusters on Google Cloud
To use some features, you must register the cluster to afleet.You can see which features require fleets in the following table.
A small number of features aren't supported onAutopilotclusters. These are alsoshown in the table.
| Feature | Available on GKE standard clusters | Available on Autopilot clusters | Available without fleet membership |
|---|---|---|---|
| Config Sync | |||
| Policy Controller | |||
| Config Controller | |||
| Cloud Service Mesh in-cluster | |||
| Managed Cloud Service Mesh | |||
| Knative serving | |||
| Migrate to Containers | |||
| GKE Identity Service | |||
| Binary Authorization | |||
| Multi Cluster Ingress | |||
| Cloud Logging and Cloud Monitoring for GKE system components | |||
| Advanced security posture and compliance monitoring | |||
| Node to node encryption | |||
| FQDN network policies |
Features available on clusters outside of Google Cloud
The following tables show which key Google Cloud andGKE features are available on clusters outside ofGoogle Cloud.
For more information about which versions of the featuresare supported on each environment, see theversion supportmatrix.
Plugins and load balancers
GKE clusters outside of Google Cloud use acombination of built-in GKE capabilities along withplatform-native capabilities.
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| Network plugin | ||||||
| Container storage interface (CSI) & hybrid storage | ||||||
| Bundled L4 load balancer | ||||||
| Platform-native load balancers | N/A | N/A | N/A |
Operations and management
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| GKE dashboard in the Google Cloud console | ||||||
| Connect Gateway | ||||||
| Cloud Logging andCloud Monitoring | ||||||
| Prometheus/Grafana |
Security and Identity
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| GKE Identity Service | ||||||
| Fleet workload identity | ||||||
| Cloud Audit Logs | ||||||
| Binary Authorization |
Service management
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| Cloud Service Mesh in-cluster | * | |||||
| Managed Cloud Service Mesh | ||||||
| Service dashboards in the Google Cloud console | * | |||||
| Cloud Service Mesh certificate authority | ||||||
| Cloud Service Mesh integration with Certificate Authority Service |
* For the list of attached clusters that Cloud Service Mesh supports, seeSupported platforms.
Configuration management
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| Policy Controller | * | |||||
| Config Sync | ||||||
| Config Controller |
* To install Policy Controller, AKS clusters must nothave the Azure Policy add-on.
Application deployment
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| Knative serving | ||||||
| Google Cloud Marketplace |
Application migration
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| Migrate to Containers |
VM management
| Feature | GDC (VMware) | GDC (bare metal) | GKE on AWS | GKE on Azure | Attached clusters | GDC (connected) |
|---|---|---|---|---|---|---|
| VM Runtime on Google Distributed Cloud |
What's next
- Version and upgrade support
- Managed Cloud Service Mesh supported features
- In-cluster Cloud Service Mesh supported features
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.