Go back

Article

Sep 29, 2025

How to Set Up a GKE Cluster on Google Cloud (Step‑by‑Step)

A complete step-by-step guide to setting up a Google Kubernetes Engine (GKE) cluster on Google Cloud. Learn how to create your cluster, connect with kubectl, deploy a sample app, and enable HTTPS with a managed certificate.

What You’ll Build

  • A GKE Autopilot cluster (or Standard option)

  • kubectl access from your machine

  • A sample app exposed with a LoadBalancer

  • (Optional) HTTPS with ManagedCertificate + Ingress

Prerequisites

  • A Google Cloud project with billing enabled

  • Installed: gcloud CLI and kubectl

  • (Optional) A domain name you control for HTTPS

Set your working variables (customize these values):

export PROJECT_ID="astro-ops-prod"
export REGION="us-east1"
export ZONE="us-east1-b"
export CLUSTER_NAME="astro-autopilot"

1) Authenticate and Select Project

gcloud auth login
gcloud config set project $PROJECT_ID

Enable required APIs:

gcloud services enable \
  container.googleapis.com \
  compute.googleapis.com

2) Create a GKE Autopilot Cluster (Recommended)

gcloud container clusters create-auto $CLUSTER_NAME \
  --region $REGION \
  --release-channel regular

✅ Autopilot bills by Pod usage and manages nodes for you.

(Optional) Standard Cluster

export CLUSTER_STD="astro-standard"

gcloud container clusters create $CLUSTER_STD \
  --zone $ZONE \
  --num-nodes 2 \
  --machine-type e2-standard-2 \
  --enable-ip-alias \
  --release-channel regular

3) Get Cluster Credentials

gcloud container clusters get-credentials $CLUSTER_NAME --region $REGION
# For Standard:
# gcloud container clusters get-credentials $CLUSTER_STD --zone $ZONE

kubectl get nodes

You should see nodes in the Ready state.

4) Deploy a Sample App

kubectl create namespace demo

kubectl -n demo create deployment hello \
  --image=gcr.io/google-samples/hello-app:1.0

kubectl -n demo expose deployment hello \
  --type=LoadBalancer \
  --port=80 --target-port=8080

kubectl -n demo get svc hello -w

Visit the EXTERNAL-IP shown to test the app.

5) (Optional) Enable HTTPS

Reserve a static IP:

gcloud compute addresses create gke-hello-ip --global
export STATIC_IP=$(gcloud compute addresses describe gke-hello-ip --global --format='value(address)')
echo "Point your DNS A record for demo.example.com → $STATIC_IP"

Create Ingress + ManagedCertificate:

# k8s-ingress.yaml
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: demo-cert
  namespace: demo
spec:
  domains:
    - demo.example.com
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
  namespace: demo
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.global-static-ip-name: "gke-hello-ip"
    networking.gke.io/managed-certificates: "demo-cert"
spec:
  rules:
  - host: demo.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: hello
            port:
              number: 80

Apply it:

kubectl apply -f k8s-ingress.yaml
kubectl -n demo get managedcertificate demo-cert -w

When status = Active, test https://demo.example.com.

6) Basic RBAC & Namespace Hygiene

kubectl create namespace team-ops
kubectl -n team-ops create role readonly --verb=get,list,watch --resource=pods,services,deployments
kubectl -n team-ops create rolebinding ops-view --role=readonly --user you@yourdomain.com

7) Clean Up

kubectl delete ns demo
gcloud container clusters delete $CLUSTER_NAME --region $REGION
gcloud compute addresses delete gke-hello-ip --global

Troubleshooting

  • Permission errors: Ensure you enabled container.googleapis.com and have roles/container.admin.

  • LB stuck Pending: Check quotas and confirm your region supports GCLB.

  • Wrong context: Run kubectl config get-contexts and re-run get-credentials.