Enable GKE Enterprise

This page shows you how to enable Google Kubernetes Engine (GKE) Enterprise edition and access enterprise features. GKE Enterprise is an enterprise tier for GKE. To learn more about GKE Enterprise, see GKE editions and the GKE Enterprise technical overview.

To understand the charges that will apply, see GKE pricing.

How do I enable GKE Enterprise?

To use GKE Enterprise features with a given cluster:

• GKE Enterprise must be enabled in the cluster's project.
• The cluster itself must be enrolled in the enterprise tier.

For GKE clusters on Google Cloud, you select whether you want to add and pay for the extra tier of features on a per cluster basis. Once a cluster is enrolled in the GKE Enterprise tier, you are entitled to use all available enterprise features with it.

You can then optionally choose for your cluster to join a fleet to use the full range of GKE Enterprise features. Alternatively, if you are not ready to create a fleet, you can use a subset of standalone enterprise features with the cluster. These include advanced security and compliance insights, Binary Authorization, and richer networking features.

GKE clusters outside Google Cloud are all enterprise-tier clusters and fleet members by default, and cannot change tier. Their fleet host project must have GKE Enterprise enabled. You can learn more about setting up these options in their documentation.

For details of GKE Enterprise features, including features available on Google Cloud without fleet membership, see GKE Enterprise deployment options.

Before you begin

The instructions in this page assume that you already have GKE enabled in your chosen Google Cloud project. If not, do the following:

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Google Kubernetes Engine API.

Enable the API

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Google Kubernetes Engine API.

Enable the API

Enable GKE Enterprise from the command line

To enable GKE Enterprise in a project from the command line, enable the Anthos API in your project as follows, specifying your project ID if you haven't set a default project for the Google Cloud CLI. This also automatically enables the Fleet (GKE Hub) API.

gcloud services enable --project=PROJECT_ID \
   anthos.googleapis.com

You can also enable this API declaratively for your projects by using Terraform:

resource "google_project_service" "default" {
  for_each = toset([
    "anthos.googleapis.com",
    "gkehub.googleapis.com"
  ])
  service            = each.value
  disable_on_destroy = false
}

To learn more about using Terraform, see Terraform support for GKE.

You may need to enable additional APIs for your project to use enterprise features such as Cloud Service Mesh. For details, see the relevant feature guides.

Enroll a cluster on Google Cloud in GKE Enterprise

With a few exceptions GKE clusters on Google Cloud must be explicitly enrolled in the enterprise tier to use GKE Enterprise features, either at cluster creation or by updating an existing cluster.

While optional, we recommend also registering the cluster to the project's fleet. Adding your cluster to a fleet lets you use the full range of GKE Enterprise features. If you don't choose to register your cluster, you can still use GKE Enterprise but with a more limited set of features.

Enroll a new cluster

If you want to use fleet-enabled features with your new cluster, we recommend registering your cluster to the fleet during cluster creation. Enterprise-tier clusters registered to their fleet during cluster creation are created with your chosen fleet-level default settings for a number of enterprise features, and with recommended logs and metrics already enabled. You can learn more about this in Register a new cluster and Set up fleet-level features.

To enroll a cluster in GKE Enterprise during cluster creation, do the following:

gcloud container clusters create-auto CLUSTER NAME \
    --tier enterprise \
    --enable-fleet

Upgrade an existing cluster's tier

To update an existing cluster to use GKE Enterprise:

gcloud container clusters update CLUSTER NAME --tier enterprise

Exceptions to default behavior

In a small number of situations, clusters on Google Cloud are automatically upgraded to GKE Enterprise when they join a fleet. Review this section carefully if you plan to register your clusters to a fleet.

A standard-tier cluster on Google Cloud is automatically upgraded to GKE Enterprise when it joins a fleet if all of the following are true:

• The fleet host project (and cluster project for cross project registrations) has GKE Enterprise enabled.
• The cluster has never been registered to a fleet before.
• The cluster has never had a tier explicitly specified, either at cluster creation or later with a cluster update. This includes:
  • Clusters created using the Google Cloud console before the introduction of cluster tiers.
  • Clusters created with the Google Cloud CLI without the --tier flag.
  • Clusters created using Terraform without the desired_tier field filled in.

Any clusters on Google Cloud that are already using GKE Enterprise are automatically enterprise-tier clusters.

Disable GKE Enterprise

To disable GKE Enterprise for a project or cluster, follow the instructions in Disable GKE Enterprise.