Skip to content

What is it?

The GKE Autopilot Template is a pre built system template designed for managing Google Kubernetes Engine (GKE) Autopilot cluster lifecycle management, covering both day-0 and day-2 operations. This template is part of the Template Catalog under the Kubernetes Lifecycle Management section and enables organizations to create self-service workflows for end users without requiring extensive configuration knowledge.

This template provides comprehensive GKE Autopilot management capabilities and is fully supported with regular updates and new features added over time. With these templates, administrators can follow two simple steps to provide a self-service experience for their end users:

  1. Configure and customize the system template (provide credentials, specify defaults, and determine what values end users can/cannot override) in a project owned by the Platform team
  2. Publish by sharing the template with end user projects

Prerequisites

Before consuming the GKE Autopilot Template, ensure you have the following prerequisites in place:

1. Healthy GitOps Agent

  • Deploy a healthy GitOps agent that drives the workflow
  • The agent can be deployed as:
  • Docker container
  • Kubernetes deployment
  • The agent's network must have reachability to the network where GKE Autopilot clusters will be created
  • Refer to the GitOps Agent setup documentation for detailed configuration

2. Valid Rafay API Key

  • Obtain a valid Rafay API key for authentication
  • The API key should have appropriate permissions for GKE Autopilot template operations
  • Refer to the API Key management documentation for setup instructions

3. Google Cloud Service Account Credentials

  • Configure valid Google Cloud Service Account credentials with permissions for:
  • Authentication
  • GKE Autopilot lifecycle management operations
  • The service account should have the necessary IAM roles for GKE cluster management
  • Refer to the GKE credentials documentation for detailed setup instructions

Configuration

The GKE Autopilot System Template includes the following configuration sections:

1. Agent Configuration

  • GitOps Agent or Agent Pools can be configured at the template level or added at runtime during environment deployment
  • Drives workflow execution.

2. Rafay-Specific Configuration

  • Blueprint specification for the cluster configuration
  • Project name where the GKE Autopilot cluster will be created
  • Defines the Rafay platform configuration

3. Google Cloud GKE Autopilot Configuration

  • Google Cloud-specific settings for GKE Autopilot cluster creation and management
  • Includes region, networking, and other GKE Autopilot-specific parameters
  • Note: GKE Autopilot manages node pools automatically, so node pool configuration is not required

4. Credentials

  • Rafay API Key for platform authentication
  • Google Cloud Credentials (Service Account)
  • Can be configured at the template level or applied at runtime during environment deployment

Workflow Overview

The GKE Autopilot Template follows a centralized configuration model where platform administrators first configure and customize the template in a central project, then share it with end-user projects for consumption.

graph TD
    A[Template Catalog] --> B[Platform Admin: Get Started]
    B --> C[Share to Central Project]
    C --> D[Configure Template]
    D --> E[Customize Input Variables]
    E --> F[Set Schedules Optional]
    F --> G[Share to End User Projects]
    G --> H[End Users Deploy GKE Autopilot Clusters]

Step-by-Step Guide

Step 1: Locate and Initialize the GKE Autopilot Template

  1. Navigate to the Template Catalog from the home page
  2. Under Kubernetes Lifecycle Management, locate the GKE Autopilot card
  3. Click the Get Started button
  4. Provide the following details:
  5. Template name for your organization
  6. Version identifier
  7. Central project where you'll configure the template before sharing

Screenshot: Template Catalog with GKE Autopilot card highlighted

Step 2: Configure the Template

Once the GKE Autopilot template is shared to your central project, configure the essential components:

2.1 Add GitOps Agent

  • Configure the GitOps agent at the template level
  • This agent will drive the workflow execution for the deployment.

Screenshot: Agent configuration section

2.2 Set Up Configuration Context

  • Configure the gke-autopilot-env-vars context with:
  • Google Cloud credentials (Service Account)
  • Rafay API key for authentication
  • Lock the credentials to prevent end users from modifying them

Screenshot 1: Configuration context with locked credentials

2.3 Lock Down Credentials

Screenshot 2: Configuration context with locked credentials

This screenshot shows one variable locking, but you can apply the same approach to other credential variables. Set them as non-overrideable so users cannot see or modify them so that credentials are handled implicitly for end users.

Step 3: Customize Input Variables

Platform administrators can customize which variables to expose to end users:

3.1 Set Default Values

  • Blueprint name and version for cluster configuration
  • Region for GKE Autopilot cluster deployment
  • Kubernetes version for the cluster
  • Cluster tags for resource organization

3.2 Restrict User Inputs

  • Location restrictions (e.g., only allow specific Google Cloud regions)
  • Blueprint restrictions (e.g., only allow approved blueprints)
  • Resource limits (e.g., maximum resource requests)

Screenshot 1: Input variables customization interface

2.4 Customize Input Variables

Screenshot 2: Input variables customization interface

Step 4: Configure Schedules (Optional)

Set up automated schedules for cluster lifecycle management:

  • Destroy schedule (e.g., destroy clusters at end of business day)
  • Deploy schedule (e.g., recreate clusters in the morning)
  • Maintenance windows for updates

Screenshot: Schedule configuration options

Step 5: Share with End User Projects

Once configuration is complete, save it as an active version and share the template with end-user projects: 1. Navigate to the template sharing settings 2. Select target end-user projects 3. Publish the template for consumption

Screenshot: Template sharing interface

Configuration Flexibility

This workflow provides flexibility for different organizational needs:

  • Fully Managed: Platform admin configures all settings, end users simply deploy
  • Hybrid Approach: Some settings pre-configured, others left for end users
  • User-Driven: Minimal pre-configuration, maximum end-user control

The recommended approach is the fully managed configuration, which reduces the burden on end users while maintaining security and compliance standards.

End User Flow

Once the platform administrator shares the GKE Autopilot template to end-user projects, end users can easily deploy GKE Autopilot clusters with minimal configuration effort.

Step 1: Access the Shared Template

  1. Navigate to your project where the GKE Autopilot template has been shared
  2. Locate the GKE Autopilot Template in your available templates
  3. Click Launch to begin the deployment process

Screenshot: End user project view with GKE Autopilot template available

Step 2: Configure Template Inputs

Based on the configuration exposed by the platform administrator, provide the necessary inputs:

2.1 Required Configuration

  • Cluster name for your GKE Autopilot deployment
  • Project ID (if not pre-configured)
  • Region (if multiple regions are allowed)
  • Resource requests (CPU and memory requirements)

2.2 Optional Configuration

  • Cluster tags for resource organization
  • Network configuration (if exposed by admin)
  • Additional labels or annotations

Screenshot: End user configuration form with input fields

Step 3: Deploy or Save Configuration

After providing all required inputs, you have two options:

Option 1: Save and Continue Later

  • Click Save to store your configuration
  • Return later to complete the deployment

Option 2: Save and Deploy

  • Click Save & Deploy to immediately start the deployment process
  • The GKE Autopilot cluster creation will begin automatically

Screenshot: Save and Deploy options

Step 4: Monitor Deployment Progress

Track the deployment progress through the status indicators. The screenshot below shows how to monitor your deployment status.

Screenshot: Deployment progress monitoring interface

Approval Required

After the plan phase completes successfully, the deployment will be blocked and require your approval before proceeding with the actual cluster creation. You must explicitly approve the deployment to continue with the GKE Autopilot cluster provisioning. This approval step ensures you have reviewed the planned changes before they are applied to your environment.

Step 5: Access Cluster Resources

Once the deployment status shows Success, you will receive the following output configuration:

5.1 Cluster Access Information

  • Kubeconfig file for cluster access

5.2 Resource Information

  • Google Cloud project where cluster was created
  • GKE Autopilot cluster details and status

Post-Deployment Information

Once the deployment is finished and shows success, the cluster will be visible under the Infrastructure tab for monitoring and dashboard purposes. All day-2 operations are available using template edit functionality - you can change values and redeploy as needed. Note that GKE Autopilot manages the underlying infrastructure automatically, so you only need to specify your workload requirements.

Step 6: Verify Cluster Access

Test your cluster access using the provided kubeconfig:

# Set kubeconfig
export KUBECONFIG=/path/to/kubeconfig

# Verify cluster access
kubectl get nodes
kubectl get namespaces

Benefits for End Users

  • Simplified Deployment: Pre-configured templates reduce complexity
  • Consistent Configuration: Standardized settings across all deployments
  • Security: Credentials managed by platform administrators
  • Compliance: Built-in governance and policy enforcement
  • Self-Service: Deploy clusters without waiting for platform team assistance