Google Kubernetes Engine (GKE) Basics

GKE is a managed Kubernetes platform on Google Cloud for deploying, scaling, and operating containerized applications. This skill defaults to the golden path Autopilot configuration — see gke-golden-path.md for defaults, rules, and guardrails.

Quick Start

gcloud services enable container.googleapis.com
gcloud container clusters create-auto my-cluster --region=us-central1
gcloud container clusters get-credentials my-cluster --region=us-central1
kubectl create deployment hello-server \
  --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0

Reference Directory

Load the relevant reference based on trigger keywords. Prefer the most specific match; if ambiguous, ask the user to clarify.

Scenario	Trigger Keywords	Reference
Core Concepts	Autopilot vs Standard, architecture, pricing, what is GKE	core-concepts.md
Golden Path & Defaults	golden path, Day-0 checklist, production defaults, cluster defaults	gke-golden-path.md
Cluster Creation	create cluster, new cluster, provision GKE	gke-cluster-creation.md
Networking	private cluster, VPC, subnet, Gateway API, DNS, ingress, egress, datapath	gke-networking.md
Security & IAM	Workload Identity, Secret Manager, RBAC, Binary Auth, hardening, audit, gVisor, IAM roles	gke-security.md
Scaling	HPA, VPA, autoscaler, autoscaling, NAP, scale pods, scale nodes	gke-scaling.md
Compute Classes	ComputeClass, machine family, Spot fallback, GPU node pool, node selection	gke-compute-classes.md
Cost	cost, savings, Spot VMs, rightsizing, CUD, optimize spend, budget	gke-cost.md
AI/ML Inference	inference, model serving, LLM, GPU, TPU, GIQ, vLLM	gke-inference.md
Upgrades	upgrade, maintenance window, release channel, patching, version	gke-upgrades.md
Observability	monitoring, logging, Prometheus, Grafana, metrics, alerts, dashboards	gke-observability.md
Multi-tenancy	multi-tenant, namespace isolation, team access, enterprise, RBAC planning	gke-multitenancy.md
Batch & HPC	batch, HPC, job queue, high performance, MPI, parallel	gke-batch-hpc.md
App Onboarding	containerize, deploy app, Dockerfile, onboard, migrate to GKE	gke-app-onboarding.md
Backup & DR	backup, restore, disaster recovery, CMEK	gke-backup-dr.md
Storage	storage, PVC, persistent volume, StorageClass, Filestore, GCS FUSE	gke-storage.md
Reliability	PDB, health probe, liveness, readiness, topology spread, graceful shutdown	gke-reliability.md
Client Libraries	client library, client-go, kubernetes python, kubernetes java, kubernetes SDK	client-library-usage.md
Infrastructure as Code	Terraform, IaC, HCL, infrastructure as code	iac-usage.md
MCP Server	MCP tools, MCP server, MCP setup	mcp-usage.md
CLI / Tools	gcloud, kubectl, commands, how to	cli-reference.md
Production Audit	production readiness, compliance, golden path check	gke-cluster-creation.md

If you need product information not found in these references, use the Developer Knowledge MCP server search_documents tool.

Files27

27 files · 115.4 KB

Select a file to preview

Overall Score

88/100

Grade

A

Excellent

Safety

92

Quality

87

Clarity

88

Completeness

82

Summary

This skill provides comprehensive guidance for planning, creating, and operating production-ready Google Kubernetes Engine (GKE) clusters using the golden path Autopilot configuration. It covers cluster creation, networking, security, observability, scaling, cost optimization, AI/ML inference, and multi-tenancy through a modular set of 18 reference documents plus YAML examples and a dispatch routing table.

Static Analysis Findings

1 finding

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Command Injection

SEC-011Dynamic Shell Eval

Shell eval/exec of dynamic content

references/cli-reference.mdexec`

80% confidenceCWE-94: Code Injection

Detected Capabilities

GKE cluster creation and management (Autopilot and Standard modes)Kubernetes resource operations (apply, patch, delete manifests)Network policy and security configurationWorkload identity and secret managementPod autoscaling (HPA, VPA) and node autoprovisioningStorage configuration (PersistentVolumes, StorageClasses, CSI drivers)Multi-tenancy setup (namespace isolation, RBAC, quotas)Observability and monitoring (Cloud Logging, Cloud Monitoring, Prometheus)Cost optimization (Spot VMs, rightsizing, ComputeClasses)AI/ML inference deployment and GPU/TPU configurationDisaster recovery and backup automationIaC with Terraform and kubectl/gcloud CLI

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

create gke clustergke security hardeninggke networking privatekubernetes autoscalinggke cost optimizationgke inference deploymentgke multi-tenancygke observability setupworkload identity gkegke cluster upgrade

Risk Signals

INFO

SEC-011 (command-injection): Shell exec/eval of dynamic content

references/cli-reference.md

Referenced Domains

External domains referenced in skill content, detected by static analysis.

cloud.google.comdocs.cloud.google.comgithub.comraw.githubusercontent.comregistry.terraform.iowww.apache.org

Use Cases

Create a new production GKE Autopilot cluster with golden path defaults
Design secure, private networking for GKE with Dataplane V2
Configure workload identity and secrets management for GKE applications
Plan and implement horizontal/vertical pod autoscaling and cost optimization
Deploy AI/ML inference models (LLMs, Gemma, Llama) on GKE using GIQ
Set up multi-tenant cluster isolation with RBAC, namespaces, and quotas
Implement observability: monitoring, logging, and control-plane metrics
Migrate containerized applications to GKE with best practices
Configure reliability features: PDBs, health probes, graceful shutdown
Manage cluster upgrades, maintenance windows, and release channels

Quality Notes

Excellent modular structure with clear dispatch table mapping trigger keywords to specific reference documents
Comprehensive YAML examples (HPA, VPA, Workload Identity, default-deny NetworkPolicy, Deployment manifests) are well-documented and secure
Golden path configuration is clearly defined in assets/golden-path-autopilot.yaml with explicit policy-level settings and customer-configurable options documented
Strong security foundation: default-deny networking, Workload Identity, Secret Manager rotation, RBAC hardening, and Pod Security Standards all covered
Tool preference matrix (MCP > gcloud > kubectl) is explicit and helpful for agents; fallback paths documented with examples
Error handling guidance provided: quota exceeded, IP exhaustion, Workload Identity troubleshooting, private cluster access patterns
Cost optimization section is detailed (Spot VMs, rightsizing, CUDs, multi-tenant cost allocation)
References are well-organized by domain (networking, security, scaling, observability, storage, reliability) — easy for agents to navigate
Day-0 vs Day-1 decision framework is clearly flagged (e.g., 'private nodes cannot be changed post-creation')
AI/ML inference workflow is concrete (GIQ discovery, manifest generation, accelerator selection) with cost trade-offs
Multi-tenancy guidance includes practical RBAC templates and cost attribution patterns
No hardcoded credentials or secrets in any file; all templates use placeholders (<PROJECT_ID>, <CLUSTER_NAME>, etc.)
YAML samples follow Kubernetes best practices: resource requests/limits, security contexts (runAsNonRoot, readOnlyRootFilesystem), probes, PDBs

Model: claude-haiku-4-5-20251001Analyzed: May 2, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

gke-basics