GKE Cluster Creation

This reference guides creating GKE clusters. The golden path Autopilot configuration is the default for all new clusters.

MCP Tools: list_clusters, create_cluster, get_cluster, list_operations, get_operation

Workflow

Discover context: Use list_clusters to see existing clusters. Use gcloud config get-value project if project unknown.
Gather inputs: project_id, region, cluster_name, environment type
Select mode: Autopilot (default) vs Standard
Configure networking: auto-create subnet (default) or bring-your-own
Review golden path settings: present the config and confirm with user
Create: Use MCP create_cluster tool. Fall back to gcloud CLI only if MCP is unavailable.
Track: Use get_operation to monitor creation progress
Verify: Use get_cluster with readMask="*" to confirm golden path settings applied

Mode Selection

Criteria	Autopilot (Golden Path)	Standard
Node management	Google-managed	Self-managed
Pricing	Pay per pod resource	Pay per node (VM)
: : request : :
Node customization	Via ComputeClasses	Full control
DaemonSets	Allowed (with	Full control
: : restrictions) : :
GPU/TPU	Supported via	Supported via node pools
: : ComputeClasses : :
Best for	Most production workloads	Kernel tuning, custom OS,
: : : privileged workloads :

Rule: Default to Autopilot unless the customer has a specific requirement that Autopilot cannot satisfy.

Templates

1. Golden Path Autopilot (Production)

This is the default. All settings match ../gke-golden-path/assets/golden-path-autopilot.yaml.

Via gcloud:

gcloud container clusters create-auto <CLUSTER_NAME> \
  --region <REGION> \
  --project <PROJECT_ID> \
  --release-channel regular \
  --enable-private-nodes \
  --enable-master-authorized-networks \
  --enable-dns-access \
  --enable-secret-manager \
  --secret-manager-rotation-interval=120s \
  --scoped-rbs-bindings \
  --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA,CADVISOR,KUBELET,DCGM \
  --quiet

Via MCP (create_cluster):

{
  "parent": "projects/<PROJECT_ID>/locations/<REGION>",
  "cluster": {
    "name": "<CLUSTER_NAME>",
    "autopilot": { "enabled": true },
    "privateClusterConfig": { "enablePrivateNodes": true },
    "masterAuthorizedNetworksConfig": {
      "privateEndpointEnforcementEnabled": true
    },
    "releaseChannel": { "channel": "REGULAR" },
    "secretManagerConfig": {
      "enabled": true,
      "rotationConfig": { "enabled": true, "rotationInterval": "120s" }
    },
    "rbacBindingConfig": {
      "enableInsecureBindingSystemAuthenticated": false,
      "enableInsecureBindingSystemUnauthenticated": false
    }
  }
}

2. Autopilot Dev/Test

Relaxes some golden path defaults for cost savings and easier access in non-production.

gcloud container clusters create-auto <CLUSTER_NAME> \
  --region <REGION> \
  --project <PROJECT_ID> \
  --release-channel rapid \
  --quiet

Warning: This does not apply golden path security hardening. Suitable for dev/test only.

3. Standard Regional (When Autopilot is Not an Option)

gcloud container clusters create <CLUSTER_NAME> \
  --region <REGION> \
  --project <PROJECT_ID> \
  --num-nodes 3 \
  --machine-type e2-standard-4 \
  --disk-type pd-balanced \
  --enable-autoscaling --min-nodes 1 --max-nodes 10 \
  --enable-shielded-nodes --enable-secure-boot \
  --workload-pool=<PROJECT_ID>.svc.id.goog \
  --enable-private-nodes \
  --enable-master-authorized-networks \
  --enable-vertical-pod-autoscaling \
  --enable-dataplane-v2 \
  --release-channel regular \
  --quiet

4. GPU/AI Workloads (Autopilot with ComputeClass)

Create a golden path Autopilot cluster, then apply a ComputeClass for GPU workloads:

# 1. Create golden path cluster (same as template 1)
gcloud container clusters create-auto <CLUSTER_NAME> \
  --region <REGION> --project <PROJECT_ID> \
  --enable-private-nodes --enable-master-authorized-networks \
  --enable-dns-access --enable-secret-manager --scoped-rbs-bindings \
  --quiet

# 2. Apply GPU ComputeClass (see gke-compute-classes.md)
kubectl apply -f gpu-compute-class.yaml

# 3. Or use GIQ for inference (see gke-inference.md)
gcloud container ai profiles manifests create \
  --model=gemma-2-9b-it --model-server=vllm --accelerator-type=nvidia-l4 --quiet > inference.yaml
kubectl apply -f inference.yaml

Instructions

ALWAYS ask for project_id if not in context
ALWAYS ask for region
ALWAYS ask for a unique cluster_name
DEFAULT to golden path Autopilot unless customer specifies otherwise
WARN about Day-0 decisions (networking, private nodes) that are hard to change later
WARN about cost for GPU or multi-region clusters
When using MCP create_cluster, the cluster.name should be the short name (e.g., my-cluster), not the full resource path

Files1

1 files · 11.1 KB

Select a file to preview

Overall Score

77/100

Grade

B

Good

Safety

82

Quality

72

Clarity

85

Completeness

65

Summary

This skill guides creation and provisioning of GKE clusters with a focus on production-ready security defaults ("golden path"). It provides workflows for cluster discovery, configuration decisions, and creation using either MCP tools or gcloud CLI, with templates covering Autopilot, Standard, and GPU workload scenarios.

Detected Capabilities

gcloud cluster creationMCP tool invocation (list_clusters, create_cluster, get_cluster, get_operation)kubectl apply (for ComputeClasses)Google Cloud API callsConfiguration review and user confirmation

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

create gke clusterprovision gke environmentgke autopilot setupkubernetes cluster creationgke production deploymentcluster security hardeninggke gpu workloadgke infrastructure provisioning

Risk Signals

INFO

MCP fallback to gcloud CLI if MCP unavailable - ensures cluster creation proceeds even if primary interface fails

Workflow step 6, Instructions section

WARNING

References external asset files (golden-path-autopilot.yaml, gpu-compute-class.yaml) without including them

Template 1 comment and Template 4

WARNING

kubectl apply used for ComputeClass and inference manifests without validation or source control checks

Template 4, steps 2-3

Referenced Domains

External domains referenced in skill content, detected by static analysis.

www.apache.org

Use Cases

Create a production GKE cluster with security hardening
Provision dev/test GKE environments with cost optimization
Set up GKE clusters for GPU and AI workloads
Audit and compare Autopilot vs Standard cluster modes
Configure private networking and secret management for GKE

Quality Notes

Strengths: Clear decision matrix comparing Autopilot vs Standard modes with explicit criteria. Well-structured workflow with numbered steps. Strong emphasis on golden path defaults and production readiness.
Strengths: Good use of examples showing both gcloud CLI and MCP JSON approaches, making the skill adaptable to different tool availability.
Strengths: Day-0 warnings about hard-to-change decisions (networking, private nodes) demonstrate practical production experience.
Areas for improvement: References to external files (../gke-golden-path/assets/golden-path-autopilot.yaml) lack path validation or inclusion. Unclear if these are present in the repo.
Areas for improvement: GPU/AI template (Template 4) references gke-compute-classes.md and gke-inference.md without providing inline guidance or cross-references.
Areas for improvement: Cost warnings for GPU/multi-region are mentioned but lack quantitative guidance or regional pricing context.
Areas for improvement: Error handling guidance is minimal — what should the agent do if cluster creation fails, times out, or violates quota limits?
Areas for improvement: Verification step uses readMask='*' but doesn't specify which golden path settings to validate or what to do if they're missing.

Model: claude-haiku-4-5-20251001Analyzed: Jun 24, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

gke-cluster-creation