The following are some highlights of Google Cloud Platform (GCP) clusters provisioned by Palette:

  1. On the GCP cluster, control plane nodes and worker nodes are placed within a single private subnet spanning across different availability zones within a region.
  1. A new VPC Network is created with all the network infrastructure components like Cloud NAT and a Cloud Router. In addition, firewall rules are created to protect all the API endpoints.
  1. API server endpoint is exposed through a Global Load Balancer. Applications running with the cluster use a Regional Load Balancer to expose the load-balancer services.



The following are required for deploying a workload cluster on GCP:

  1. You must have an active GCP service account with all the permissions listed below in the GCP Cloud Account Permissions section.
  1. Register your GCP cloud account in Palette as described in the Creating a GCP Cloud account section below.
  1. You should have an Infrastructure cluster profile created in Palette for GCP.
  1. Palette creates compute, network, and storage resources on GCP during the provisioning of Kubernetes clusters. Therefore, Sufficient capacity in the desired GCP region should exist for the creation of the cluster.

GCP Cloud Account Permissions

Last Update: December 13, 2020

Create a service account in GCP with the required permissions and register it with Palette to create a GCP cloud account in Palette. To create a service account, you should have one of the following Identity and Access Management (IAM) roles: roles/iam.serviceAccountAdmin or roles/editor. For detailed instructions on creating a service account refers to Creating and managing service accounts.

You can create a service account either using existing standard roles or create a new role with custom permissions.

Create Service Account with existing standard roles

The service account should have the following roles:

  1. Compute Admin
  2. Service Account User
  3. Storage Object Viewer

Retrieve the JSON credential file for your service account. For detailed instructions on creating your service account keys refer to Creating and managing service account keys.

Creating a GCP Cloud Account

  1. To create a GCP cloud account, provide a name for the account and enter the JSON credentials for your service account either by pasting into the space provided or uploading from your JSON credential file.
  1. Then, Validate and Save your account.

Deploying a GCP Cluster

Performed the steps below to provision a new GCP cluster:

  1. Provide basic cluster information like name, description, and tags. Tags on a cluster are propagated to the VMs deployed on the cloud/data center environments.
  1. Select a cluster profile created for GCP cloud. The profile definition will be used as the cluster construction template.
  1. Review and override pack parameters as desired. By default, parameters for all packs are set with values defined in the cluster profile.
  1. Provide the GCP Cloud account and placement information.

    Cloud AccountSelect the desired cloud account. GCP cloud accounts with GCP credentials need to be pre-configured in project settings.
    ProjectThe project to which the cluster belongs.
    RegionChoose the desired GCP region where you would like the clusters to be provisioned.
    SSH Key Pair NameChoose the desired SSH Key
    Static PlacementBy default, Palette uses dynamic placement wherein a new VPC with a public and private subnet is created to place cluster resources for every cluster. These resources are fully managed by Palette and deleted when the corresponding cluster is deleted. Turn on the Static Placement option if it is desired to place resources into preexisting VPCs and subnets. If the user is making the selection of Static Placement of resources, the following placement information need to be provided:
    - Virtual Network
    - Control plane Subnet
    - Worker Network
  2. Make the choice of updating the worker pool in parallel.

  1. Configure the master and worker node pools. To learn more about the configuration options, review the Node Pool documentation page. Click on Next when you are done with node pool configurations.
  1. The settings page is where you can configure patching schedule, security scans, backup settings, setup role based access control (RBAC), and enable Palette Virtual Clusters. Review the settings and make changes if needed. Click on Validate.
  1. Review the settings summary and click on Finish Configuration to deploy the cluster. Be aware that provisioning IaaS clusters can take several minutes.

The cluster details page of the cluster contains the status and details of the deployment. Use this page to track the deployment progress.

Deleting a GCP Cluster

The deletion of a GCP cluster results in the removal of all Virtual machines and associated storage disks created for the cluster. The following tasks need to be performed to delete a GCP cluster:

  1. Select the cluster to be deleted from the Cluster View page and navigate to the Cluster Overview page.
  1. Invoke a delete action available on the page: Cluster > Settings > Cluster Settings > Delete Cluster.
  1. Click Confirm to delete.

The Cluster Status is updated to Deleting while cluster resources are being deleted. Provisioning status is updated with the ongoing progress of the delete operation. Once all resources are successfully deleted, the cluster status changes to Deleted and is removed from the list of clusters.

Force Delete a Cluster

A cluster stuck in the Deletion state can be force deleted by the user through the User Interface. The user can go for a force deletion of the cluster, only if it is stuck in a deletion state for a minimum of 15 minutes. Palette enables cluster force delete from the Tenant Admin and Project Admin scope.

To force delete a cluster:

  1. Log in to the Palette Management Console.
  1. Navigate to the Cluster Details page of the cluster stuck in deletion.

    • If the deletion is stuck for more than 15 minutes, click the Force Delete Cluster button from the Settings dropdown.

    • If the Force Delete Cluster button is not enabled, wait for 15 minutes. The Settings dropdown will give the estimated time for the auto-enabling of the Force Delete button.

If there are any cloud resources still on the cloud, the user should clean up those resources before going for the force deletion.