Skip to main content

GCP GKE

Importing a GCP GKE engine connects an existing GKE cluster to AIchor without transferring ownership. AIchor will schedule workloads on the cluster using the provided credentials, while infrastructure management remains with the cluster administrator.

Prerequisites

  • The GKE cluster must already exist and be accessible.

  • A GCP service account with sufficient permissions to the cluster must be available.

  • The Kubernetes API server endpoint is required. Run the following command to retrieve it:

    kubectl cluster-info

and look for the Kubernetes control plane endpoint.

  • The external IP address of the ingress controler in the cluster must be known.

  • To populate the CA Data field, run the following command against the cluster:

    kubectl config view --minify --raw --output 'jsonpath={..cluster.certificate-authority-data}' | base64 -d

Steps

  1. In the AIchor UI, open Engines and click Add Engine.
  2. Select In The Cloud, then GCP, then GKE.
  3. Select Import Existing Engine.
  4. Fill in the form fields described below and submit.

GCP GKE import form GCP GKE import form

Form fields

FieldRequiredDescription
Engine NameYesName of the engine in AIchor. Lowercase alphanumeric characters and hyphens. Must start with a letter.
GKE Cluster NameYesName of the existing GKE cluster to import.
EcosystemNoTag passed to infrastructure-as-code tooling. Required only for specific organisations on InstaDeep recommendation.
API HostnameYesKubernetes API server endpoint. Found in ~/.kube/config under the cluster's server field.
GCP RegionYesRegion where the cluster runs.
GCP Project IDYesGCP project containing the cluster.
GCP Service AccountYesService account with access to the cluster.
Load Balancer IPYesIP address of the ingress controller deployed in the cluster.

Certificates

TLS verification behaviour is controlled through the certificate fields below. By default, certificate verification is enabled.

FieldRequiredDescription
InsecureNoWhen checked, certificate verification is skipped. Not recommended for production.
Server NameNoSNI hostname used during the TLS handshake.
Certificate DataNoClient certificate in PEM format.
CA DataNoCertificate Authority certificate in PEM format. See the retrieval command in the Prerequisites section above.

TPU usage

To use TPUs on an imported engine, either the node autoprovisioner must be able to provision TPU nodepool (ref) or create a node pool, autoscaled or not (ref).