This page explains how to create a GKE Standard cluster or node pool with Arm nodes so that you can run Arm workloads on Google Kubernetes Engine (GKE). To learn how to deploy Arm workloads on Autopilot clusters, see Deploy Autopilot workloads on Arm architecture.
You can create clusters with Arm nodes by using the C4A machine series or Tau T2A machine series. To learn more about the benefits of Arm and choose the best machine series for your workloads, see Arm VMs on Compute.
With GKE, you can create a cluster that has node pools with one architecture type (for example, Arm) or multiple architecture types (for example, Arm and x86). When you run nodes with multiple architecture types, you can deploy workloads across architectures to the same cluster.
This page is for Operators and Developers who provision and configure cloud resources who deploy workloads. To learn more about common roles, see Common GKE user roles and tasks.
Before reading this page, familiarize yourself with Arm workloads on GKE.
Before you begin
Before you start, make sure that you have performed the following tasks:
- Enable the Google Kubernetes Engine API. Enable Google Kubernetes Engine API
- If you want to use the Google Cloud CLI for this task,
    install and then
    initialize the
    gcloud CLI. If you previously installed the gcloud CLI, get the latest
    version by running the gcloud components updatecommand. Earlier gcloud CLI versions might not support running the commands in this document.
- Review the requirements and limitations for C4A and T2A nodes.
- Ensure that you have the correct permissions to create clusters. At minimum, you should be a Kubernetes Engine Cluster Admin.
Set up IAM service accounts for GKE
  GKE uses IAM service accounts that are attached to your nodes to
  run system tasks like logging and monitoring. At a minimum, these node service accounts
  must have the
  Kubernetes Engine Default Node Service Account
  (roles/container.defaultNodeServiceAccount) role on your project. By default,
  GKE uses the
  Compute Engine default service account,
  which is automatically created in your project, as the node service account.
To grant the roles/container.defaultNodeServiceAccount role to the
  Compute Engine default service account, complete the following steps:
console
- Go to the Welcome page:
- In the Project number field, click Copy to clipboard.
- Go to the IAM page:
- Click Grant access.
- In the New principals field, specify the following value:
PROJECT_NUMBER-compute@developer.gserviceaccount.comPROJECT_NUMBERwith the project number that you copied.
- In the Select a role menu, select the Kubernetes Engine Default Node Service Account role.
- Click Save.
gcloud
- Find your Google Cloud project number:
gcloud projects describe PROJECT_ID \ --format="value(projectNumber)" Replace PROJECT_IDwith your project ID.The output is similar to the following: 12345678901 
- Grant the roles/container.defaultNodeServiceAccountrole to the Compute Engine default service account:gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:PROJECT_NUMBER[email protected]" \ --role="roles/container.defaultNodeServiceAccount" Replace PROJECT_NUMBERwith the project number from the previous step.
Create a cluster with an Arm node pool
The following instructions explain how to create a new cluster with a node pool running Arm nodes from the C4A machine series or Tau T2A machine series.
You can use the gcloud CLI, the Google Cloud console, or Terraform to create the cluster.
gcloud
Create a new zonal cluster with the default node pool using Arm nodes:
gcloud container clusters create CLUSTER_NAME \
    --location CONTROL_PLANE_LOCATION \
    --node-locations NODE_LOCATIONS \
    --machine-type ARM_MACHINE_TYPE \
    --num-nodes NUM_NODES
Replace the following:
- CLUSTER_NAME: the name of your new cluster with an Arm node pool.
- CONTROL_PLANE_LOCATION: the Compute Engine location of the control plane of your cluster. Provide a region for regional clusters, or a zone for zonal clusters. The selected region or zone must be one of the available locations for the Arm machine series that you choose.
- NODE_LOCATIONS: the zone(s) for your node pool, such as- us-central1-a. You must choose from the available zones for the Arm machine series or node pool creation might fail.
- ARM_MACHINE_TYPE: one of the available C4A machine shapes or T2A machine shapes, such as- c4a-standard-8or- t2a-standard-16.
- NUM_NODES: the number of nodes for your Arm node pool.
We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
To specify a custom service account in the gcloud CLI, add the following flag to your command:
--service-account=SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com
Replace SERVICE_ACCOUNT_NAME with the name of your minimally-privileged service account.
If you want to set additional settings for your cluster, see the gcloud container clusters create reference for a complete list of
available settings on cluster creation.
Console
- In the Google Cloud console, go to the Create a Kubernetes cluster page. 
- Configure your cluster. For more information, see the instructions for Creating a zonal cluster, or Creating a regional cluster. 
- Choose a location where Arm nodes are available. - In the Cluster basics section, under Location type, choose Zonal or Regional:
- In the drop-down menu, choose a zone or region where Arm nodes are available.
- Check the box to Specify default node locations. Select zone(s) where Arm nodes are available.
 
- To select an Arm machine type, in the Nodes subsection, under Configure node settings > Machine configuration > Machine family, select GENERAL-PURPOSE. In the Series drop-down menu, select C4A or T2A. In the Machine type drop-down menu, choose from the available options. 
- Optionally, specify a custom IAM service account for your nodes:
    - In the Advanced settings page, expand the Security section.
- In the Service account menu, select your preferred service account.
 We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account. 
- Click Create. 
Terraform
To create a zonal cluster with the default node pool using Arm nodes using Terraform, refer to the following example:
To learn more about using Terraform, see Terraform support for GKE.
Add an Arm node pool to a GKE cluster
You can add a new node pool to a GKE Standard cluster using gcloud CLI, the Google Cloud console, or Terraform.
As a best practice for creating a GKE cluster using any types of nodes, we recommend that you create and use a minimally-privileged Identity and Access Management (IAM) service account for your node pools to use instead of the Compute Engine default service account.
For instructions on creating a minimally-privileged service account, refer to Hardening your cluster's security.
gcloud
Add an Arm node pool to an existing cluster:
gcloud container node-pools create NODE_POOL_NAME \
    --cluster CLUSTER_NAME \
    --location CONTROL_PLANE_LOCATION \
    --node-locations NODE_LOCATIONS \
    --machine-type ARM_MACHINE_TYPE \
    --num-nodes NUM_NODES \
    --service-account SERVICE_ACCOUNT
Replace the following:
- NODE_POOL_NAME: the name of the new Arm node pool for your existing cluster.
- CONTROL_PLANE_LOCATION: the Compute Engine location of the control plane of your cluster. Provide a region for regional clusters, or a zone for zonal clusters.
- CLUSTER_NAME: the name of the cluster where you want to add an Arm node pool.
- NODE_LOCATIONS: the zone(s) for your node pool, such as- us-central1-a. You must choose from the available zones for the Arm machine series or node pool creation might fail.
- ARM_MACHINE_TYPE: one of the available C4A machine shapes or T2A machine shapes, such as- c4a-standard-8or- t2a-standard-16.
- NUM_NODES: the number of nodes for your Arm node pool.
We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account.
To specify a custom service account in the gcloud CLI, add the following flag to your command:
--service-account=SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com
Replace SERVICE_ACCOUNT_NAME with the name of your minimally-privileged service account.
If you want to set additional settings for your node pool, see the
gcloud container node-pools create reference for a complete list of available settings on node pool creation.
Console
To add an Arm node pool to an existing cluster, perform the following steps:
- Go to the Google Kubernetes Engine page in the Google Cloud console. 
- In the cluster list, click the name of the cluster you want to modify. 
- Click add_box Add node pool. 
- Configure your node pool. 
- Choose node locations where Arm nodes are available. - In the Node pool details section, check the Specify node locations box.
- Select zone(s) where Arm nodes are available.
 
- To select an Arm machine type, in the Nodes subsection, under Configure node settings > Machine configuration > Machine family, select GENERAL-PURPOSE. In the Series drop-down menu, select C4A or T2A. In the Machine type drop-down menu, choose from the available options. 
- In the navigation menu, click Security. 
- Optionally, specify a custom IAM service account for your nodes:
    - In the Advanced settings page, expand the Security section.
- In the Service account menu, select your preferred service account.
 We strongly recommend that you specify a minimally-privileged IAM service account that your nodes can use instead of the Compute Engine default service account. To learn how to create a minimally-privileged service account, see Use a least privilege service account. 
- Click Create to add the node pool. 
Terraform
To add a node pool that uses Arm nodes to an existing cluster using Terraform, refer to the following example:
Replace google_container_cluster.default.id with the name of your cluster.
To learn more about using Terraform, see Terraform support for GKE.
What's next
- Build multi-architecture images for Arm workloads
- Prepare an Arm workload for deployment
- Migrate x86 application on GKE to multi-arch with Arm