Choose a GKE mode of operation

This page helps you to choose the Google Kubernetes Engine (GKE) mode of operation that's the best fit for your workloads. This page is intended for platform administrators who are considering GKE as a managed Kubernetes provider and want to discover the options available in Google Cloud. If you want to learn about whether GKE as a platform is the best choice for your containerized applications, refer to the GKE Overview.

GKE offers the following modes of operation for clusters:

  • Autopilot mode (recommended): GKE manages the underlying infrastructure such as node configuration, autoscaling, auto-upgrades, baseline security configurations, and baseline networking configuration.
  • Standard mode: You manage the underlying infrastructure, including configuring the individual nodes.

You can't convert a cluster from Standard to Autopilot after cluster creation. We recommend that you read this page and, optionally, read the Autopilot and Standard comparison so that you can make an informed choice.

Why GKE Autopilot mode

Google manages most of the infrastructure in a GKE Autopilot cluster, providing a more managed Kubernetes experience than GKE Standard mode. The default configuration of Autopilot clusters is optimized for most production workloads. GKE Autopilot implements many Kubernetes best practices for security, scalability, and cost optimization by default.

In most cases, we recommend running your production workloads on Autopilot.

Autopilot provides a default configuration that has benefits such as the following:

  • Cost efficiency: You only pay for the compute resources that your workloads use while running. You don't pay for unused capacity on your nodes, system Pods, operating system costs, or unscheduled workloads.
  • Automation: Google manages nodes, creating new nodes for your apps and configuring automatic upgrades and repairs. GKE automatically scales nodes and workloads based on traffic.
  • Improved security posture and reliability: Autopilot clusters enable many GKE security settings and Kubernetes best practices by default. GKE automatically applies security patches to your nodes when available.

For a full list of benefits in GKE Autopilot, refer to About GKE Autopilot.

Why GKE Standard mode

In Standard mode, you manage every configuration setting in your cluster and nodes, including managing groups of nodes called node pools that share characteristics. Under the shared responsibility model, Google still manages your control plane, but you must configure your nodes. Settings that you manage yourself include the following:

  • Node pools: You create and manage groups of nodes that have similar configuration settings.
  • Security: GKE Standard clusters have default hardening measures applied, but many GKE security features are not enabled by default, such as Workload Identity Federation for GKE and Shielded GKE Nodes. You can enable these features manually and configure the settings.
  • Scheduling: You must monitor and design your workloads so that GKE can schedule them efficiently on your nodes to minimize unused resources (bin-packing).
  • Scaling: You must set up and configure node auto-provisioning, configure automatic scaling settings, and ensure that your nodes don't have too many resources or too few resources.
  • Resource management: You must evaluate the resource needs of each workload that you run on Standard clusters to ensure that the resource requests meet the workload requirements.
  • Version management: Best practices such as automatic GKE version upgrades and release channel enrollment are off by default in Standard. You can configure auto-upgrades and GKE versions when you create or update the cluster.

Pricing differences

The pricing model for Autopilot is different from Standard, as follows:

  • Autopilot mode: You only pay for the compute resources that your workloads use while running. You don't pay for unused resources on nodes, OS running costs, unscheduled workloads, or system workloads. For details, refer to Autopilot pricing.
  • Standard mode: You pay for the compute resources on each node, regardless of whether Pods run on the node. You pay for unused resources, so you should manage workload scheduling to minimize resource wastage in nodes. For details, refer to Standard pricing.

Ensuring a consistent level of resource usage efficiency in Standard clusters requires that you constantly monitor the state of your cluster. In Autopilot clusters, GKE does the monitoring and management for you.

In Standard clusters, you pay for unused compute resources on your nodes. You can reduce these costs by bin-packing, in which you place as many Pods as possible onto each node to avoid wasted capacity. Bin-packing requires constant workload management and scheduling customization. Autopilot clusters eliminate the need for you to bin-pack your workloads because you only pay for the resources that your workloads use.

When to use Standard instead of Autopilot

While we recommend using Autopilot for most workloads, you might have specific requirements that Autopilot can't meet due to the pre-configured hardening or the default cluster configuration. You should consider using Standard mode over Autopilot mode in the following scenarios:

  • You require granular control over your cluster and node configuration, including the ability to directly connect to your nodes using SSH.

  • You want to install or modify software running on the nodes themselves, such as changing the node operating system.

  • You want to customize the node system configuration, such as by setting Linux sysctls.

  • You want to perform actions that Autopilot restricts, for example, running workloads in GKE-managed namespaces such as kube-system. We recommend that you don't deploy workloads in these namespaces.

  • You want to use specific GKE features that are only available on Standard, such as Cloud TPU.

  • You want to test alpha features in open source Kubernetes.

  • You want to provision additional unused capacity in your cluster.

Unless you have specific requirements such as these, we recommend that you try Autopilot for your workloads. For an interactive walkthrough that sets up an Autopilot cluster and exposes a hello-world application, go to the Autopilot walkthrough in the Google Cloud console:

Go to walkthrough

What's next