--- title: "Deploy Anyscale on GKE (cloud register)" description: "Deploy an Anyscale cloud on GKE using Terraform and the anyscale cloud register command." --- # Deploy Anyscale on GKE (cloud register) This page describes how to deploy an Anyscale cloud on Google Kubernetes Engine (GKE) using `anyscale cloud register`. This path gives you full control over cluster resources and networking. You provision and configure all resources yourself, then register the cloud with Anyscale. :::tip For a faster, automated setup, use `anyscale cloud setup` instead. See [Set up Anyscale on GKE](/clouds/gcp/setup-gke.md). ::: Complete the following steps to configure and deploy a new Anyscale cloud on GKE. ## 1\. Install the Anyscale CLI ```bash pip install -U "anyscale[gcp]" anyscale login # authenticate ``` ## 2\. Authenticate the gcloud CLI Prepare a Google Cloud project for Anyscale to use, and install the gcloud CLI if you haven't. See the Google Cloud [instructions](https://cloud.google.com/sdk/docs/install) for installing the gcloud CLI. :::note Before you continue, make sure your Google Cloud credentials have the Owner role on the project you want Anyscale to use. See [Configure Google Cloud resources for an Anyscale cloud](/clouds/gcp/configure.md). ::: ## 3\. Use the Anyscale Terraform module to create a GKE cluster Anyscale provides a [Terraform module](https://github.com/anyscale/terraform-kubernetes-anyscale-foundation-modules/tree/main/examples/gcp/gke-new_cluster) to deploy a GKE cluster and supporting Google Cloud resources. :::note To use an existing GKE cluster, follow the [existing GKE cluster example](https://github.com/anyscale/terraform-kubernetes-anyscale-foundation-modules/tree/main/examples/gcp/gke-existing_cluster) or see the [Anyscale Operator documentation](/clouds/kubernetes.md) and the [Anyscale Terraform repository](https://github.com/anyscale/terraform-kubernetes-anyscale-foundation-modules). ::: Enter information about where you want to deploy your GKE cluster: Google Cloud project ID `my-rayturbo-project` Anyscale cloud name `my-gke-cloud` Google Cloud region `us-central1` GKE cluster name `my-gke-cluster` Clone the Terraform module and navigate to the GKE example: ```bash git clone https://github.com/anyscale/terraform-kubernetes-anyscale-foundation-modules cd terraform-kubernetes-anyscale-foundation-modules/examples/gcp/gke-new_cluster/ ``` Run the following command to create and populate a Terraform variable file: ```bash cat < terraform.tfvars google_project_id = "" google_region = "" gke_cluster_name = "" EOF ``` :::note The Terraform example enables GPU node pools (T4) by default. To customize or disable GPU pools, set `gpu_instance_configs` in your `terraform.tfvars` (for example, use an empty map `{}` to disable GPU pools). ::: Run the following commands to apply the Terraform configuration. This may take several minutes. ```bash terraform init terraform plan terraform apply ``` :::note You may need to enable some Google Cloud APIs for the Terraform to apply successfully. ::: Collect and enter the following values from your Terraform output: Availability zones `us-central1-a,us-central1-b` Operator service account email `anyscale-gke-nodes@.iam.gserviceaccount.com` Storage bucket name `anyscale-1234` ## 4\. Install additional GKE components In this step, you connect to your GKE cluster and install Envoy Gateway for externally facing load balancing. For more information about customizing GKE, see the [Anyscale Terraform repository](https://github.com/anyscale/terraform-kubernetes-anyscale-foundation-modules). Run the following command to connect your terminal to the GKE cluster: ```bash gcloud container clusters get-credentials --region --project ``` :::note You may need to install the `gke-gcloud-auth-plugin` if it isn't already installed. ::: Install Envoy Gateway v1.7.0: ```bash helm install eg oci://docker.io/envoyproxy/gateway-helm \ --version v1.7.0 \ --namespace envoy-gateway-system \ --create-namespace ``` ```bash kubectl wait --for=condition=available deployment/envoy-gateway \ -n envoy-gateway-system --timeout=120s ``` Create a file named `envoyproxy.yaml` with the following contents: ```yaml apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: name: envoy-proxy namespace: envoy-gateway-system spec: provider: type: Kubernetes kubernetes: envoyService: type: LoadBalancer annotations: cloud.google.com/load-balancer-type: "External" ``` Apply the resource: ```bash kubectl apply -f envoyproxy.yaml ``` Create a file named `gatewayclass.yaml` with the following contents: ```yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: eg spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller parametersRef: group: gateway.envoyproxy.io kind: EnvoyProxy name: envoy-proxy namespace: envoy-gateway-system ``` Apply the resource: ```bash kubectl apply -f gatewayclass.yaml ``` :::note Envoy Gateway is the recommended ingress controller for Anyscale on Kubernetes. Other gateway and ingress controllers are supported. See [Ingress and gateway controllers](/clouds/kubernetes.md#ingress-support) for all supported options. ::: ## 5\. Register the Anyscale cloud resources Run the following command with the values from your Terraform output. Verify all variables are entered correctly. ```bash anyscale cloud register \ --name \ --provider gcp \ --region \ --compute-stack k8s \ --kubernetes-zones us-central1-a,us-central1-b \ --anyscale-operator-iam-identity anyscale-gke-nodes@.iam.gserviceaccount.com \ --cloud-storage-bucket-name gs:// ``` Record the cloud resource ID from the output in the following field: Cloud resource ID `cldrsrc_1234` ## 6\. Install and deploy the Anyscale operator on your GKE cluster In this step, you add the Anyscale operator Helm chart to your GKE cluster, create a `values.yaml` file that describes your cloud and Google Cloud identity, and install the operator with Helm. ### Add the Anyscale operator Helm chart Run the following command to add the Anyscale operator Helm chart: ```bash helm repo add anyscale https://anyscale.github.io/helm-charts helm repo update anyscale ``` ### Create the Gateway The `anyscale-operator` namespace must exist before you create the Gateway. Create it with the following command. If the namespace already exists, this command returns an error; that's expected and you can proceed. ```bash kubectl create namespace anyscale-operator ``` Create a file named `gateway.yaml`. Enter your cloud resource ID from step 5. Hyphens are applied automatically for the certificate name: Cloud resource ID (for certificates) `cldrsrc_1234` ```yaml apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: gateway namespace: anyscale-operator spec: gatewayClassName: eg listeners: - name: http port: 80 protocol: HTTP allowedRoutes: namespaces: from: All - name: https port: 443 protocol: HTTPS hostname: '*.i.anyscaleuserdata.com' tls: mode: Terminate certificateRefs: - kind: Secret name: anyscale--certificate allowedRoutes: namespaces: from: All - name: https-session port: 443 protocol: HTTPS hostname: '*.s.anyscaleuserdata.com' tls: mode: Terminate certificateRefs: - kind: Secret name: anyscale-svc--certificate allowedRoutes: namespaces: from: All ``` Apply the Gateway and retrieve its external address: ```bash kubectl apply -f gateway.yaml ``` ```bash kubectl get gateway gateway -n anyscale-operator \ -o jsonpath='{.status.addresses[0].value}' ``` Record the Gateway address in the following field: Gateway address `lb.example.com` ### Create a values YAML file Create a `values.yaml` file. If your load balancer provides a hostname, use `hostname`. If it provides an IP address, use `ip` instead. ```yaml global: cloudDeploymentId: cloudProvider: gcp auth: iamIdentity: anyscale-gke-nodes@.iam.gserviceaccount.com workloads: serviceAccount: name: anyscale-operator networking: gateway: enabled: true name: "gateway" namespace: "anyscale-operator" apiVersion: "gateway.networking.k8s.io/v1" hostname: "" # ip: "" # Use this instead of hostname if the LB provides an IP address ``` To customize the Helm chart with custom patches or additional pod shapes, see [Configure the Helm chart for the Anyscale operator](/clouds/kubernetes/configure-helm.md). To enable TPU support, see [Leverage Cloud TPUs on GKE](/clouds/kubernetes/tpus.md). ### Install the Anyscale operator on GKE Run the following command to install the Anyscale operator with Helm using your `values.yaml` file. ```bash helm upgrade anyscale-operator anyscale/anyscale-operator \ --namespace anyscale-operator \ -f values.yaml \ --create-namespace \ --wait \ -i ``` ### Bind the workload identity Run the following command to bind the Google Cloud service account to the Kubernetes service account for workload identity: ```bash gcloud iam service-accounts add-iam-policy-binding anyscale-gke-nodes@.iam.gserviceaccount.com \ --role roles/iam.workloadIdentityUser \ --member "serviceAccount:.svc.id.goog[anyscale-operator/anyscale-operator]" \ --project ``` It may take several minutes for your Anyscale cloud to be ready. You can watch the deployment status with the following command: ```bash kubectl get deployments anyscale-operator -n anyscale-operator -w ``` ## 7\. Verify your Anyscale cloud After the operator is ready, verify that your cloud is registered and functional: ```bash anyscale cloud verify --name ``` --- Previous: [Deploy Anyscale on GKE (cloud setup)](/clouds/gcp/setup-gke.md) | Next: [Manage Anyscale on Google Cloud](/clouds/gcp/manage.md)