Google Kubernetes Engine (GKE)
Overview
Google Kubernetes Engine is fully supported by OpsWorker. The standard Helm installation works on GKE clusters without GKE-specific configuration.
Setup
Follow the standard agent installation process.
GKE-Specific Notes
Networking
- Firewall rules: Ensure outbound HTTPS (port 443) to
*.amazonaws.comis allowed. The OpsWorker backend runs on AWS, so the agent needs to reach AWS SQS endpoints from your GKE cluster. - Cloud NAT: If nodes are in private subnets, ensure Cloud NAT is configured for outbound internet access.
- VPC Service Controls: If using VPC-SC, add AWS SQS endpoints to the egress policy.
Workload Identity
- Not required: The agent uses a cluster token for authentication. Workload Identity configuration is not needed.
Cluster Modes
| Mode | Support |
|---|---|
| GKE Standard | Fully supported |
| GKE Autopilot | Supported (Autopilot may enforce resource constraints; ensure the agent's resource requests meet Autopilot minimums) |
Autopilot Considerations
GKE Autopilot enforces minimum resource requests. If the agent pod isn't scheduling, increase resource requests:
helm upgrade opsworker-agent opsworker/opsworker-agent \
-n opsworker \
--set resources.requests.cpu=250m \
--set resources.requests.memory=512Mi
Next Steps
- Install the Agent — Step-by-step installation
- Verify Connection — Confirm the agent is connected