Using Dataplane V2

Standard

This page explains how to enable Dataplane V2 for Google Kubernetes Engine (GKE).

Creating a GKE cluster with Dataplane V2

You can enable Dataplane V2 when you create new clusters with GKE version 1.20.6-gke.700 and later by using the gcloud tool or the Kubernetes Engine API. You can also enable Dataplane V2 in Preview when you create new clusters with GKE version 1.17.9 and later

Console

To create a new cluster with Dataplane V2, perform the following tasks:

Go to the Google Kubernetes Engine page in Cloud Console.

Go to Google Kubernetes Engine
Click Create.
Click Configure to configure a Standard cluster.
In the Networking section, select the Enable Dataplane V2 checkbox. The Enable Kubernetes Network Policy option is disabled when you select Enable Dataplane V2 because network policy enforcement is built into Dataplane V2.
Click Create.

gcloud

To create a new cluster with Dataplane V2, use the following command:

gcloud container clusters create CLUSTER_NAME \
    --enable-dataplane-v2 \
    --enable-ip-alias \
    --release-channel CHANNEL_NAME \
    --zone CLUSTER_LOCATION

Replace the following:

CLUSTER_NAME: the name of your new cluster.
CHANNEL_NAME: a release channel that includes GKE version 1.20.6-gke.700 or later. If you prefer not to use a release channel, you can also use the --version flag instead of --release-channel, specifying version 1.20.6-gke.700 or later.
CLUSTER_LOCATION: the location of the cluster. These arguments are mutually exclusive. See Types of clusters for more information.

API

To create a new cluster with Dataplane V2, specify the datapathProvider field in the networkConfig object in your cluster create request.

The following JSON snippet shows the configuration needed to enable Dataplane V2:

"cluster":{
   "initialClusterVersion":"VERSION",
   "ipAllocationPolicy":{
      "useIpAliases":true
   },
   "networkConfig":{
      "datapathProvider":"ADVANCED_DATAPATH"
   },
   "releaseChannel":{
      "channel":"CHANNEL_NAME"
   }
}

Replace the following:

VERSION: your cluster version, which must be GKE 1.20.6-gke.700 or later.
CHANNEL_NAME: a release channel that includes GKE version 1.20.6-gke.700 or later.

Troubleshooting

Check the state of the system Pods:
```
kubectl -n kube-system get pods -l k8s-app=cilium -o wide
```
If Dataplane V2 is running, you will see Pods with the prefix anetd- running. anetd is the networking controller for Dataplane V2.

If the issue is with services or network policy enforcement, check the anetd Pod logs:

kubectl -n kube-system get events --field-selector involvedObject.name=anetd
kubectl -n kube-system logs -l k8s-app=cilium

If Pod creation is failing, check the kubelet logs for clues. You can do this in GKE using ssh:
```
gcloud compute ssh node -- sudo journalctl -u kubelet
```
Replace node with the name of the VM instance.

What's next

Use network policy logging to record when connections to Pods are allowed or denied by your cluster's network policies.
Learn how Dataplane V2 works.