Apply compute classes to Pods by default

Autopilot Standard

This page shows you how to apply compute classes by default to Google Kubernetes Engine (GKE) Pods that don't explicitly select a compute class. This page has instructions for setting a compute class as the default in a namespace and for an entire cluster. These instructions are intended for cluster administrators who want to reduce manual overhead caused by individual workload and node configuration.

Before reading this page, become familiar with custom compute classes.

About default compute classes

You can configure GKE clusters or specific namespaces to have a default compute class. The default class that you configure applies to any Pod in that cluster or namespace that doesn't select a different compute class. When you deploy a Pod that doesn't select a compute class, GKE applies default compute classes in the following order:

If the namespace has a default compute class, GKE modifies the Pod specification to select that compute class.
If the namespace doesn't have a default compute class, the cluster-level default class applies. GKE doesn't modify the Pod specification.

Before you begin

Before you start, make sure that you have performed the following tasks:

Enable the Google Kubernetes Engine API.

Enable Google Kubernetes Engine API

If you want to use the Google Cloud CLI for this task, install and then initialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running gcloud components update.
Note: For existing gcloud CLI installations, make sure to set the compute/region property. If you use primarily zonal clusters, set the compute/zone instead. By setting a default ___location, you can avoid errors in the gcloud CLI like the following: One of [--zone, --region] must be supplied: Please specify ___location. You might need to specify the ___location in certain commands if the ___location of your cluster differs from the default that you set.

Have a GKE Autopilot or Standard cluster that runs a version that supports setting a default compute class at the cluster- or namespace-level. For more information, see the Requirements section.

For Standard clusters, enable node auto-provisioning or the cluster autoscaler.
If you want to set a custom compute class as the default for a namespace, deploy a custom compute class.

Requirements

To set a compute class as the cluster-level default, the cluster must run GKE version 1.33.1-gke.1744000 or later.
To set a compute class as the namespace-level default for only non-DaemonSet Pods, the cluster must run GKE version 1.33.1-gke.1788000 or later.

Required roles and permissions

To get the permissions that you need to configure cluster- or namespace-level default compute classes, ask your administrator to grant you the following IAM roles on the Google Cloud project:

Kubernetes Engine Developer (roles/container.developer)
Update the cluster-level default compute class: Kubernetes Engine Cluster Admin (roles/container.clusterAdmin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to configure cluster- or namespace-level default compute classes. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to configure cluster- or namespace-level default compute classes:

container.customResourceDefinitions.create
container.customResourceDefinitions.update
container.customResourceDefinitions.get
container.customResourceDefinitions.list
container.namespaces.get
container.namespaces.list
container.pods.get
container.nodes.get
container.nodes.list
container.deployments.create
container.deployments.get
Add labels to namespaces: container.namespaces.update
Enable the cluster-level default compute class: container.clusters.update

You might also be able to get these permissions with custom roles or other predefined roles.

Configure a default compute class for a namespace

You can annotate any Kubernetes namespace in your cluster with the name of a compute class to use as the default. If a Pod that's deployed to that namespace doesn't already select a compute class, GKE modifies the Pod specification to select the default class in the namespace. You can set any custom or built-in compute class as the default.

To apply a compute class to all Pods in a namespace by default, add the cloud.google.com/default-compute-class label to that namespace:
```
kubectl label namespaces NAMESPACE_NAME \
    cloud.google.com/default-compute-class=COMPUTECLASS_NAME
```
Replace the following:
- NAMESPACE_NAME: the name of the namespace to update.
- COMPUTECLASS_NAME: the name of the compute class to set as the default for the namespace.
If the command fails with the following error message, the namespace already has a default compute class:
```
error: 'cloud.google.com/default-compute-class' already has a value, and --overwrite is false
```
To resolve this error, update the default compute class for the namespace.
To apply a compute class to all non-DaemonSet Pods in a namespace by default, add the cloud.google.com/default-compute-class-non-daemonset label to that namespace:
```
kubectl label namespaces NAMESPACE_NAME \
    cloud.google.com/default-compute-class-non-daemonset=COMPUTECLASS_NAME
```
If the command fails with the following error message, the namespace already has a default compute class for non-DaemonSet Pods:
```
error: 'cloud.google.com/default-compute-class-non-daemonset' already has a value, and --overwrite is false
```
To resolve this error, update the default compute class for the namespace.

Update the existing default compute class in a namespace

To overwrite the existing default compute class for a namespace, run one of the following commands:

Update the default compute class for all Pods in the namespace:
```
kubectl label namespaces NAMESPACE_NAME   \
    cloud.google.com/default-compute-class=COMPUTECLASS_NAME \
    --overwrite
```
Replace the following:
- NAMESPACE_NAME: the name of the namespace to update.
- COMPUTECLASS_NAME: the name of the compute class to set as the new default for the namespace.

Overwrite the default compute class for non-DaemonSet Pods in the namespace:

kubectl label namespaces NAMESPACE_NAME \
    cloud.google.com/default-compute-class-non-daemonset=COMPUTECLASS_NAME \
    --overwrite

Configure a default compute class for a cluster

This section shows you how to set a compute class as the default for your cluster. For cluster-level default compute classes, don't manually specify node taints and node labels for existing node pools in the cluster. GKE ignores node pools that have node taints for compute classes during node creation.

To enable setting a cluster-level default compute class for a cluster, run the gcloud container clusters update command with the --enable-default-compute-class flag:
```
gcloud container clusters update CLUSTER_NAME \
    --___location=CONTROL_PLANE_LOCATION \
    --enable-default-compute-class
```
Replace the following:
- CLUSTER_NAME: the name of your cluster.
- CONTROL_PLANE_LOCATION: the ___location of your cluster control plane, like us-central1.
You can also specify this flag when you create an Autopilot or Standard cluster.
Save the following manifest, which defines a ComputeClass named default:
```
apiVersion: cloud.google.com/v1
kind: ComputeClass
metadata:
  name: default
spec:
  priorities:
  - machineFamily: n4
  - machineFamily: n2
  whenUnsatisfiable: ScaleUpAnyway
  nodePoolAutoCreation:
    enabled: true
```
This example manifest requests nodes that use N4 instances. If N4 instances aren't available, the compute class requests N2 instances instead. You can configure the default compute class with any of the available fields in the ComputeClass CustomResourceDefinition.
Apply the manifest to your cluster:
```
kubectl apply -f PATH_TO_MANIFEST
```
Replace PATH_TO_MANIFEST with the path to the manifest for the compute class.

After you set a cluster-level default compute class, Autopilot clusters no longer use the general-purpose Autopilot compute platform for Pods that don't request a compute class.

Verify the default compute class behavior

To check whether the default compute class that you set for a namespace or for a cluster works as expected, do the following:

Review the following example Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloweb
  labels:
    app: hello
spec:
  selector:
    matchLabels:
      app: hello
      tier: web
  template:
    metadata:
      labels:
        app: hello
        tier: web
    spec:
      containers:
      - name: hello-app
        image: us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0
        ports:
        - containerPort: 8080
        resources:
          requests:
            cpu: 200m

This Deployment doesn't explicitly request a compute class.

Create the Deployment:
```
kubectl apply --namespace=NAMESPACE_NAME \
    -f https://raw.githubusercontent.com/GoogleCloudPlatform/kubernetes-engine-samples/refs/heads/main/quickstarts/hello-app/manifests/helloweb-deployment.yaml
```
Replace NAMESPACE_NAME with one of the following, depending on what you want to verify:
- The name of a namespace that has a default compute class.
- The name of a namespace that doesn't have a default compute class.
GKE might take some time to create new nodes to run the Pods.

Identify the nodes that run the Pods from the example Deployment:

kubectl get pods --namespace=NAMESPACE_NAME \
    --selector=app=hello -o=wide

The output is similar to the following:

NAME                        READY   STATUS    RESTARTS   AGE     IP          NODE                                                  NOMINATED NODE   READINESS GATES
helloweb-7795fbf856-58n5l   1/1     Running   0          9m21s   10.52.2.3   gke-cluster-1-nap-n2-highcpu-2-3muqi8-f213e529-rx7d   <none>           <none>

Get the node labels:
```
kubectl get node NODE_NAME --show-labels \
    | grep "cloud.google.com/compute-class"
```
Replace NODE_NAME with the name of the node from the output of the previous step.

The output is similar to the following:
```
NODE_NAME   Ready    <none>   22m   v1.32.4-gke.1236007
# lines are omitted from this output
cloud.google.com/compute-class=COMPUTECLASS_NAME,cloud.google.com/gke-boot-disk=pd-balanced,cloud.google.com/gke-container-runtime=containerd
```
The value in COMPUTECLASS_NAME is one of the following:
- Cluster-level default compute class: default for nodes that were created by GKE Autopilot or by node auto-provisioning. Nodes in existing manually created node pools might not have the cloud.google.com/compute-class label.
- Namespace-level default compute class: the name of the compute class that you configured as the namespace default.

Disable the default compute class

To disable the default compute class in a namespace or a cluster, do one of the following:

To disable the namespace-level default compute class for all Pods, remove the cloud.google.com/default-compute-class label from the namespace:
```
kubectl label namespaces NAMESPACE_NAME \
  cloud.google.com/default-compute-class-
```
The - character at the end of the label key removes any labels with that key from the Namespace object in the Kubernetes API.
To disable the namespace-level default compute class for non-DaemonSet Pods, remove the cloud.google.com/default-compute-class-non-daemonset label from the namespace:
```
kubectl label namespaces NAMESPACE_NAME \
  cloud.google.com/default-compute-class-non-daemonset-
```

To disable the cluster-level default compute class, use the gcloud container clusters update command with the --no-enable-default-compute-class flag:

gcloud container clusters update CLUSTER_NAME \
    --___location=CONTROL_PLANE_LOCATION \
    --no-enable-default-compute-class

What's next

Learn more about custom compute classes in GKE.