Stay organized with collectionsSave and categorize content based on your preferences.
GKE on Azure architecture
GKE on Azure is a managed service that helps you provision,
operate, and scale Kubernetes clusters in your Azure account.
This page is for Admins and architects and Operators who want to
define IT solutions and system architecture in accordance with company strategy
and requirements. To learn more about common roles and example tasks that we
reference in Google Cloud content, seeCommon GKE user roles and tasks.
Resource management
GKE on Azure uses Azure APIs to provision the resources
needed by your cluster, including virtual machines, managed disks,
virtual machine scale set, network
security groups, and load balancers.
When you set up GKE on Azure, you create an Azure Active Directory
(Azure AD) application and service principal with the required permissions. You
also create a client certificate that the GKE Multi-Cloud API uses to authenticate as
the application's service principal.
GKE on Azure uses a Google Cloud project to store cluster configuration
information on Google Cloud.
Fleets and Connect
GKE on Azure registers each cluster with aFleetwhen it is created.Connectenables
access to cluster and workload management features from Google Cloud. A
cluster's Fleet membership name is the same as its cluster name.
You can enable features such as Config Management and
Cloud Service Mesh within your Fleet.
Cluster architecture
GKE on Azure provisions clusters using private subnets inside your
Azure Virtual Network. Each cluster consists of the following components:
Control plane: The Kubernetes control plane uses a high-availability
architecture with three replicas. Each replica runs all Kubernetes components
includingkube-apiserver,kube-controller-manager,kube-scheduler, andetcd. Eachetcdinstance stores data in an Azure Disk volume, and uses a
network interface to communicate with otheretcdinstances. A standard load
balancer is used to balance traffic to the Kubernetes API endpoint,kube-apiserver.
You can create a control plane in multiple zones, or in a single
zone. For more information, seeCreate a cluster.
Node pools: A node pool is a group of Kubernetes worker nodes
with the same configuration, including instance type, disk configuration,
and instance profile. All nodes in a node pool run on the same
subnet. For high availability, you can provision multiple node pools across
different subnets in the same Azure region.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# GKE on Azure architecture\n=========================\n\nGKE on Azure is a managed service that helps you provision,\noperate, and scale Kubernetes clusters in your Azure account.\n\nThis page is for Admins and architects and Operators who want to\ndefine IT solutions and system architecture in accordance with company strategy\nand requirements. To learn more about common roles and example tasks that we\nreference in Google Cloud content, see\n[Common GKE user roles and tasks](/kubernetes-engine/enterprise/docs/concepts/roles-tasks).\n\nResource management\n-------------------\n\nGKE on Azure uses Azure APIs to provision the resources\nneeded by your cluster, including virtual machines, managed disks,\nvirtual machine scale set, network\nsecurity groups, and load balancers.\n\nYou can create, describe, and delete clusters with the\n[Google Cloud CLI](/sdk/gcloud/reference/container/azure) or\n[GKE Multi-Cloud API](/kubernetes-engine/multi-cloud/docs/reference/rest).\n\n### Authenticating to Azure\n\nWhen you set up GKE on Azure, you create an Azure Active Directory (Azure AD) application and service principal with the required permissions. You also create a client certificate that the GKE Multi-Cloud API uses to authenticate as the application's service principal.\n\n\u003cbr /\u003e\n\nFor more information about Azure AD and service principals, see\n[Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals).\n\n\nFor more information, see\n[Authentication overview](/kubernetes-engine/multi-cloud/docs/azure/concepts/authentication).\n\n### Resources on Google Cloud\n\nGKE on Azure uses a Google Cloud project to store cluster configuration\ninformation on Google Cloud.\n| **Warning:** Soon after you delete a Google Cloud project, any cluster resources in Azure are permanently deleted. To safeguard against the accidental deletion of a Google Cloud project, use [Project liens](/resource-manager/docs/project-liens).\n\nFleets and Connect\n------------------\n\nGKE on Azure registers each cluster with a\n[Fleet](/anthos/multicluster-management/fleets) when it is created.\n[Connect](/anthos/multicluster-management/connect/overview) enables\naccess to cluster and workload management features from Google Cloud. A\ncluster's Fleet membership name is the same as its cluster name.\n\nYou can enable features such as Config Management and\nCloud Service Mesh within your Fleet.\n\nCluster architecture\n--------------------\n\nGKE on Azure provisions clusters using private subnets inside your\nAzure Virtual Network. Each cluster consists of the following components:\n\n- **Control plane** : The Kubernetes control plane uses a high-availability\n architecture with three replicas. Each replica runs all Kubernetes components\n including `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, and\n `etcd`. Each `etcd` instance stores data in an Azure Disk volume, and uses a\n network interface to communicate with other `etcd` instances. A standard load\n balancer is used to balance traffic to the Kubernetes API endpoint,\n `kube-apiserver`.\n\n\n You can create a control plane in multiple zones, or in a single\n zone. For more information, see\n [Create a cluster](/kubernetes-engine/multi-cloud/docs/azure/how-to/create-cluster).\n- **Node pools**: A node pool is a group of Kubernetes worker nodes\n with the same configuration, including instance type, disk configuration,\n and instance profile. All nodes in a node pool run on the same\n subnet. For high availability, you can provision multiple node pools across\n different subnets in the same Azure region.\n\nWhat's next\n-----------\n\n- Complete the [Prerequisites](/kubernetes-engine/multi-cloud/docs/azure/how-to/prerequisites)."]]
