- NAME
- 
- gcloud managed-kafka clusters create - create a Managed Service for Apache Kafka cluster
 
- SYNOPSIS
- 
- 
gcloud managed-kafka clusters create(CLUSTER:--location=LOCATION)--cpu=CPU--memory=MEMORY--subnets=[SUBNETS,…] [--async] [--no-auto-rebalance] [--encryption-key=ENCRYPTION_KEY] [--labels=[KEY=VALUE,…]] [--mtls-ca-pools=[MTLS_CA_POOLS,…]] [--ssl-principal-mapping-rules=SSL_PRINCIPAL_MAPPING_RULES] [GCLOUD_WIDE_FLAG …]
 
- 
- DESCRIPTION
- Create a Managed Service for Apache Kafka cluster.
- EXAMPLES
- 
To create a cluster, run the following:
gcloud managed-kafka clusters create mycluster --location=us-central1 --cpu=3 --memory=3GiB --subnets=projects/PROJECT_ID/regions/us-central1/subnetworks/default
- POSITIONAL ARGUMENTS
- 
- 
Cluster resource - Identifies the cluster for which the command runs. The
arguments in this group can be used to specify the attributes of this resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
To set the projectattribute:- 
provide the argument clusteron the command line with a fully specified name;
- 
provide the argument --projecton the command line;
- 
set the property core/project.
 This must be specified. - CLUSTER
- 
ID of the cluster or fully qualified identifier for the cluster.
To set the clusterattribute:- 
provide the argument clusteron the command line.
 This positional argument must be specified if any of the other arguments in this group are specified. 
- 
provide the argument 
- --location=- LOCATION
- 
ID of the location of the Managed Service for Apache Kafka resource. See https://cloud.google.com/managed-service-for-apache-kafka/docs/locations
for a list of supported locations.
To set the locationattribute:- 
provide the argument clusteron the command line with a fully specified name;
- 
provide the argument --locationon the command line.
 
- 
provide the argument 
 
- 
provide the argument 
 
- 
Cluster resource - Identifies the cluster for which the command runs. The
arguments in this group can be used to specify the attributes of this resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
- REQUIRED FLAGS
- 
- --cpu=- CPU
- The number of vCPUs to provision for the cluster. The minimum is 3.
- --memory=- MEMORY
- The memory to provision for the cluster in bytes. The value must be between 1 GiB and 8 GiB per vCPU. Ex. 1024Mi, 4Gi.
- --subnets=[- SUBNETS,…]
- 
A comma-separated list of VPC subnets from which the cluster is accessible. Both
broker and bootstrap server IP addresses and DNS entries are automatically
created in each subnet. Only one subnet per network is allowed, and the subnet
must be located in the same region as the cluster. The project may differ. A
minimum of 1 subnet is required. A maximum of 10 subnets can be specified. Use
commas to separate multiple subnets. The name of the subnet must be in the
format
projects/PROJECT_IDREGIONSUBNET
 
- OPTIONAL FLAGS
- 
- --async
- Return immediately, without waiting for the operation in progress to complete.
- --auto-rebalance
- 
Whether the automatic rebalancing is enabled. If automatic rebalancing is
enabled, topic partitions are rebalanced among brokers when the number of CPUs
in the cluster changes. Automatic rebalancing is enabled by default. Use
--no-auto-rebalance to disable this flag. Enabled by default, use
--no-auto-rebalanceto disable.
- --encryption-key=- ENCRYPTION_KEY
- 
The relative resource path of the Cloud KMS key to use for encryption in the
form:
projects/PROJECT_IDLOCATIONKEY_RINGKEY
- --labels=[- KEY=- VALUE,…]
- 
List of label KEY=VALUE pairs to add. Keys must start with a lowercase character
and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- --mtls-ca-pools=[- MTLS_CA_POOLS,…]
- 
A comma-separated list of CA pools from the Google Cloud Certificate Authority
Service. The root certificates of these CA pools will be installed in the
truststore of each broker in the cluster for use with mTLS. A maximum of 10 CA
pools can be specified. CA pools can be in a different project and region than
the cluster. This command overwrites the entire set of pools currently
configured on the cluster. If you want to add a new pool to an existing
configuration, you must provide the full list of both the old and new CA pools
in the command. Each CA pool must be in the format
projects/PROJECT_IDLOCATIONCA_POOL--clear-mtls-ca-poolsflag.
- --ssl-principal-mapping-rules=- SSL_PRINCIPAL_MAPPING_RULES
- 
The rules for mapping mTLS certificate Distinguished Names (DNs) to shortened
principal names for Kafka ACLs. This flag corresponds exactly to the
ssl.principal.mapping.rulesbroker config and matches the format and syntax defined in the Apache Kafka documentation. Setting or modifying this field will trigger a rolling restart of the Kafka brokers to apply the change. An empty string means that the default Kafka behavior is used. Example: "RULE:^CN=(.?),OU=ServiceUsers.$/$1@example.com/,DEFAULT"
 
- GCLOUD WIDE FLAGS
- 
These flags are available to all commands: --access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run $ gcloud helpfor details.
- API REFERENCE
- 
This command uses the managedkafka/v1API. The full documentation for this API can be found at: https://cloud.google.com/managed-service-for-apache-kafka/docs
- NOTES
- 
These variants are also available:
gcloud alpha managed-kafka clusters creategcloud beta managed-kafka clusters create
      gcloud managed-kafka clusters create
  
  Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-05 UTC.