Terraform GKE module

This module creates the GKE cluster with all dependencies: project, network (VPC), subnet etc. It can also use existing project - in such case set the create_project to false and provide the existing project_id.

Prerequisite

Before you create GCP project make sure you have right permission to attach billing accounts to created project. That means have at least one of IAM roles attached:
- roles/billing.creator
- roles/billing.admin
- roles/billing.user
- roles/billing.projectManager

Usage

The simplest way to use this module:

module "gke" {
  source = "../../"
  create_project = false
  k8s_network_base = "10.100.0.0/16"
  project_id = "gke-test-project"
  region = "europe-central2"
  subnet_network = "10.1.0.0/20"
  regional = false
  zones = ["europe-central2-a"]
  node_pools = {
    default-pool = {
      disk_size_gb = 50
      max_count = 3
      preemptible = true
    }
  }
}

By default, it creates a "private" GKE cluster, but this can be changed setting enable_private_nodes to false. This module is based on opinionated google modules, but combines several modules into "one module to rule them all". It uses the private-cluster-update-variant submodule of GKE - the version which can creates private cluster and - in case of node pool changes - creates new pool before deleting the old one, which minimizes the downtime of the live system.

Node pools variable

The node_pools is a map of objects, where the node pool name is a key. Possible values:

Name	Description	Default
image_type	The image type used to create the nodes. The possible values are COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24	COS_CONTAINERD
machine_type	The name of a Google Compute Engine machine type.	e2-medium
min_cpu_platform	Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.	""
local_ssd_count	Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.	0
disk_size_gb	Size of the disk attached to each node, specified in GB.	100
disk_type	Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced').	pd-standard
preemptible	A boolean that represents whether or not the underlying node VMs are preemptible	false
spot	A boolean that represents whether the underlying node VMs are spot.	false
labels	The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.	{}
oauth_scopes	The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.	var.default_node_pools_oauth_scopes
service_account	The service account to be used by the Node VMs. If not specified, the "default" service account is used.	null
taint	A list of Kubernetes taints to apply to nodes. Each taint consist of `key`, `value` and the effect, which must be one of NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.	[]

Autopilot support

This module supports the autopilot GKE cluster. To create the autopilot cluster:

set the enable_autopilot to true
set the node_pools variable to empty list []

Requirements

No requirements.

Providers

Name	Version
google	5.45.0
google-beta	5.45.0

Modules

Name	Source	Version
cloud_nat	registry.terraform.io/terraform-google-modules/cloud-nat/google	5.1.0
network	registry.terraform.io/terraform-google-modules/network/google	9.1.0
project	registry.terraform.io/terraform-google-modules/project-factory/google	15.0.1
project_services	terraform-google-modules/project-factory/google//modules/project_services	15.0.1

Resources

Name	Type
google-beta_google_container_node_pool.pools	resource
google_artifact_registry_repository.my-repo	resource
google_compute_address.cloud_nat_address	resource
google_container_cluster.gke	resource

Inputs

Name	Description	Type	Default	Required
activate_apis	List of Google APIs activated in new or existing project.	`list(string)`	[ "compute.googleapis.com", "container.googleapis.com" ]	no
artifact_registry_name	The name of the artifact registry repository	`string`	`"my-repository"`	no
billing_account	YOU NEED TO HAVE PERMISSION TO BILLING ACCOUNT, The billing account to witch the new project should be connected. Required if `create_project` set to `true`.	`string`	`""`	no
cluster_deletion_protection	Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.	`bool`	`true`	no
create_artifact_registry	Whether to create Artifact Registry for docker images	`bool`	`false`	no
create_project	Defines if create the project. All resources are created this project. If `false` - the project_id is required.	`bool`	`false`	no
default_node_pools_oauth_scopes	Default node pool oauth scopes added to all node pools	`list(string)`	[ "https://www.googleapis.com/auth/cloud-platform" ]	no
default_pool_machine_type	In some cases the GKE won't be created unless the default pool uses specific machine type (for example confidential nodes) so we have to set the type even if the default pool is removed.	`string`	`"e2-small"`	no
disable_services_on_destroy	Whether project services will be disabled when the resources are destroyed.	`bool`	`true`	no
enable_autopilot	Whether to enable Autopilot feature	`bool`	`null`	no
enable_confidential_nodes	Whether to enable confidential nodes.	`bool`	`false`	no
enable_private_endpoint	Defines if create private endpoint. It disables the public endpoint so the cluster is accessible only from VPC.	`bool`	`false`	no
enable_private_nodes	Defines if use private nodes. Implies creation of cloud NAT service so nodes and pods can access public internet.	`bool`	`true`	no
gcr_location	Location of the GCR bucket.	`string`	`"EU"`	no
k8s_network_base	The IP CIDR base for pods and services secondary networks. Must not overlap with `subnet_network`. Must be a `/16` network.	`string`	n/a	yes
master_authorized_networks	Allows accessing masters only from defined networks. If `enable_private_endpoint` is `true` it must not be any public CIDR block.	`list(map(string))`	[ { "cidr_block": "0.0.0.0/0", "display_name": "ALL" } ]	no
master_ipv4_cidr_block	The /28 CIDR block for masters when using private cluster.	`string`	`"172.16.0.0/28"`	no
node_pools	The object which describes the node pools. The structure is described in the README file.	`any`	`{}`	no
org_id	GCP organization id. Required if `create_project` is `true`.	`string`	`""`	no
platform_name	The name of the platform. Many resource names are based on this (VPC, subnet, GKE cluster etc).	`string`	n/a	yes
project_id	Existing project id. Required if `create_project` set to `false`	`string`	`null`	no
project_name	The name of the created project. Defaults to `platform_name` if not set.	`string`	`null`	no
region	Region where to create resources.	`string`	n/a	yes
regional	Defines the type of the GKE cluster. If `true` - the cluster is created as `regional`. Otherwise - as `zonal`.	`bool`	`true`	no
release_channel	The GKE release channel.	`string`	`"UNSPECIFIED"`	no
subnet_network	The IP CIDR of the network for the GKE nodes. Must not overlap with `k8s_network_base`.	`string`	n/a	yes
subnet_private_access	Whether to enable google private IP access for the subnet	`bool`	`true`	no
zones	List of zones for `zonal` cluster. Required if `regional` set to `false`.	`list(string)`	`[]`	no

Outputs

Name	Description
gke_ca_certificate	The kubernetes CA certificate
gke_cluster_id	Cluster name
gke_cluster_name	Cluster name
gke_endpoint	The kubernetes endpoint
gke_location	Location of the GKE cluster. Region if cluster is regional, zone if zonal
gke_zones	List of zones where the cluster lives
nat_ip	The IP address allocated for NAT
project_id	ID of the project containing the cluster
subnetwork_name	Name of the subnetwork
vpc_id	VPC (network) ID
vpc_name	Name of the created VPC (network)
vpc_self_link	VPC (network) self link

node_pools variable

The node_pools variable takes the following parameters:

Name	Description	Default	Requirement
autoscaling	Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage	`true`	Optional
node_locations	The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. Defaults to cluster level node locations if nothing is specified	`""`	Optional
node_count	The number of nodes in the nodepool when autoscaling is false. Otherwise defaults to 1. Only valid for non-autoscaling clusters	`1`	Required
min_count	Minimum number of nodes in the NodePool. Must be >=0 and <= max_count. Should be used when autoscaling is true	`1`	Optional
max_count	Maximum number of nodes in the NodePool. Must be >= min_count	`100`	Optional
image_type	The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool	`COS_CONTAINERD`	Optional
machine_type	The name of a Google Compute Engine machine type	`e2-medium`	Optional
min_cpu_platform	Minimum CPU platform to be used by the nodes in the pool. The nodes may be scheduled on the specified or newer CPU platform.	`""`	Optional
local_ssd_count	The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume.	`0`	Optional
disk_size_gb	Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB	`100`	Optional
preemptible	A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information.)	`false`	Optional
spot	A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information.	`false`	Optional
compact_placement_policy	Compact placement policy enabled places node pool's nodes in a closer physical proximity in order to reduce network latency between nodes.	`false`	Optional
taints	List of objects, each object needs a `key`, `value`, and `effect` fields.	`[]`	Optional

Name		Name	Last commit message	Last commit date
Latest commit History 93 Commits
.github/workflows		.github/workflows
examples		examples
test		test
.gitignore		.gitignore
.terraform-docs.yml		.terraform-docs.yml
LICENSE		LICENSE
README.md		README.md
locals.tf		locals.tf
main.tf		main.tf
outputs.tf		outputs.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Terraform GKE module

Prerequisite

Usage

Node pools variable

Autopilot support

Requirements

Providers

Modules

Resources

Inputs

Outputs

node_pools variable

About

Releases 6

Packages

Contributors 7

Languages

License

softwaremill/terraform-gke-bootstrap

Folders and files

Latest commit

History

Repository files navigation

Terraform GKE module

Prerequisite

Usage

Node pools variable

Autopilot support

Requirements

Providers

Modules

Resources

Inputs

Outputs

node_pools variable

About

Resources

License

Stars

Watchers

Forks

Releases 6

Packages 0

Contributors 7

Languages

Packages