This Terraform module configures opinionated Google Kubernetes Engine (GKE) clusters, targeting DevOps engineers and platform administrators. It simplifies the creation and management of GKE clusters with features like Node Pools, IP MASQ, and Network Policy, reducing boilerplate configuration and promoting best practices.

How It Works

The module leverages Terraform to provision GKE clusters, defining resources like clusters, node pools, and associated networking configurations. It supports advanced features such as confidential nodes, shielded nodes, and various CSI drivers. The design emphasizes modularity, allowing for customization through input variables and providing sub-modules for specific configurations like private or beta clusters.

Quick Start & Requirements

• Install: terraform init
• Prerequisites: Terraform 1.3+, Terraform Provider for GCP v6.27+, kubectl, gcloud CLI.
• Service Account Roles: roles/compute.viewer, roles/container.clusterAdmin, roles/container.developer, roles/iam.serviceAccountUser, roles/resourcemanager.projectIamAdmin.
• APIs: Compute Engine API (compute.googleapis.com), Kubernetes Engine API (container.googleapis.com).
• Setup: Requires project setup with active APIs and appropriate service account permissions. Refer to the official documentation for detailed setup.

Highlighted Details

• Supports GKE Autopilot and Standard modes.
• Extensive configuration options for node pools, including GPU support, confidential nodes, and custom taints/labels.
• Integrates with Google Cloud services like Cloud Logging, Cloud Monitoring, and Filestore CSI driver.
• Provides sub-modules for private clusters and beta features.

Maintenance & Community

This module is part of the terraform-google-modules organization, indicating active maintenance and community support.

Licensing & Compatibility

• License: Apache 2.0
• Compatibility: Tested with Terraform 1.3+ and GCP Provider v6.27+.

Limitations & Caveats

• Changing certain core cluster configurations (e.g., regional, enable_tpu) after creation is destructive and will cause node pool recreation.
• The module requires specific IAM roles and enabled APIs on the target Google Cloud project.