{"id":19143278,"url":"https://github.com/devenes/gk8s","last_synced_at":"2026-04-17T08:03:46.380Z","repository":{"id":107131047,"uuid":"537636251","full_name":"devenes/gk8s","owner":"devenes","description":"Provision your GKE cluster using Terraform and manage your Kubernetes environment with service configurations.","archived":false,"fork":false,"pushed_at":"2022-11-21T02:32:38.000Z","size":220,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-03T15:44:18.933Z","etag":null,"topics":["backend","gcloud","gcp","gke","helm","ingress","k8s","nginx","service-account","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devenes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-16T22:23:58.000Z","updated_at":"2022-09-17T22:19:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"ce245707-c2f5-4c77-bd83-ec962b4a963b","html_url":"https://github.com/devenes/gk8s","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devenes%2Fgk8s","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devenes%2Fgk8s/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devenes%2Fgk8s/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devenes%2Fgk8s/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devenes","download_url":"https://codeload.github.com/devenes/gk8s/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240224227,"owners_count":19767722,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backend","gcloud","gcp","gke","helm","ingress","k8s","nginx","service-account","terraform"],"created_at":"2024-11-09T07:30:11.591Z","updated_at":"2026-04-17T08:03:46.343Z","avatar_url":"https://github.com/devenes.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\" id=\"top\"\u003e \n \u003cimg src=\"./gcp.gif\" alt=\"GCP\" /\u003e\n\u003c/div\u003e\n\n\u0026#xa0;\n\u0026#xa0;\n\n## Terraform resources plan\n\n```ruby\nTerraform will perform the following actions:\n\n # google_compute_address.nat will be created\n + resource \"google_compute_address\" \"nat\" {\n + address = (known after apply)\n + address_type = \"EXTERNAL\"\n + creation_timestamp = (known after apply)\n + id = (known after apply)\n + name = \"nat\"\n + network_tier = \"PREMIUM\"\n + project = (known after apply)\n + purpose = (known after apply)\n + region = (known after apply)\n + self_link = (known after apply)\n + subnetwork = (known after apply)\n + users = (known after apply)\n }\n\n # google_compute_firewall.allow_ssh will be created\n + resource \"google_compute_firewall\" \"allow_ssh\" {\n + creation_timestamp = (known after apply)\n + destination_ranges = (known after apply)\n + direction = (known after apply)\n + enable_logging = (known after apply)\n + id = (known after apply)\n + name = \"allow-ssh\"\n + network = \"main\"\n + priority = 1000\n + project = (known after apply)\n + self_link = (known after apply)\n + source_ranges = [\n + \"0.0.0.0/0\",\n ]\n\n + allow {\n + ports = [\n + \"22\",\n ]\n + protocol = \"tcp\"\n }\n }\n\n # google_compute_network.main will be created\n + resource \"google_compute_network\" \"main\" {\n + auto_create_subnetworks = false\n + delete_default_routes_on_create = false\n + gateway_ipv4 = (known after apply)\n + id = (known after apply)\n + internal_ipv6_range = (known after apply)\n + mtu = 1460\n + name = \"main\"\n + project = (known after apply)\n + routing_mode = \"REGIONAL\"\n + self_link = (known after apply)\n }\n\n # google_compute_router.router will be created\n + resource \"google_compute_router\" \"router\" {\n + creation_timestamp = (known after apply)\n + id = (known after apply)\n + name = \"router\"\n + network = (known after apply)\n + project = (known after apply)\n + region = \"us-central1\"\n + self_link = (known after apply)\n }\n\n # google_compute_router_nat.nat will be created\n + resource \"google_compute_router_nat\" \"nat\" {\n + enable_dynamic_port_allocation = (known after apply)\n + enable_endpoint_independent_mapping = true\n + icmp_idle_timeout_sec = 30\n + id = (known after apply)\n + name = \"nat\"\n + nat_ip_allocate_option = \"MANUAL_ONLY\"\n + nat_ips = (known after apply)\n + project = (known after apply)\n + region = \"us-central1\"\n + router = \"router\"\n + source_subnetwork_ip_ranges_to_nat = \"LIST_OF_SUBNETWORKS\"\n + tcp_established_idle_timeout_sec = 1200\n + tcp_transitory_idle_timeout_sec = 30\n + udp_idle_timeout_sec = 30\n\n + subnetwork {\n + name = (known after apply)\n + secondary_ip_range_names = []\n + source_ip_ranges_to_nat = [\n + \"ALL_IP_RANGES\",\n ]\n }\n }\n\n # google_compute_subnetwork.private will be created\n + resource \"google_compute_subnetwork\" \"private\" {\n + creation_timestamp = (known after apply)\n + external_ipv6_prefix = (known after apply)\n + fingerprint = (known after apply)\n + gateway_address = (known after apply)\n + id = (known after apply)\n + ip_cidr_range = \"10.0.0.0/18\"\n + ipv6_cidr_range = (known after apply)\n + name = \"private\"\n + network = (known after apply)\n + private_ip_google_access = true\n + private_ipv6_google_access = (known after apply)\n + project = (known after apply)\n + purpose = (known after apply)\n + region = \"us-central1\"\n + secondary_ip_range = [\n + {\n + ip_cidr_range = \"10.48.0.0/14\"\n + range_name = \"k8s-pod-range\"\n },\n + {\n + ip_cidr_range = \"10.52.0.0/20\"\n + range_name = \"k8s-service-range\"\n },\n ]\n + self_link = (known after apply)\n + stack_type = (known after apply)\n }\n\n # google_container_cluster.primary will be created\n + resource \"google_container_cluster\" \"primary\" {\n + cluster_ipv4_cidr = (known after apply)\n + datapath_provider = (known after apply)\n + default_max_pods_per_node = (known after apply)\n + enable_binary_authorization = false\n + enable_intranode_visibility = (known after apply)\n + enable_kubernetes_alpha = false\n + enable_legacy_abac = false\n + enable_shielded_nodes = true\n + endpoint = (known after apply)\n + id = (known after apply)\n + initial_node_count = 1\n + label_fingerprint = (known after apply)\n + location = \"us-central1-a\"\n + logging_service = \"logging.googleapis.com/kubernetes\"\n + master_version = (known after apply)\n + monitoring_service = \"monitoring.googleapis.com/kubernetes\"\n + name = \"primary\"\n + network = (known after apply)\n + networking_mode = \"VPC_NATIVE\"\n + node_locations = [\n + \"us-central1-b\",\n ]\n + node_version = (known after apply)\n + operation = (known after apply)\n + private_ipv6_google_access = (known after apply)\n + project = (known after apply)\n + remove_default_node_pool = true\n + self_link = (known after apply)\n + services_ipv4_cidr = (known after apply)\n + subnetwork = (known after apply)\n + tpu_ipv4_cidr_block = (known after apply)\n\n + addons_config {\n + cloudrun_config {\n + disabled = (known after apply)\n + load_balancer_type = (known after apply)\n }\n\n + dns_cache_config {\n + enabled = (known after apply)\n }\n\n + gce_persistent_disk_csi_driver_config {\n + enabled = (known after apply)\n }\n\n + gcp_filestore_csi_driver_config {\n + enabled = (known after apply)\n }\n\n + horizontal_pod_autoscaling {\n + disabled = false\n }\n\n + http_load_balancing {\n + disabled = true\n }\n\n + network_policy_config {\n + disabled = (known after apply)\n }\n }\n\n + authenticator_groups_config {\n + security_group = (known after apply)\n }\n\n + cluster_autoscaling {\n + enabled = (known after apply)\n\n + auto_provisioning_defaults {\n + boot_disk_kms_key = (known after apply)\n + image_type = (known after apply)\n + oauth_scopes = (known after apply)\n + service_account = (known after apply)\n }\n\n + resource_limits {\n + maximum = (known after apply)\n + minimum = (known after apply)\n + resource_type = (known after apply)\n }\n }\n\n + confidential_nodes {\n + enabled = (known after apply)\n }\n\n + database_encryption {\n + key_name = (known after apply)\n + state = (known after apply)\n }\n\n + default_snat_status {\n + disabled = (known after apply)\n }\n\n + ip_allocation_policy {\n + cluster_ipv4_cidr_block = (known after apply)\n + cluster_secondary_range_name = \"k8s-pod-range\"\n + services_ipv4_cidr_block = (known after apply)\n + services_secondary_range_name = \"k8s-service-range\"\n }\n\n + logging_config {\n + enable_components = (known after apply)\n }\n\n + master_auth {\n + client_certificate = (known after apply)\n + client_key = (sensitive value)\n + cluster_ca_certificate = (known after apply)\n\n + client_certificate_config {\n + issue_client_certificate = (known after apply)\n }\n }\n\n + mesh_certificates {\n + enable_certificates = (known after apply)\n }\n\n + monitoring_config {\n + enable_components = (known after apply)\n }\n\n + node_config {\n + boot_disk_kms_key = (known after apply)\n + disk_size_gb = (known after apply)\n + disk_type = (known after apply)\n + guest_accelerator = (known after apply)\n + image_type = (known after apply)\n + labels = (known after apply)\n + local_ssd_count = (known after apply)\n + machine_type = (known after apply)\n + metadata = (known after apply)\n + min_cpu_platform = (known after apply)\n + node_group = (known after apply)\n + oauth_scopes = (known after apply)\n + preemptible = (known after apply)\n + service_account = (known after apply)\n + spot = (known after apply)\n + tags = (known after apply)\n + taint = (known after apply)\n\n + gcfs_config {\n + enabled = (known after apply)\n }\n\n + gvnic {\n + enabled = (known after apply)\n }\n\n + reservation_affinity {\n + consume_reservation_type = (known after apply)\n + key = (known after apply)\n + values = (known after apply)\n }\n\n + shielded_instance_config {\n + enable_integrity_monitoring = (known after apply)\n + enable_secure_boot = (known after apply)\n }\n\n + workload_metadata_config {\n + mode = (known after apply)\n }\n }\n\n + node_pool {\n + initial_node_count = (known after apply)\n + instance_group_urls = (known after apply)\n + managed_instance_group_urls = (known after apply)\n + max_pods_per_node = (known after apply)\n + name = (known after apply)\n + name_prefix = (known after apply)\n + node_count = (known after apply)\n + node_locations = (known after apply)\n + version = (known after apply)\n\n + autoscaling {\n + location_policy = (known after apply)\n + max_node_count = (known after apply)\n + min_node_count = (known after apply)\n + total_max_node_count = (known after apply)\n + total_min_node_count = (known after apply)\n }\n\n + management {\n + auto_repair = (known after apply)\n + auto_upgrade = (known after apply)\n }\n\n + node_config {\n + boot_disk_kms_key = (known after apply)\n + disk_size_gb = (known after apply)\n + disk_type = (known after apply)\n + guest_accelerator = (known after apply)\n + image_type = (known after apply)\n + labels = (known after apply)\n + local_ssd_count = (known after apply)\n + machine_type = (known after apply)\n + metadata = (known after apply)\n + min_cpu_platform = (known after apply)\n + node_group = (known after apply)\n + oauth_scopes = (known after apply)\n + preemptible = (known after apply)\n + service_account = (known after apply)\n + spot = (known after apply)\n + tags = (known after apply)\n + taint = (known after apply)\n\n + gcfs_config {\n + enabled = (known after apply)\n }\n\n + gvnic {\n + enabled = (known after apply)\n }\n\n + reservation_affinity {\n + consume_reservation_type = (known after apply)\n + key = (known after apply)\n + values = (known after apply)\n }\n\n + shielded_instance_config {\n + enable_integrity_monitoring = (known after apply)\n + enable_secure_boot = (known after apply)\n }\n\n + workload_metadata_config {\n + mode = (known after apply)\n }\n }\n\n + upgrade_settings {\n + max_surge = (known after apply)\n + max_unavailable = (known after apply)\n }\n }\n\n + notification_config {\n + pubsub {\n + enabled = (known after apply)\n + topic = (known after apply)\n }\n }\n\n + private_cluster_config {\n + enable_private_nodes = true\n + master_ipv4_cidr_block = \"172.16.0.0/28\"\n + peering_name = (known after apply)\n + private_endpoint = (known after apply)\n + public_endpoint = (known after apply)\n\n + master_global_access_config {\n + enabled = (known after apply)\n }\n }\n\n + release_channel {\n + channel = \"REGULAR\"\n }\n\n + service_external_ips_config {\n + enabled = (known after apply)\n }\n\n + vertical_pod_autoscaling {\n + enabled = (known after apply)\n }\n\n + workload_identity_config {\n + workload_pool = \"your-project-id.svc.id.goog\"\n }\n }\n\n # google_container_node_pool.general will be created\n + resource \"google_container_node_pool\" \"general\" {\n + cluster = (known after apply)\n + id = (known after apply)\n + initial_node_count = (known after apply)\n + instance_group_urls = (known after apply)\n + location = (known after apply)\n + managed_instance_group_urls = (known after apply)\n + max_pods_per_node = (known after apply)\n + name = \"general\"\n + name_prefix = (known after apply)\n + node_count = 1\n + node_locations = (known after apply)\n + operation = (known after apply)\n + project = (known after apply)\n + version = (known after apply)\n\n + management {\n + auto_repair = true\n + auto_upgrade = true\n }\n\n + node_config {\n + disk_size_gb = (known after apply)\n + disk_type = (known after apply)\n + guest_accelerator = (known after apply)\n + image_type = (known after apply)\n + labels = {\n + \"role\" = \"general\"\n }\n + local_ssd_count = (known after apply)\n + machine_type = \"e2-small\"\n + metadata = (known after apply)\n + min_cpu_platform = (known after apply)\n + oauth_scopes = [\n + \"https://www.googleapis.com/auth/cloud-platform\",\n ]\n + preemptible = false\n + service_account = (known after apply)\n + spot = false\n + taint = (known after apply)\n\n + shielded_instance_config {\n + enable_integrity_monitoring = (known after apply)\n + enable_secure_boot = (known after apply)\n }\n\n + workload_metadata_config {\n + mode = (known after apply)\n }\n }\n\n + upgrade_settings {\n + max_surge = (known after apply)\n + max_unavailable = (known after apply)\n }\n }\n\n # google_container_node_pool.spot will be created\n + resource \"google_container_node_pool\" \"spot\" {\n + cluster = (known after apply)\n + id = (known after apply)\n + initial_node_count = (known after apply)\n + instance_group_urls = (known after apply)\n + location = (known after apply)\n + managed_instance_group_urls = (known after apply)\n + max_pods_per_node = (known after apply)\n + name = \"spot\"\n + name_prefix = (known after apply)\n + node_count = (known after apply)\n + node_locations = (known after apply)\n + operation = (known after apply)\n + project = (known after apply)\n + version = (known after apply)\n\n + autoscaling {\n + max_node_count = 10\n + min_node_count = 0\n }\n\n + management {\n + auto_repair = true\n + auto_upgrade = true\n }\n\n + node_config {\n + disk_size_gb = (known after apply)\n + disk_type = (known after apply)\n + guest_accelerator = (known after apply)\n + image_type = (known after apply)\n + labels = {\n + \"team\" = \"devops\"\n }\n + local_ssd_count = (known after apply)\n + machine_type = \"e2-small\"\n + metadata = (known after apply)\n + min_cpu_platform = (known after apply)\n + oauth_scopes = [\n + \"https://www.googleapis.com/auth/cloud-platform\",\n ]\n + preemptible = true\n + service_account = (known after apply)\n + spot = false\n + taint = [\n + {\n + effect = \"NO_SCHEDULE\"\n + key = \"instance_type\"\n + value = \"spot\"\n },\n ]\n\n + shielded_instance_config {\n + enable_integrity_monitoring = (known after apply)\n + enable_secure_boot = (known after apply)\n }\n\n + workload_metadata_config {\n + mode = (known after apply)\n }\n }\n\n + upgrade_settings {\n + max_surge = (known after apply)\n + max_unavailable = (known after apply)\n }\n }\n\n # google_project_iam_member.svc-devenes will be created\n + resource \"google_project_iam_member\" \"svc-devenes\" {\n + etag = (known after apply)\n + id = (known after apply)\n + member = (known after apply)\n + project = \"your-project-id\"\n + role = \"roles/storage.admin\"\n }\n\n # google_project_service.compute will be created\n + resource \"google_project_service\" \"compute\" {\n + disable_on_destroy = true\n + id = (known after apply)\n + project = (known after apply)\n + service = \"compute.googleapis.com\"\n }\n\n # google_project_service.container will be created\n + resource \"google_project_service\" \"container\" {\n + disable_on_destroy = true\n + id = (known after apply)\n + project = (known after apply)\n + service = \"container.googleapis.com\"\n }\n\n # google_service_account.kubernetes will be created\n + resource \"google_service_account\" \"kubernetes\" {\n + account_id = \"kubernetes\"\n + disabled = false\n + email = (known after apply)\n + id = (known after apply)\n + name = (known after apply)\n + project = (known after apply)\n + unique_id = (known after apply)\n }\n\n # google_service_account.svc-devenes will be created\n + resource \"google_service_account\" \"svc-devenes\" {\n + account_id = \"svc-devenes\"\n + disabled = false\n + email = (known after apply)\n + id = (known after apply)\n + name = (known after apply)\n + project = (known after apply)\n + unique_id = (known after apply)\n }\n\n # google_service_account_iam_member.svc-devenes will be created\n + resource \"google_service_account_iam_member\" \"svc-devenes\" {\n + etag = (known after apply)\n + id = (known after apply)\n + member = (known after apply)\n + role = \"roles/iam.workloadIdentityUser\"\n + service_account_id = (known after apply)\n }\n\nPlan: 15 to add, 0 to change, 0 to destroy.\n```\n\n## Apply\n\n```ruby\n$ terraform apply\ngoogle_project_service.compute: Refreshing state... [id=your-project-id/compute.googleapis.com]\ngoogle_project_service.container: Refreshing state... [id=your-project-id/container.googleapis.com]\ngoogle_service_account.svc-devenes: Refreshing state... [id=projects/your-project-id/serviceAccounts/svc-devenes@your-project-id.iam.gserviceaccount.com]\ngoogle_service_account.kubernetes: Refreshing state... [id=projects/your-project-id/serviceAccounts/kubernetes@your-project-id.iam.gserviceaccount.com]\ngoogle_service_account_iam_member.svc-devenes: Refreshing state... [id=projects/your-project-id/serviceAccounts/svc-devenes@your-project-id.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/serviceAccount:your-project-id.svc.id.goog[staging/svc-devenes]]\ngoogle_project_iam_member.svc-devenes: Refreshing state... [id=your-project-id/roles/storage.admin/serviceAccount:svc-devenes@your-project-id.iam.gserviceaccount.com]\ngoogle_compute_network.main: Refreshing state... [id=projects/your-project-id/global/networks/main]\ngoogle_compute_address.nat: Refreshing state... [id=projects/your-project-id/regions/us-central1/addresses/nat]\ngoogle_compute_router.router: Refreshing state... [id=projects/your-project-id/regions/us-central1/routers/router]\ngoogle_compute_subnetwork.private: Refreshing state... [id=projects/your-project-id/regions/us-central1/subnetworks/private]\ngoogle_compute_firewall.allow_ssh: Refreshing state... [id=projects/your-project-id/global/firewalls/allow-ssh]\ngoogle_compute_router_nat.nat: Refreshing state... [id=your-project-id/us-central1/router/nat]\ngoogle_container_cluster.primary: Refreshing state... [id=projects/your-project-id/locations/us-central1-a/clusters/primary]\ngoogle_container_node_pool.spot: Refreshing state... [id=projects/your-project-id/locations/us-central1-a/clusters/primary/nodePools/spot]\ngoogle_container_node_pool.general: Refreshing state... [id=projects/your-project-id/locations/us-central1-a/clusters/primary/nodePools/general]\n\nNo changes. Your infrastructure matches the configuration.\n```\n\n## Add Nginx Ingress with Helm\n\n```ruby\nhelm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx\nhelm repo update\nhelm search repo nginx\nhelm install nginx-ingress ingress-nginx/ingress-nginx\n```\n\n```ruby\nhelm install my-ing ingress-nginx/ingress-nginx \\\n --namespace ingress \\\n --version 4.2.5 \\\n --values nginx-values.yaml \\\n --create-namespace\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevenes%2Fgk8s","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevenes%2Fgk8s","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevenes%2Fgk8s/lists"}