{"id":13449016,"url":"https://github.com/jetstack/terraform-google-gke-cluster","last_synced_at":"2025-09-30T04:31:59.467Z","repository":{"id":39097639,"uuid":"183017658","full_name":"jetstack/terraform-google-gke-cluster","owner":"jetstack","description":"A Terraform module to create a best-practise Google Kubernetes Engine (GKE) cluster.","archived":true,"fork":false,"pushed_at":"2022-02-10T17:11:24.000Z","size":175,"stargazers_count":161,"open_issues_count":0,"forks_count":88,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-01-19T21:37:42.679Z","etag":null,"topics":["gke","google","kubernetes","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jetstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-23T13:09:30.000Z","updated_at":"2024-08-31T21:56:00.000Z","dependencies_parsed_at":"2022-08-09T10:16:42.451Z","dependency_job_id":null,"html_url":"https://github.com/jetstack/terraform-google-gke-cluster","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/jetstack/terraform-google-gke-cluster","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fterraform-google-gke-cluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fterraform-google-gke-cluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fterraform-google-gke-cluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fterraform-google-gke-cluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jetstack","download_url":"https://codeload.github.com/jetstack/terraform-google-gke-cluster/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jetstack%2Fterraform-google-gke-cluster/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277632340,"owners_count":25850732,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-30T02:00:09.208Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gke","google","kubernetes","terraform","terraform-module"],"created_at":"2024-07-31T06:00:28.644Z","updated_at":"2025-09-30T04:31:59.202Z","avatar_url":"https://github.com/jetstack.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"# Terraform Google GKE Cluster\n\nA Terraform module to create a best-practice Google Kubernetes Engine (GKE) cluster.\n\nThis module is available on [Terraform registry](https://registry.terraform.io/modules/jetstack/gke-cluster/google/).\n\nThe module is designed to be used by Jetstack customers to make it easier for them to create clusters that are secure and follow Jetstack recommendations.\nIt gives them flexibility with certain properties so the cluster can be customised to their needs, but gives fixed values for properties that could lead to issues or insecurity.\n\n## Deprecation\n\n:warning:\n**The `0.3` release of this module is planned to be the final release.**\n:warning:\n\nAfter this the module will be deprecated in favour of [Google's GKE module](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine).\nJetstack will be producing an example project using Google's module as well as migration guidance.\n\n## Requirements\n\nThe module requires an existing Google Cloud project, with VPC network and subnetwork for the cluster to use.\nThe subnetwork must be in the same region as the cluster and have pod and service ranges specified.\n\n## Customisable Properties\n\nThe module allows the cluster to be extensively customised using input variables.\nThese can be found with documentation in [`variables.tf`](variables.tf).\n\nThe customisable properties include:\n- Release channel or minimum master version\n- Private nodes\n- Master private endpoint\n- Master authorised network CIDR blocks\n- Master CIDR block\n- Node service account container registry access\n- Google security group for RBAC\n- Workload identity namespace\n- Enable Stackdriver logging and monitoring\n- Enable Google Cloud HTTP load balancing\n- Enable pod security policy controller\n- Daily maintenance window start time\n- Node pools\n  - Name\n  - Inital node count\n  - Minimum and maximum number of nodes for autoscaling\n  - Enable automatic repair and upgrade\n  - Machine type\n  - Disk size and type\n  - Use preemptible nodes\n  - Kubernetes version\n\n## Fixed Arguments\n\nSome of the properties of the cluster are fixed based on Jetstack's recommended best-practice settings:\n- Enabling network policy for nodes and master using Calico.\n- Disabling basic authentication and client certificate issuing.\n- Disabling Kubernetes dashboard (Google Cloud Console should be used instead).\n- Use of VPC native networking (using a specified network and subnetwork).\n- Removing the default node pool and creating one or more new pools with Terraform for easier management.\n- Setting the OAuth scope of nodes to `cloud-platform` to manage permissions with IAM.\n- Disabling node legacy endpoints.\n- Creating an IAM service account for nodes with the minimum required roles:\n  - Logging log writer\n  - Monitoring metric writer\n  - Monitoring viewer\n\n## Usage\n\nThe module itself is located in the root of this repo, and is designed to be used as part of a larger Terraform project.\nIt can be used directly from the Terraform Registry like so:\n\n```\nmodule \"gke-cluster\" {\n  source  = \"jetstack/gke-cluster/google\"\n  version = \"0.3.0\"\n\n  # insert the 9 required variables here\n}\n```\n\n## Example\n\nThere is an [example project](https://github.com/jetstack/terraform-google-gke-cluster/tree/master/example) in the `example/` directory which can be used to test and demonstrate the module. It could also be used as the basis for your own Terraform project.\n\n## Limitations\n\nIf private nodes are used then **nodes will not have direct access to the internet**.\nThis means they cannot pull images hosted outside of the container registry in the same project as the cluster.\nThe example project features a [Cloud NAT](https://cloud.google.com/nat/docs/overview) to give the nodes to access the internet.\n\n## License\n\nThis project is licensed under the [Apache 2.0 License](https://choosealicense.com/licenses/apache-2.0/).\nFor full details see the `LICENSE` file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjetstack%2Fterraform-google-gke-cluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjetstack%2Fterraform-google-gke-cluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjetstack%2Fterraform-google-gke-cluster/lists"}