-
Notifications
You must be signed in to change notification settings - Fork 0
GCP GKE Cluster
Andy Potanin edited this page Jun 21, 2026
·
3 revisions
Creates a GKE cluster with configurable networking, maintenance windows, and security settings.
Use this module when the Rabbit platform needs a new GKE cluster or when cluster-level settings must be managed through IaC.
- GKE cluster creation with configurable region and node locations.
- Release channel selection.
- Gateway API configuration.
- Private cluster nodes.
- Shielded nodes.
- Workload vulnerability scanning.
- Maintenance window scheduling with recurrence rules.
- Pub/Sub upgrade notifications.
- Network policy configuration.
- Horizontal pod autoscaling.
- Deletion protection.
- GCP credentials with permission to manage GKE clusters.
- A VPC network and subnetwork provisioned by the
gcp-networkingmodule. - A Pub/Sub topic when upgrade notifications are enabled.
-
deletion_protectionprevents accidental cluster deletion. Set tofalseonly for teardown. -
remove_default_node_poolistrueby default. Node pools are managed separately bygcp-gke-nodepool. - The
gateway_api_config.channelsetting controls Gateway API support on the cluster. - Timeouts default to
30mfor create, update, and delete operations.
services:
- name: "GKE Cluster"
module: "gcp-gke-cluster"
id: "gke-cluster"
deployment_order: 30
configurations:
cluster_name: "my-cluster"
cluster_region: "us-central1"
cluster_network: "my-network"
cluster_subnetwork: "my-subnetwork"
node_locations: ["us-central1-a"]| Output | Description |
|---|---|
cluster_name |
The name of the GKE cluster. |
cluster_region |
The region where the GKE cluster is located. |
cluster_endpoint |
The endpoint of the GKE cluster. |
cluster_network |
The network of the GKE cluster. |
cluster_subnetwork |
The subnetwork of the GKE cluster. |
The fields below are public module inputs under configurations.
configurations:
cluster_name: "rabbit-v3-0"
cluster_region: "us-central1"
cluster_network: "example-network"
cluster_subnetwork: "example-subnetwork"
node_locations: ["us-central1-a"]
deletion_protection: true
tpu_enabled: false
network_policy_config: true
network_policy_provider: "PROVIDER_UNSPECIFIED"
http_load_balancing: false
horizontal_pod_autoscaling: true
enable_legacy_abac: false
daily_maintenance_window_start_time: "2025-11-01T06:00:00Z"
daily_maintenance_window_end_time: "2025-11-01T14:00:00Z"
daily_maintenance_window_recurrence: "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
release_channel: "REGULAR"
notification_pubsub_topic_id: ""
notification_pubsub_enabled: true
workload_vulnerability_mode: "BASIC"
enable_shielded_nodes: true
remove_default_node_pool: true
issue_client_certificate: true
gateway_api_config:
channel: "CHANNEL_STANDARD"
enable_private_nodes: true
timeouts:
create: "30m"
update: "30m"
delete: "30m"| Field | Type | Required | Description |
|---|---|---|---|
cluster_name |
string | Yes | GKE cluster name. |
cluster_region |
string | Yes | GCP region for the cluster. |
cluster_network |
string | Yes | VPC network name. |
cluster_subnetwork |
string | Yes | VPC subnetwork name. |
node_locations |
array[string] | No | Zones for cluster nodes. Defaults to ["us-central1-a"]. |
deletion_protection |
boolean | No | Prevents accidental cluster deletion. Defaults to true. |
tpu_enabled |
boolean | No | Enables TPU support. Defaults to false. |
network_policy_config |
boolean | No | Enables network policy enforcement. Defaults to true. |
network_policy_provider |
string | No | Network policy provider. Defaults to PROVIDER_UNSPECIFIED. |
http_load_balancing |
boolean | No | Enables HTTP load balancing addon. Defaults to false. |
horizontal_pod_autoscaling |
boolean | No | Enables horizontal pod autoscaling addon. Defaults to true. |
enable_legacy_abac |
boolean | No | Enables legacy ABAC authorization. Defaults to false. |
daily_maintenance_window_start_time |
string | No | Maintenance window start time in RFC 3339 format. |
daily_maintenance_window_end_time |
string | No | Maintenance window end time in RFC 3339 format. |
daily_maintenance_window_recurrence |
string | No | Maintenance window recurrence rule in RFC 5545 format. |
release_channel |
string | No | GKE release channel: RAPID, REGULAR, or STABLE. Defaults to REGULAR. |
notification_pubsub_topic_id |
string | No | Pub/Sub topic for upgrade notifications. |
notification_pubsub_enabled |
boolean | No | Enables Pub/Sub upgrade notifications. Defaults to true. |
workload_vulnerability_mode |
string | No | Workload vulnerability scanning mode. Defaults to BASIC. |
enable_shielded_nodes |
boolean | No | Enables shielded nodes. Defaults to true. |
remove_default_node_pool |
boolean | No | Removes the default node pool after creation. Defaults to true. |
issue_client_certificate |
boolean | No | Issues a client certificate for cluster authentication. Defaults to true. |
gateway_api_config |
object | No | Gateway API configuration. |
gateway_api_config.channel |
string | No | Gateway API channel. Defaults to CHANNEL_STANDARD. |
enable_private_nodes |
boolean | No | Enables private cluster nodes. Defaults to true. |
timeouts |
object | No | Terraform operation timeouts. |
timeouts.create |
string | No | Create timeout. Defaults to 30m. |
timeouts.update |
string | No | Update timeout. Defaults to 30m. |
timeouts.delete |
string | No | Delete timeout. Defaults to 30m. |
- AWS ACM Certificate
- AWS CloudFormation Stack
- AWS CloudFront Distribution
- AWS CloudFront Response Headers Policy
- AWS Route53 DNS
- AWS WAF
- GCP GKE Cluster
- GCP GKE Node Pool
- GCP IAM
- GCP Monitoring
- GCP Networking
- GCP PostgreSQL Instance
- GCP Secret Manager
- GCP SQL Instance
- GCP Static IP
- GCP Storage
- Ghost Inspector Sync
- K8s Access
- K8s ConfigMap
- K8s Deployment
- K8s HPA
- K8s HTTP Gateway Route
- K8s HTTP Health Check Policy
- K8s Memcached
- K8s Namespace
- K8s PDB
- K8s Secret
- K8s Service
- K8s Shared HTTP Gateway
- NewRelic APM Browser
- NewRelic Synthetic Monitors