Skip to content

GCP GKE Cluster

udx-github edited this page Jul 3, 2026 · 3 revisions

Creates a GKE cluster with configurable networking, maintenance windows, and security settings.

Use this module when the Rabbit platform needs a new GKE cluster or when cluster-level settings must be managed through IaC.

Supported Features

  • GKE cluster creation with configurable region and node locations.
  • Release channel selection.
  • Gateway API configuration.
  • Private cluster nodes.
  • Shielded nodes.
  • Workload vulnerability scanning.
  • Maintenance window scheduling with recurrence rules.
  • Pub/Sub upgrade notifications.
  • Network policy configuration.
  • Horizontal pod autoscaling.
  • Deletion protection.

Prerequisites

  • GCP credentials with permission to manage GKE clusters.
  • A VPC network and subnetwork provisioned by the gcp-networking module.
  • A Pub/Sub topic when upgrade notifications are enabled.

Important Notes

  • deletion_protection prevents accidental cluster deletion. Set to false only for teardown.
  • remove_default_node_pool is true by default. Node pools are managed separately by gcp-gke-nodepool.
  • The gateway_api_config.channel setting controls Gateway API support on the cluster.
  • Timeouts default to 30m for create, update, and delete operations.

Minimal Example

services:
  - name: "GKE Cluster"
    module: "gcp-gke-cluster"
    id: "gke-cluster"
    deployment_order: 30
    configurations:
      cluster_name: "my-cluster"
      cluster_region: "us-central1"
      cluster_network: "my-network"
      cluster_subnetwork: "my-subnetwork"
      node_locations: ["us-central1-a"]

Outputs

Output Description
cluster_name The name of the GKE cluster.
cluster_region The region where the GKE cluster is located.
cluster_endpoint The endpoint of the GKE cluster.
cluster_network The network of the GKE cluster.
cluster_subnetwork The subnetwork of the GKE cluster.

Full Configuration Schema

The fields below are public module inputs under configurations.

configurations:
  cluster_name: "rabbit-v3-0"
  cluster_region: "us-central1"
  cluster_network: "example-network"
  cluster_subnetwork: "example-subnetwork"
  node_locations: ["us-central1-a"]
  deletion_protection: true
  tpu_enabled: false
  network_policy_config: true
  network_policy_provider: "PROVIDER_UNSPECIFIED"
  http_load_balancing: false
  horizontal_pod_autoscaling: true
  enable_legacy_abac: false
  daily_maintenance_window_start_time: "2025-11-01T06:00:00Z"
  daily_maintenance_window_end_time: "2025-11-01T14:00:00Z"
  daily_maintenance_window_recurrence: "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR"
  release_channel: "REGULAR"
  notification_pubsub_topic_id: ""
  notification_pubsub_enabled: true
  workload_vulnerability_mode: "BASIC"
  enable_shielded_nodes: true
  remove_default_node_pool: true
  issue_client_certificate: true
  gateway_api_config:
    channel: "CHANNEL_STANDARD"
  enable_private_nodes: true
  timeouts:
    create: "30m"
    update: "30m"
    delete: "30m"
Field Type Required Description
cluster_name string Yes GKE cluster name.
cluster_region string Yes GCP region for the cluster.
cluster_network string Yes VPC network name.
cluster_subnetwork string Yes VPC subnetwork name.
node_locations array[string] No Zones for cluster nodes. Defaults to ["us-central1-a"].
deletion_protection boolean No Prevents accidental cluster deletion. Defaults to true.
tpu_enabled boolean No Enables TPU support. Defaults to false.
network_policy_config boolean No Enables network policy enforcement. Defaults to true.
network_policy_provider string No Network policy provider. Defaults to PROVIDER_UNSPECIFIED.
http_load_balancing boolean No Enables HTTP load balancing addon. Defaults to false.
horizontal_pod_autoscaling boolean No Enables horizontal pod autoscaling addon. Defaults to true.
enable_legacy_abac boolean No Enables legacy ABAC authorization. Defaults to false.
daily_maintenance_window_start_time string No Maintenance window start time in RFC 3339 format.
daily_maintenance_window_end_time string No Maintenance window end time in RFC 3339 format.
daily_maintenance_window_recurrence string No Maintenance window recurrence rule in RFC 5545 format.
release_channel string No GKE release channel: RAPID, REGULAR, or STABLE. Defaults to REGULAR.
notification_pubsub_topic_id string No Pub/Sub topic for upgrade notifications.
notification_pubsub_enabled boolean No Enables Pub/Sub upgrade notifications. Defaults to true.
workload_vulnerability_mode string No Workload vulnerability scanning mode. Defaults to BASIC.
enable_shielded_nodes boolean No Enables shielded nodes. Defaults to true.
remove_default_node_pool boolean No Removes the default node pool after creation. Defaults to true.
issue_client_certificate boolean No Issues a client certificate for cluster authentication. Defaults to true.
gateway_api_config object No Gateway API configuration.
gateway_api_config.channel string No Gateway API channel. Defaults to CHANNEL_STANDARD.
enable_private_nodes boolean No Enables private cluster nodes. Defaults to true.
timeouts object No Terraform operation timeouts.
timeouts.create string No Create timeout. Defaults to 30m.
timeouts.update string No Update timeout. Defaults to 30m.
timeouts.delete string No Delete timeout. Defaults to 30m.

Clone this wiki locally