
Set up a GKE cluster connected as part of shared VPC

A lightweight GKE cluster module.

module "cluster" {
  source                         = "JamesWoolfenden/cluster/gcp"
  ip_allocation_policy           = var.ip_allocation_policy
  location                       = var.location
  master_authorized_network_cidr = module.ip.cidr
  name                           = var.name
  network                        = var.network
  network_project                = var.network_project
  node_pool                      = var.node_pool
  private_cluster_config         = var.private_cluster_config
  region                         = var.region
  subnetwork                     = var.subnetwork
  network_policy_config_disabled = var.network_policy_config_disabled


gcloud components install gke-gcloud-auth-plugin
gcloud container clusters get-credentials $CLUSTER_NAME --zone $ZONE --project $PROJECT_ID

e.g. gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project pike-gcp

$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)

Install Istio $ brew install istioctl $ istioctl install


Monthly cost estimate

Project: JamesWoolfenden/terraform-gcp-cluster/example/examplea

 Name                                                      Monthly Qty  Unit   Monthly Cost

 └─ Cluster management fee                                         730  hours        $73.00

 ├─ Instance usage (Linux/UNIX, on-demand, n1-standard-2)          730  hours        $48.54
 └─ Standard provisioned storage (pd-standard)                      10  GiB           $0.40

 OVERALL TOTAL                                                                      $121.94


No requirements.


Name Version
google n/a
google-beta n/a


No modules.


Name Type
google-beta_google_container_cluster.cluster resource
google_container_node_pool.nodepool resource
google_service_account.default resource


Name Description Type Default Required
auto_upgrade n/a bool true no
http_load_balancing_disabled Disable Http Load balancing bool false no
ip_allocation_policy Values to fill the cluster ip_allocation_policy block map(any) n/a yes
key_name Changing key name as keys and key rings are undeletable string n/a yes
kubernetes_dashboard_disabled Switch on the Dashboard bool false no
location n/a string n/a yes
maintenance_window n/a string "00:30" no
master_authorized_network_cidr The range of IPs that can connect to the Kubernetes master string n/a yes
name The Name of the cluster string n/a yes
network The VPC any n/a yes
network_policy To enable the network policy bool true no
network_policy_config_disabled Toggle network policy bool false no
node_pool Configuration of the Node hosts map(any)
"auto_repair": "true",
"auto_upgrade": "true",
"autoscaling_max": "10",
"autoscaling_min": "1",
"disk_size_gb": "10",
"disk_type": "pd-standard",
"machine_type": "n1-standard-2",
"max_pods_per_node": "32",
"name": "default-pool",
"node_count": "1"
pod_security_policy_config_enabled n/a bool true no
private_cluster_config Values to fill the cluster private_cluster_config block map(any) n/a yes
project The GCP project of the Network the cluster is in any n/a yes
region The GCP region string n/a yes
release_channel Set the release channel UNSPECIFIED|RAPID|REGULAR|STABLE string "STABLE" no
resource_labels n/a map(any)
"createdby": "terraform",
"module": "terraform-gcp-cluster"
subnetwork The name of the sub-net to use any n/a yes
zones n/a any n/a yes


Name Description
service_account n/a

Role and Permissions

The Terraform resource required is:

resource "google_project_iam_custom_role" "terraform_pike" {
  project     = "pike"
  role_id     = "terraform_pike"
  title       = "terraform_pike"
  description = "A user with least privileges"
  permissions = [

