Provision GKE resources with Terraform

HashiCorp Terraform is an infrastructure-as-code (IaC) tool that lets you provision and manage cloud infrastructure. Terraform provides plugins called providers that let you interact with cloud providers and other APIs. You can use the Terraform provider for Google Cloud to provision and manage Google Cloud resources, including GKE.

How Terraform works

Terraform has a declarative and configuration-oriented syntax, which you can use to describe the infrastructure that you want to provision in your Google Cloud project. After you author this configuration in one or more Terraform configuration files, you can use the Terraform CLI to apply this configuration to your GKE resources.

The following steps explain how Terraform works:

  1. You describe the infrastructure you want to provision in a Terraform configuration file. You don't need to write code describing how to provision the infrastructure. Terraform provisions the infrastructure for you.
  2. You run the terraform plan command, which evaluates your configuration and generates an execution plan. You can review the plan and make changes as needed.
  3. You run the terraform apply command, which performs the following actions:

    1. It provisions your infrastructure based on your execution plan by invoking the corresponding GKE APIs in the background.
    2. It creates a Terraform state file, which is a JSON file that maps the resources in your configuration file to the resources in the real-world infrastructure. Terraform uses this file to keep a record of the most recent state of your infrastructure, and to determine when to create, update, and destroy resources.
    3. When you run terraform apply, Terraform uses the mapping in the state file to compare the existing infrastructure to the code, and make updates as necessary:

      • If a resource object is defined in the configuration file, but doesn't exist in the state file, Terraform creates it.
      • If a resource object exists in the state file, but has a different configuration from your configuration file, Terraform updates the resource to match your configuration file.
      • If a resource object in the state file matches your configuration file, Terraform leaves the resource unchanged.

Terraform-based guides for GKE

The following table lists all Terraform-based how-to guides and tutorials for GKE:

Guide Details
Create a GKE cluster and deploy a workload using Terraform Explains how to create a Google Kubernetes Engine (GKE) Autopilot cluster and deploy a workload using Terraform.
Provision Cloud Service Mesh on a GKE Autopilot cluster Describes how to set up managed Cloud Service Mesh on a GKE Autopilot cluster.
Create and manage cluster and node pool labels Explains how to create a cluster with labels.
Manage GKE resources using Tags Explains how to use Tags to manage your GKE clusters.
Create an Autopilot cluster Explains how to create a GKE cluster in Autopilot.
Run GPUs in GKE Standard node pools Explains how to run and optimize your compute-intensive workloads, such as artificial intelligence (AI) and graphics processing, by attaching and using NVIDIA® graphics processing unit (GPU) hardware accelerators in your GKE Standard clusters' nodes.
Use secondary boot disks to preload data or container images Explains how to improve workload startup latency by using secondary boot disks.
Create a VPC-native cluster Explains how to configure VPC-native clusters in GKE.
Deploy TPU workloads in GKEStandard Explains how to request and deploy large-scale artificial intelligence (AI) and machine learning (ML) model training, tuning, and inference workloads using Cloud TPU accelerators (TPUs) in GKE Standard clusters.
Create an internal load balancer Explains how to create an internal passthrough Network Load Balancer or internal load balancer on GKE.
Add and manage node pools Explains how to add and perform operations on node pools running your GKE Standard clusters.
Create clusters and node pools with Arm nodes Explains how to create a GKE Standard cluster or node pool with Arm nodes, so that you can run Arm workloads on GKE.
Consuming reserved zonal resources Explains how to consume reserved Compute Engine resources in GKE.
Deploy a highly-available PostgreSQL database on GKE Describes deploying a highly-available PostgreSQL topology on GKE. PostgreSQL is an open source object-relational database known for reliability and data integrity.
Specify a node image Explains how to specify a node image for nodes in GKE Standard clusters.
Creating a cluster using Windows Server node pools Explains how to create a GKE cluster with node pools running Microsoft Windows Server.
Running multi-instance GPUs Explains how to increase utilization and reduce costs by running multi-instance GPUs.
Sequence the rollout of cluster upgrades Explains how to manage GKE cluster upgrades using rollout sequencing.
Creating a zonal cluster Explains shows you how to create a Standard zonal cluster with the default features enabled in GKE.
Configure networking for a basic production cluster Describes how to deploy a web application to a GKE cluster and exposing it with an HTTPS load balancer.
Collect and view control plane metrics Describes how to configure a GKE cluster to send metrics emitted by the Kubernetes API server, Scheduler, and Controller Manager to Cloud Monitoring using Google Cloud Managed Service for Prometheus.
Collect and view cAdvisor/Kubelet metrics Describes how to configure a Google Kubernetes Engine (GKE) cluster to send a curated set of cAdvisor/Kubelet metrics to Cloud Monitoring using Google Cloud Managed Service for Prometheus.
Adjust log throughput Describes default log throughput and how to increase throughput.
Enable Backup for GKE for a cluster Describes how to enable Backup for GKE for a cluster.
Modify resources during restoration Describes how to make modifications to Kubernetes resources during the restoration process using transformation rules.
Enable permissive mode on a backup plan Explains how to enable permissive mode on a backup plan.
Enable Backup for GKE API Describes how to enable Backup for GKE.
Plan a set of backups Describes how to create a Backup for GKE backup plan, which is used for backing up your workloads in GKE.

Terraform modules and blueprints for GKE

Modules and blueprints help you automate provisioning and managing of Google Cloud resources at scale. A module is a reusable set of Terraform configuration files that creates a logical abstraction of Terraform resources. A blueprint is a package of deployable and reusable modules, and a policy that implements and documents a specific solution.

The following table lists all modules and blueprints related to GKE:

Module or blueprint Details
terraform-google-container-vm Configures opinionated GKE clusters.
terraform-google-gke-gitlab Installs GitLab on GKE.

Terraform resources for GKE

Resources are the fundamental elements in the Terraform language. Each resource block describes one or more infrastructure objects, such as virtual networks or compute instances.

The following table lists the Terraform resources available for GKE:

GKE product or service Terraform resource
Google Kubernetes Engine (GKE) Standard edition google_container_cluster
google_container_node_pool
Google Kubernetes Engine (GKE) Enterprise edition google_gke_hub_feature
google_gke_hub_feature_iam
google_gke_hub_feature_membership
google_gke_hub_fleet
google_gke_hub_membership
google_gke_hub_membership_binding
google_gke_hub_membership_iam
google_gke_hub_membership_rbac_role_binding
google_gke_hub_namespace
google_gke_hub_namespace
google_gke_hub_scope
google_gke_hub_scope_iam
google_gke_hub_scope_rbac_role_binding
Backup for GKE google_gke_backup_backup_plan
google_gke_backup_backup_plan_iam
google_gke_backup_restore_plan
google_gke_backup_restore_plan_iam

What's next