Google Kubernetes (Container) Engine Cluster

This page shows how to write Terraform for Kubernetes (Container) Engine Cluster and write them securely.

google_container_cluster (Terraform)

The Cluster in Kubernetes (Container) Engine can be configured in Terraform with the resource name google_container_cluster. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.


  • cluster_ipv4_cidr optionalcomputed - string
    • The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. Leave blank to have one automatically chosen or specify a /14 block in This field will only work for routes-based clusters, where ip_allocation_policy is not defined.

  • datapath_provider optionalcomputed - string
    • The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.

  • default_max_pods_per_node optionalcomputed - number
    • The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled.

  • description optional - string
    • Description of the cluster.

  • enable_autopilot optional - bool
    • Enable Autopilot for this cluster.

  • enable_binary_authorization optional - bool
    • Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.

  • enable_intranode_visibility optionalcomputed - bool
    • Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

  • enable_kubernetes_alpha optional - bool
    • Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.

  • enable_legacy_abac optional - bool
    • Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.

  • enable_shielded_nodes optionalcomputed - bool
    • Enable Shielded Nodes features on all nodes in this cluster.

  • enable_tpu optional - bool
    • Whether to enable Cloud TPU resources in this cluster.

  • endpoint requiredcomputed - string
    • The IP address of this cluster's Kubernetes master.

  • id optionalcomputed - string
  • initial_node_count optional - number
    • The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.

  • instance_group_urls requiredcomputed - list / string
    • List of instance group URLs which have been assigned to the cluster.

  • label_fingerprint requiredcomputed - string
    • The fingerprint of the set of labels for this cluster.

  • location optionalcomputed - string
    • The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.

  • logging_service optionalcomputed - string
    • The logging service that the cluster should write logs to. Available options include Stackdriver), Kubernetes Engine Logging), and none. Defaults to

  • master_version requiredcomputed - string
    • The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.

  • min_master_version optional - string
    • The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).

  • monitoring_service optionalcomputed - string
    • The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include Stackdriver), Kubernetes Engine Monitoring), and none. Defaults to

  • name required - string
    • The name of the cluster, unique within the project and location.

  • network optional - string
    • The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.

  • networking_mode optionalcomputed - string
    • Determines whether alias IPs or routes will be used for pod IPs in the cluster.

  • node_locations optionalcomputed - set / string
    • The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.

  • node_version optionalcomputed - string
    • The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.

  • operation requiredcomputed - string
  • private_ipv6_google_access optionalcomputed - string
    • The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).

  • project optionalcomputed - string
    • The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • remove_default_node_pool optional - bool
    • If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.

  • resource_labels optional - map / string
    • The GCE resource labels (a map of key/value pairs) to be applied to the cluster.

  • self_link requiredcomputed - string
    • Server-defined URL for the resource.

  • services_ipv4_cidr requiredcomputed - string
    • The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. Service addresses are typically put in the last /16 from the container CIDR.

  • subnetwork optionalcomputed - string
    • The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.

  • tpu_ipv4_cidr_block requiredcomputed - string
    • The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g.

Explanation in Terraform Registry

-> Visit the Provision a GKE Cluster (Google Cloud) Learn tutorial to learn how to provision and interact with a GKE cluster. -> See the Using GKE with Terraform guide for more information about using GKE with Terraform. Manages a Google Kubernetes Engine (GKE) cluster. For more information see the official documentation and the API reference.

Note: All arguments and attributes, including basic auth username and passwords as well as certificate outputs will be stored in the raw state as plaintext. Read more about sensitive data in state.

Frequently asked questions

What is Google Kubernetes (Container) Engine Cluster?

Google Kubernetes (Container) Engine Cluster is a resource for Kubernetes (Container) Engine of Google Cloud Platform. Settings can be wrote in Terraform.


Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.