Kubespot (GCP)
May 6, 2026 · View on GitHub
Compliance Oriented Kubernetes Setup for Google Cloud.
Tools & Setup
brew install kubectl kubernetes-helm google-cloud-sdk terraform
Terraform usage
gcloud auth activate-service-account --key-file=./account.json
terraform init && terraform get -update && terraform apply
gcloud config set account foo@opszero.com # Set account name
gcloud container clusters get-credentials <clustername> --region us-central1
Providers
| Name | Version |
|---|---|
| n/a | |
| helm | n/a |
| http | n/a |
| null | n/a |
| random | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auto_repair | Enables or disables automatic repair of nodes in the cluster. | bool | true | no |
| auto_upgrade | Enables or disables automatic upgrades of nodes in the cluster. | bool | true | no |
| cluster_create_timeouts | Timeout for creating the cluster. | string | "30m" | no |
| cluster_delete_timeouts | Timeout for deleting the cluster. | string | "30m" | no |
| cluster_update_timeouts | Timeout for updating the cluster. | string | "30m" | no |
| cluster_version | The minimum version of the master | string | "1.27" | no |
| csi_secrets_store_enabled | Specify whether the CSI driver is enabled | bool | false | no |
| disk_size_gb | Size of the disk in gigabytes for each node in the cluster. | number | 10 | no |
| disk_type | Type of disk to use for the nodes in the cluster. | string | "" | no |
| environment_name | Name of the resource. Provided by the client when the resource is created. | string | "" | no |
| image_type | Type of image to use for the nodes in the cluster. | string | "" | no |
| initial_node_count | The number of nodes to create in this cluster's default node pool. | number | 0 | no |
| kms_enabled | Specify whether the redis cluster is enabled | bool | false | no |
| kubectl_config_path | Path to the kubectl config file. Defaults to $HOME/.kube/config | string | "" | no |
| location | The location (region or zone) in which the cluster master will be created, as well as the default node location. | string | "" | no |
| location_policy | Specifies the policy for distributing nodes across locations, with the default being BALANCED | string | "BALANCED" | no |
| machine_type | Specifies the machine type for the nodes in the cluster. | string | "" | no |
| max_node_count | Maximum number of nodes in the cluster. | number | 1 | no |
| min_master_version | The minimum version of the master. | string | "" | no |
| min_node_count | Minimum number of nodes in the cluster. | number | 1 | no |
| preemptible | Specifies whether the nodes in the cluster should be preemptible. | bool | false | no |
| project | The Google project that will host the cluster | string | n/a | yes |
| redis_enabled | Specify whether the redis cluster is enabled | bool | false | no |
| redis_ha_enabled | Specify whether HA is enabled for redis | bool | false | no |
| redis_memory_in_gb | Redis memory size in GiB | number | 1 | no |
| region | The location (region or zone) in which the cluster master will be created | string | "" | no |
| remove_default_node_pool | deletes the default node pool upon cluster creation. | bool | true | no |
| service_account | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot or NAP. | string | "" | no |
| sql_enabled | Specify whether the sql instance is enabled | bool | false | no |
| sql_engine | The sql version to use | string | "POSTGRES_15" | no |
| sql_instance_class | The machine type to use | string | "db-f1-micro" | no |
| sql_master_password | The password for the db user | string | "" | no |
| sql_master_username | The name of the db user | string | "" | no |
| tags | Terraform map to create custom tags for the Google resources | map | {} | no |
Resources
| Name | Type |
|---|---|
| google_compute_global_address.private_ip_address | resource |
| google_compute_network.network | resource |
| google_compute_router.nat_router | resource |
| google_compute_router_nat.nat_config | resource |
| google_compute_subnetwork.subnet | resource |
| google_container_cluster.primary | resource |
| google_container_node_pool.node_pool | resource |
| google_kms_crypto_key.key | resource |
| google_kms_key_ring.keyring | resource |
| google_redis_instance.cache | resource |
| google_service_networking_connection.private_vpc_connection | resource |
| google_sql_database_instance.default | resource |
| google_sql_user.user | resource |
| helm_release.csi_secrets_store | resource |
| null_resource.configure_kubectl | resource |
| null_resource.csi_secrets_store_aws_provider | resource |
| null_resource.sql_vpc_lock | resource |
| random_id.server | resource |
| google_client_config.default | data source |
| http_http.csi_secrets_store_gcp_provider | data source |
Outputs
| Name | Description |
|---|---|
| private_vpc_network | n/a |
| sql_database | n/a |
🚀 Built by opsZero!
opsZero provides software and consulting for DevOps. With our decade plus of experience scaling some of the world’s most innovative companies we have developed deep expertise in Kubernetes, DevOps, FinOps, and Compliance.
Our software and consulting solutions enable organizations to:
- migrate workloads to the Cloud
- setup compliance frameworks including SOC2, HIPAA, PCI-DSS, ITAR, FedRamp, CMMC, and more.
- FinOps solutions to reduce the cost of running Cloud workloads
- Kubernetes optimized for web scale and AI workloads
- finding underutilized Cloud resources
- setting up custom AI training and delivery
- building data integrations and scrapers
- modernizing onto modern ARM based processors
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
