diff --git a/google_gke/README.md b/google_gke/README.md
index a8f3952c..012c10a7 100644
--- a/google_gke/README.md
+++ b/google_gke/README.md
@@ -163,6 +163,7 @@ module "gke" {
| [enable\_high\_throughput\_logging](#input\_enable\_high\_throughput\_logging) | Whether to enable high throughput logging for all node pools. | `bool` | `false` | no |
| [enable\_k8s\_api\_proxy\_ip](#input\_enable\_k8s\_api\_proxy\_ip) | Whether we reserve an internal private ip for the k8s\_api\_proxy. Defaults to false. | `bool` | `false` | no |
| [enable\_network\_egress\_export](#input\_enable\_network\_egress\_export) | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. Doesn't work with Shared VPC (https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-usage-metering). Defaults to false. | `bool` | `false` | no |
+| [enable\_node\_auto\_provisioning](#input\_enable\_node\_auto\_provisioning) | Enable GKE Node Auto-Provisioning (NAP) | `bool` | `false` | no |
| [enable\_private\_cluster](#input\_enable\_private\_cluster) | Determines whether the cluster is private or public. Defaults to private | `bool` | `true` | no |
| [enable\_public\_cidrs\_access](#input\_enable\_public\_cidrs\_access) | Whether the control plane is open to Google public IPs. Defaults to false. | `bool` | `false` | no |
| [enable\_resource\_consumption\_export](#input\_enable\_resource\_consumption\_export) | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true. | `bool` | `true` | no |
@@ -181,6 +182,11 @@ module "gke" {
| [monitoring\_config\_enable\_components](#input\_monitoring\_config\_enable\_components) | Monitoring configuration for the cluster | `list(string)` | [
"SYSTEM_COMPONENTS",
"SCHEDULER",
"CONTROLLER_MANAGER",
"STORAGE",
"HPA",
"POD",
"DAEMONSET",
"DEPLOYMENT",
"STATEFULSET"
]
| no |
| [monitoring\_enable\_managed\_prometheus](#input\_monitoring\_enable\_managed\_prometheus) | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| [name](#input\_name) | Name of the cluster or application (required). | `string` | n/a | yes |
+| [nap\_allowed\_machine\_types](#input\_nap\_allowed\_machine\_types) | Optional list of allowed machine types for NAP | `list(string)` | `[]` | no |
+| [nap\_max\_cpu](#input\_nap\_max\_cpu) | Maximum vCPU for NAP-created node pools | `number` | `8` | no |
+| [nap\_max\_memory](#input\_nap\_max\_memory) | Maximum memory (e.g. 16Gi) for NAP-created node pools | `string` | `"16Gi"` | no |
+| [nap\_min\_cpu](#input\_nap\_min\_cpu) | Minimum vCPU for NAP-created node pools | `number` | `0.5` | no |
+| [nap\_min\_memory](#input\_nap\_min\_memory) | Minimum memory (e.g. 2Gi) for NAP-created node pools | `string` | `"2Gi"` | no |
| [network](#input\_network) | Shared VPC Network (formulated as a URL) wherein the cluster will be created. Overidden by shared\_vpc\_outputs. | `string` | `null` | no |
| [node\_pool\_sa\_roles](#input\_node\_pool\_sa\_roles) | n/a | `list` | [
"roles/logging.logWriter",
"roles/monitoring.metricWriter",
"roles/monitoring.viewer",
"roles/stackdriver.resourceMetadata.writer"
]
| no |
| [node\_pools](#input\_node\_pools) | Map containing node pools, with each node pool's name (or name\_prefix if `use_name_prefix` is true) being the key and the values being that node pool's configurations. Configurable options per node pool include: `disk_size_gb` (string), `disk_type` (string), `machine_type` (string), `max_count` (number), `max_surge` (number), `max_unavailable` (number), `min_count` (number), `use_name_prefix` (bool). See locals.tf for defaults. | `list(map(string))` | [
{
"name": "tf-default-node-pool"
}
]
| no |
diff --git a/google_gke/cluster.tf b/google_gke/cluster.tf
index 2ab9057f..b295d020 100644
--- a/google_gke/cluster.tf
+++ b/google_gke/cluster.tf
@@ -21,6 +21,35 @@ resource "google_container_cluster" "primary" {
cluster_autoscaling {
autoscaling_profile = var.autoscaling_profile
+
+ dynamic "auto_provisioning_defaults" {
+ for_each = var.enable_node_auto_provisioning ? [1] : []
+ content {
+ service_account = google_service_account.cluster_service_account.email
+ oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
+ }
+ }
+
+ dynamic "resource_limits" {
+ for_each = var.enable_node_auto_provisioning ? [
+ {
+ resource_type = "cpu"
+ min = var.nap_min_cpu
+ max = var.nap_max_cpu
+ },
+ {
+ resource_type = "memory"
+ min = var.nap_min_memory
+ max = var.nap_max_memory
+ }
+ ] : []
+
+ content {
+ resource_type = resource_limits.value.resource_type
+ minimum = resource_limits.value.min
+ maximum = resource_limits.value.max
+ }
+ }
}
release_channel {
diff --git a/google_gke/variables.tf b/google_gke/variables.tf
index 9c2e1632..b0962e5f 100644
--- a/google_gke/variables.tf
+++ b/google_gke/variables.tf
@@ -430,3 +430,39 @@ variable "autoscaling_profile" {
type = string
default = "BALANCED"
}
+
+variable "enable_node_auto_provisioning" {
+ description = "Enable GKE Node Auto-Provisioning (NAP)"
+ type = bool
+ default = false
+}
+
+variable "nap_min_cpu" {
+ description = "Minimum vCPU for NAP-created node pools"
+ type = number
+ default = 0.5
+}
+
+variable "nap_max_cpu" {
+ description = "Maximum vCPU for NAP-created node pools"
+ type = number
+ default = 8
+}
+
+variable "nap_min_memory" {
+ description = "Minimum memory (e.g. 2Gi) for NAP-created node pools"
+ type = string
+ default = "2Gi"
+}
+
+variable "nap_max_memory" {
+ description = "Maximum memory (e.g. 16Gi) for NAP-created node pools"
+ type = string
+ default = "16Gi"
+}
+
+variable "nap_allowed_machine_types" {
+ description = "Optional list of allowed machine types for NAP"
+ type = list(string)
+ default = []
+}
\ No newline at end of file