Deploy Kubernetes Load Balancer Service with Terraform on GCP

By Mesue Collins Asibong • Cloud Engineering Kubernetes and Terraform Architecture

Managing cloud infrastructure manually is a recipe for inconsistency and human error. In this technical deep dive, we explore how to use Terraform (Infrastructure as Code) to provision a production-grade Google Kubernetes Engine (GKE) cluster and expose it to the internet using a Layer 4 Load Balancer.

Terraform Infrastructure Workflow

graph LR TF[Terraform Config] -->|Plan/Apply| GCPAPI[GCP Compute API] GCPAPI -->|Provision| GKE[GKE Cluster] GKE -->|Deploy| Service[K8s Service Type: LB] Service -->|Auto-Create| GCLB[Google Cloud Load Balancer] GCLB -->|Routes| Pods[Application Pods] classDef default fill:#1e293b,stroke:#334155,color:#fff classDef highlight fill:#4285F4,stroke:#fff,color:#fff class TF,GKE,GCLB highlight

Step 1: Defining the Provider and GKE Cluster

The core of our IaC approach is the google_container_cluster resource. We specify our project, region, and initial node count. By using Terraform, we ensure that the cluster can be destroyed and recreated exactly the same way in any GCP project.

resource "google_container_cluster" "primary" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count = 3
  
  node_config {
    machine_type = "e2-medium"
    oauth_scopes = [
      "https://www.googleapis.com/auth/cloud-platform"
    ]
  }
}

Step 2: Authenticating with the K8s Provider

Once the cluster is up, Terraform needs to "talk" to the Kubernetes API to manage services. We use the kubernetes provider and pass it the credentials generated by the GKE resource.

provider "kubernetes" {
  host                   = "https://${google_container_cluster.primary.endpoint}"
  token                  = data.google_client_config.default.access_token
  cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth[0].cluster_ca_certificate)
}

Step 3: Provisioning the Load Balancer Service

The magic of GKE is the seamless integration with Google's physical network. By defining a kubernetes_service with type = "LoadBalancer", GKE automatically requests the GCP API to provision a public static IP and a Cloud Load Balancer that routes traffic to our pods.

resource "kubernetes_service" "nginx_lb" {
  metadata {
    name = "nginx-loadbalancer"
  }
  spec {
    selector = {
      app = "nginx"
    }
    port {
      port        = 80
      target_port = 80
    }
    type = "LoadBalancer"
  }
}

Step 4: Verification and Clean-Up

Run terraform apply and wait for the external IP to be provisioned. You can verify the status via kubectl get svc. When finished, a single terraform destroy removes all provisioned resources, ensuring you only pay for what you use.

Summary

Combining Terraform with GKE provides a robust foundation for any cloud-native application. It allows for reproducible environments, version-controlled infrastructure, and automated scaling that handles traffic spikes gracefully while maintaining high availability.