Terraform IaC GKE Private Cluster CI/CD + WIF Grafana Observability Velero DR

Private GKE Cluster
on Google Cloud

End-to-end cloud engineering project: private GKE cluster provisioned with Terraform, automated CI/CD via GitHub Actions + Workload Identity Federation, real-time Grafana observability, and Velero disaster recovery — all under minimal cost.

View Live Dashboard GitHub Repo

Project Phases

Phase 1 Complete

Core Infrastructure

+ VPC + Cloud NAT + Firewall
+ GKE Private Cluster (Spot e2-small)
+ Terraform IaC (25 resources)
+ Cloud Armor threat policy
+ GitHub Actions + WIF (no SA keys)
Phase 2 Complete

Observability

+ Cloud Monitoring metrics
+ Grafana 11 on GKE (WIF auth)
+ GKE Ingress + Google Managed SSL
+ Custom GKE dashboard (CPU/Memory/Pods)
+ gcp-gke.techcloudup.com
Phase 3 Complete

DR & Backup

+ Velero v1.18 + GCP plugin
+ Daily backup to GCS bucket
+ DR Sim 1: pod auto-recovery RTO <10s
+ DR Sim 2: Velero restore RTO 4s
+ RPO < 24h (daily schedule)

Live GKE Metrics

Real-time data from Cloud Monitoring via Grafana

Key Metrics

25
GCP Resources via Terraform
<10s
RTO Auto-Recovery
4s
RTO Velero Restore
~$12
Monthly Cost (Spot)

Architecture

Tech Stack

Infrastructure
Terraform ~>5.0 (IaC)
GKE Private Cluster (Zonal)
VPC-native networking
Cloud NAT, Cloud Armor
CI/CD & Security
GitHub Actions
Workload Identity Federation
Kubernetes Network Policy
Google Managed SSL
Observability & DR
Cloud Monitoring
Grafana 11.0
Velero v1.18 + GCS
Cloudflare DNS

Source Code

Terraform, Kubernetes manifests, GitHub Actions workflow

scale600/gke-private-terraform-grafana-velero