Add GCP GKE documentation: include access and upgrade guides with detailed instructions for managing clusters and RBAC configurations.

yindia · yindia · commit 730d48c4df0b · 2026-02-01T13:32:15.000+09:00
diff --git a/docs/references/gcp_gke_access.md b/docs/references/gcp_gke_access.md
@@ -0,0 +1,43 @@
+# GCP GKE Access
+
+How to access GKE clusters generated by pltf.
+
+## Kubeconfig
+1. Fetch outputs:
+   ```bash
+   pltf terraform output -f env.yaml -e <env> --json
+   ```
+   Note `k8s_cluster_name`, `k8s_endpoint`, and `k8s_ca_data` (output names may be prefixed if there are duplicates).
+2. Authenticate and update kubeconfig:
+   ```bash
+   gcloud auth login
+   gcloud container clusters get-credentials <cluster> \
+     --region <region> \
+     --project <project-id>
+   ```
+   Use the same GCP project configured in your environment entry (`environments.<env>.account`).
+
+Generated Terraform already configures Kubernetes and Helm providers using these outputs when you run `pltf terraform plan/apply`.
+
+## Kubernetes RBAC
+GKE access is controlled by Kubernetes RBAC. Grant access via `ClusterRoleBinding` or `RoleBinding`.
+
+Example cluster role binding:
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: platform-admins
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: User
+    name: user@example.com
+    apiGroup: rbac.authorization.k8s.io
+```
+
+## Summary
+- Use `gcloud container clusters get-credentials` with cluster outputs to access the cluster.
+- Manage RBAC with Kubernetes bindings (Terraform/Helm if you want it in code).
diff --git a/docs/references/gcp_gke_upgrade.md b/docs/references/gcp_gke_upgrade.md
@@ -0,0 +1,49 @@
+# GCP GKE Upgrade
+
+How to upgrade a GKE cluster created by pltf.
+
+## Overview
+pltf configures the GKE release channel via `gke_channel` (RAPID, REGULAR, STABLE). Upgrades happen according to Google’s channel policy. You can also trigger manual upgrades with `gcloud`.
+
+## Option 1: Change release channel (recommended)
+Update your spec:
+```yaml
+modules:
+  - id: gke
+    type: gcp_gke
+    inputs:
+      gke_channel: "REGULAR"
+```
+Then:
+```bash
+pltf terraform plan -f env.yaml -e prod
+pltf terraform apply -f env.yaml -e prod
+```
+
+## Option 2: Manual upgrade with gcloud
+1. Inspect available versions:
+   ```bash
+   gcloud container get-server-config --region <region>
+   ```
+2. Upgrade control plane:
+   ```bash
+   gcloud container clusters upgrade <cluster> \
+     --region <region> \
+     --project <project-id>
+   ```
+3. Upgrade node pools:
+   ```bash
+   gcloud container node-pools upgrade <node-pool> \
+     --cluster <cluster> \
+     --region <region> \
+     --project <project-id>
+   ```
+
+## Notes
+- Upgrade one minor version at a time.
+- Check add-on compatibility (CNI, ingress, metrics).
+- For private clusters, ensure your admin network can reach the control plane before upgrading.
+
+## References
+- GKE upgrades: https://cloud.google.com/kubernetes-engine/docs/how-to/upgrading-a-cluster
+- Release channels: https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -104,6 +104,10 @@ nav:
           - Overview: references/aws.md
           - EKS Access: references/aws_eks_access.md
           - EKS Upgrade: references/aws_eks_upgrade.md
+      - GCP:
+          - Overview: references/gcp.md
+          - GKE Access: references/gcp_gke_access.md
+          - GKE Upgrade: references/gcp_gke_upgrade.md
   - Modules:
       - AWS:
         - aws_base: references/modules/aws_base.md
@@ -123,6 +127,17 @@ nav:
         - aws_sns: references/modules/aws_sns.md
         - aws_sqs: references/modules/aws_sqs.md
         - helm_chart: references/modules/helm_chart.md
+      - GCP:
+        - gcp_base: references/modules/gcp_base.md
+        - gcp_dns: references/modules/gcp_dns.md
+        - gcp_gcs: references/modules/gcp_gcs.md
+        - gcp_gke: references/modules/gcp_gke.md
+        - gcp_k8s_service: references/modules/gcp_k8s_service.md
+        - gcp_mysql: references/modules/gcp_mysql.md
+        - gcp_nodepool: references/modules/gcp_nodepool.md
+        - gcp_postgres: references/modules/gcp_postgres.md
+        - gcp_redis: references/modules/gcp_redis.md
+        - gcp_service_account: references/modules/gcp_service_account.md
   - Examples:
       - ML Cluster: example/ml.md
       - Full Stack application: example/fsapp.md
