From b7cf903c6e34ee744587c47a27ae26dad0cc0c53 Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Fri, 19 Jul 2019 12:33:54 +0100
Subject: [PATCH 1/7] Add cluster_resource_labels to autogen/

---
 autogen/cluster_regional.tf | 1 +
 autogen/cluster_zonal.tf    | 1 +
 autogen/variables.tf        | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/autogen/cluster_regional.tf b/autogen/cluster_regional.tf
index b8878e0378..890aad5706 100644
--- a/autogen/cluster_regional.tf
+++ b/autogen/cluster_regional.tf
@@ -30,6 +30,7 @@ resource "google_container_cluster" "primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   region = var.region
   node_locations = coalescelist(
diff --git a/autogen/cluster_zonal.tf b/autogen/cluster_zonal.tf
index 73ca493d66..e061c71efc 100644
--- a/autogen/cluster_zonal.tf
+++ b/autogen/cluster_zonal.tf
@@ -30,6 +30,7 @@ resource "google_container_cluster" "zonal_primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
   node_locations    = slice(var.zones, 1, length(var.zones))
diff --git a/autogen/variables.tf b/autogen/variables.tf
index ef0bea9060..bb4d482f25 100644
--- a/autogen/variables.tf
+++ b/autogen/variables.tf
@@ -284,6 +284,12 @@ variable "cluster_ipv4_cidr" {
   description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
 }
 
+variable "cluster_resource_labels" {
+  type        = map(string)
+  description = "The GCE resource labels (a map of key/value pairs) to be applied to the cluster"
+  default     = {}
+}
+
 {% if private_cluster %}
 
 variable "deploy_using_private_endpoint" {

From 3657562d202a665cb78fbc8c4cd7cbefbcd88179 Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Fri, 19 Jul 2019 12:35:18 +0100
Subject: [PATCH 2/7] make generate && make generate_docs && make -s

---
 README.md                                     |  1 +
 cluster_regional.tf                           |  1 +
 cluster_zonal.tf                              |  1 +
 main.tf                                       | 20 ++++++++--------
 modules/beta-private-cluster/README.md        |  1 +
 .../beta-private-cluster/cluster_regional.tf  |  1 +
 modules/beta-private-cluster/cluster_zonal.tf |  1 +
 modules/beta-private-cluster/main.tf          | 24 +++++++++----------
 modules/beta-private-cluster/variables.tf     | 20 ++++++++++------
 modules/beta-public-cluster/README.md         |  1 +
 .../beta-public-cluster/cluster_regional.tf   |  9 +++----
 modules/beta-public-cluster/cluster_zonal.tf  |  9 +++----
 modules/beta-public-cluster/main.tf           | 24 +++++++++----------
 modules/beta-public-cluster/variables.tf      | 20 ++++++++++------
 modules/private-cluster/README.md             |  1 +
 modules/private-cluster/cluster_regional.tf   |  1 +
 modules/private-cluster/cluster_zonal.tf      |  1 +
 modules/private-cluster/main.tf               | 20 ++++++++--------
 modules/private-cluster/variables.tf          | 10 ++++++--
 variables.tf                                  |  6 +++++
 20 files changed, 104 insertions(+), 68 deletions(-)

diff --git a/README.md b/README.md
index 5d09951671..e7ec18d844 100644
--- a/README.md
+++ b/README.md
@@ -129,6 +129,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
+| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `<map>` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no |
diff --git a/cluster_regional.tf b/cluster_regional.tf
index 66c3ec33a8..83e0062863 100644
--- a/cluster_regional.tf
+++ b/cluster_regional.tf
@@ -26,6 +26,7 @@ resource "google_container_cluster" "primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   region = var.region
   node_locations = coalescelist(
diff --git a/cluster_zonal.tf b/cluster_zonal.tf
index 1bf674f82d..37750491dd 100644
--- a/cluster_zonal.tf
+++ b/cluster_zonal.tf
@@ -26,6 +26,7 @@ resource "google_container_cluster" "zonal_primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
   node_locations    = slice(var.zones, 1, length(var.zones))
diff --git a/main.tf b/main.tf
index 218babf66a..d88d74d5a2 100644
--- a/main.tf
+++ b/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google
 
-  project = var.project_id
-  region  = var.region
+  project  = var.project_id
+  region   = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,19 +35,19 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count                  = length(var.zones)
+  zone_count = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-    }] : [{
-    enabled  = false
+  }] : [{
+    enabled = false
     provider = null
   }]
 
@@ -247,10 +247,10 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
 }
 
 /******************************************
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 475159e1a6..2ff3fe8bf5 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -137,6 +137,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
+| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `<map>` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `<list>` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | bool | `"false"` | no |
diff --git a/modules/beta-private-cluster/cluster_regional.tf b/modules/beta-private-cluster/cluster_regional.tf
index 33b07af674..7cb2721271 100644
--- a/modules/beta-private-cluster/cluster_regional.tf
+++ b/modules/beta-private-cluster/cluster_regional.tf
@@ -26,6 +26,7 @@ resource "google_container_cluster" "primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   region = var.region
   node_locations = coalescelist(
diff --git a/modules/beta-private-cluster/cluster_zonal.tf b/modules/beta-private-cluster/cluster_zonal.tf
index baff6adca7..93abaac85b 100644
--- a/modules/beta-private-cluster/cluster_zonal.tf
+++ b/modules/beta-private-cluster/cluster_zonal.tf
@@ -26,6 +26,7 @@ resource "google_container_cluster" "zonal_primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
   node_locations    = slice(var.zones, 1, length(var.zones))
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index 91d4722e55..bb50ac42a3 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google-beta
 
-  project = var.project_id
-  region  = var.region
+  project  = var.project_id
+  region   = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,23 +35,23 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count                  = length(var.zones)
+  zone_count = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-    }] : [{
-    enabled  = false
+  }] : [{
+    enabled = false
     provider = null
   }]
 
-  cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
+  cluster_cloudrun_config = var.cloudrun ? [{disabled = false}] : []
 
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
@@ -262,12 +262,12 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
   # BETA features
-  cluster_istio_enabled               = ! local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_istio_enabled               = !local.cluster_type_output_istio_enabled[local.cluster_type]
   cluster_cloudrun_enabled            = var.cloudrun
   cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
   # /BETA features
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 04d202cd46..bfd6216679 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
+  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({ key = string, value = string, effect = string })))
+  type        = map(list(object({key=string,value=string,effect=string})))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {
@@ -284,6 +284,12 @@ variable "cluster_ipv4_cidr" {
   description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
 }
 
+variable "cluster_resource_labels" {
+  type        = map(string)
+  description = "The GCE resource labels (a map of key/value pairs) to be applied to the cluster"
+  default     = {}
+}
+
 
 variable "deploy_using_private_endpoint" {
   type        = bool
@@ -316,10 +322,10 @@ variable "istio" {
 
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
-  type        = list(object({ state = string, key_name = string }))
-  default = [{
-    state    = "DECRYPTED"
-    key_name = ""
+  type        = list(object({state = string, key_name = string}))
+  default     = [{
+    state     = "DECRYPTED"
+    key_name  = ""
   }]
 }
 
@@ -335,7 +341,7 @@ variable "enable_binary_authorization" {
 
 variable "pod_security_policy_config" {
   description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-  default = [{
+  default     = [{
     "enabled" = false
   }]
 }
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 32df7c1856..f32c2f5e13 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -132,6 +132,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
+| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `<map>` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `<list>` | no |
 | description | The description of the cluster | string | `""` | no |
diff --git a/modules/beta-public-cluster/cluster_regional.tf b/modules/beta-public-cluster/cluster_regional.tf
index a56ebb5634..2e5ee7e6e6 100644
--- a/modules/beta-public-cluster/cluster_regional.tf
+++ b/modules/beta-public-cluster/cluster_regional.tf
@@ -22,10 +22,11 @@
 resource "google_container_cluster" "primary" {
   provider = google-beta
 
-  count       = var.regional ? 1 : 0
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 1 : 0
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   region = var.region
   node_locations = coalescelist(
diff --git a/modules/beta-public-cluster/cluster_zonal.tf b/modules/beta-public-cluster/cluster_zonal.tf
index 39e7a1a1fb..8be7150783 100644
--- a/modules/beta-public-cluster/cluster_zonal.tf
+++ b/modules/beta-public-cluster/cluster_zonal.tf
@@ -22,10 +22,11 @@
 resource "google_container_cluster" "zonal_primary" {
   provider = google-beta
 
-  count       = var.regional ? 0 : 1
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 0 : 1
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
   node_locations    = slice(var.zones, 1, length(var.zones))
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index 0bc2bbcd1c..7563a5598c 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google-beta
 
-  project = var.project_id
-  region  = var.region
+  project  = var.project_id
+  region   = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,23 +35,23 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count                  = length(var.zones)
+  zone_count = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-    }] : [{
-    enabled  = false
+  }] : [{
+    enabled = false
     provider = null
   }]
 
-  cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
+  cluster_cloudrun_config = var.cloudrun ? [{disabled = false}] : []
 
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
@@ -264,12 +264,12 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
   # BETA features
-  cluster_istio_enabled               = ! local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_istio_enabled               = !local.cluster_type_output_istio_enabled[local.cluster_type]
   cluster_cloudrun_enabled            = var.cloudrun
   cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
   # /BETA features
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 4de786246c..e5582b845c 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
+  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({ key = string, value = string, effect = string })))
+  type        = map(list(object({key=string,value=string,effect=string})))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {
@@ -284,6 +284,12 @@ variable "cluster_ipv4_cidr" {
   description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
 }
 
+variable "cluster_resource_labels" {
+  type        = map(string)
+  description = "The GCE resource labels (a map of key/value pairs) to be applied to the cluster"
+  default     = {}
+}
+
 
 variable "istio" {
   description = "(Beta) Enable Istio addon"
@@ -292,10 +298,10 @@ variable "istio" {
 
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
-  type        = list(object({ state = string, key_name = string }))
-  default = [{
-    state    = "DECRYPTED"
-    key_name = ""
+  type        = list(object({state = string, key_name = string}))
+  default     = [{
+    state     = "DECRYPTED"
+    key_name  = ""
   }]
 }
 
@@ -311,7 +317,7 @@ variable "enable_binary_authorization" {
 
 variable "pod_security_policy_config" {
   description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-  default = [{
+  default     = [{
     "enabled" = false
   }]
 }
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index 906a826a94..e725107466 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -134,6 +134,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
+| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `<map>` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | bool | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
diff --git a/modules/private-cluster/cluster_regional.tf b/modules/private-cluster/cluster_regional.tf
index 7e12240b1d..f3a9e2ae37 100644
--- a/modules/private-cluster/cluster_regional.tf
+++ b/modules/private-cluster/cluster_regional.tf
@@ -26,6 +26,7 @@ resource "google_container_cluster" "primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   region = var.region
   node_locations = coalescelist(
diff --git a/modules/private-cluster/cluster_zonal.tf b/modules/private-cluster/cluster_zonal.tf
index 0109263b07..40690bc609 100644
--- a/modules/private-cluster/cluster_zonal.tf
+++ b/modules/private-cluster/cluster_zonal.tf
@@ -26,6 +26,7 @@ resource "google_container_cluster" "zonal_primary" {
   name        = var.name
   description = var.description
   project     = var.project_id
+  resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
   node_locations    = slice(var.zones, 1, length(var.zones))
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index d39207827d..958d82ed07 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google-beta
 
-  project = var.project_id
-  region  = var.region
+  project  = var.project_id
+  region   = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,19 +35,19 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count                  = length(var.zones)
+  zone_count = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-    }] : [{
-    enabled  = false
+  }] : [{
+    enabled = false
     provider = null
   }]
 
@@ -245,10 +245,10 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
 }
 
 /******************************************
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index 4491851740..b342f75d61 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
+  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({ key = string, value = string, effect = string })))
+  type        = map(list(object({key=string,value=string,effect=string})))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {
@@ -284,6 +284,12 @@ variable "cluster_ipv4_cidr" {
   description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
 }
 
+variable "cluster_resource_labels" {
+  type        = map(string)
+  description = "The GCE resource labels (a map of key/value pairs) to be applied to the cluster"
+  default     = {}
+}
+
 
 variable "deploy_using_private_endpoint" {
   type        = bool
diff --git a/variables.tf b/variables.tf
index beb05ea126..dea8306c9d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -284,3 +284,9 @@ variable "cluster_ipv4_cidr" {
   description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
 }
 
+variable "cluster_resource_labels" {
+  type        = map(string)
+  description = "The GCE resource labels (a map of key/value pairs) to be applied to the cluster"
+  default     = {}
+}
+

From dfcf64e3463ec85b47d0e3c2939a83e7ddebd1c0 Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Fri, 19 Jul 2019 12:40:15 +0100
Subject: [PATCH 3/7] Fix fmt

---
 autogen/cluster_regional.tf                      | 8 ++++----
 autogen/cluster_zonal.tf                         | 8 ++++----
 cluster_regional.tf                              | 8 ++++----
 cluster_zonal.tf                                 | 8 ++++----
 modules/beta-private-cluster/cluster_regional.tf | 8 ++++----
 modules/beta-private-cluster/cluster_zonal.tf    | 8 ++++----
 modules/private-cluster/cluster_regional.tf      | 8 ++++----
 modules/private-cluster/cluster_zonal.tf         | 8 ++++----
 variables.tf                                     | 4 ++--
 9 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/autogen/cluster_regional.tf b/autogen/cluster_regional.tf
index 890aad5706..c749487814 100644
--- a/autogen/cluster_regional.tf
+++ b/autogen/cluster_regional.tf
@@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
   provider = google
   {% endif %}
 
-  count       = var.regional ? 1 : 0
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 1 : 0
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   region = var.region
diff --git a/autogen/cluster_zonal.tf b/autogen/cluster_zonal.tf
index e061c71efc..21fa20c5e5 100644
--- a/autogen/cluster_zonal.tf
+++ b/autogen/cluster_zonal.tf
@@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
   provider = google
   {% endif %}
 
-  count       = var.regional ? 0 : 1
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 0 : 1
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
diff --git a/cluster_regional.tf b/cluster_regional.tf
index 83e0062863..f6afe63d49 100644
--- a/cluster_regional.tf
+++ b/cluster_regional.tf
@@ -22,10 +22,10 @@
 resource "google_container_cluster" "primary" {
   provider = google
 
-  count       = var.regional ? 1 : 0
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 1 : 0
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   region = var.region
diff --git a/cluster_zonal.tf b/cluster_zonal.tf
index 37750491dd..195a67cc42 100644
--- a/cluster_zonal.tf
+++ b/cluster_zonal.tf
@@ -22,10 +22,10 @@
 resource "google_container_cluster" "zonal_primary" {
   provider = google
 
-  count       = var.regional ? 0 : 1
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 0 : 1
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
diff --git a/modules/beta-private-cluster/cluster_regional.tf b/modules/beta-private-cluster/cluster_regional.tf
index 7cb2721271..1eec369b3a 100644
--- a/modules/beta-private-cluster/cluster_regional.tf
+++ b/modules/beta-private-cluster/cluster_regional.tf
@@ -22,10 +22,10 @@
 resource "google_container_cluster" "primary" {
   provider = google-beta
 
-  count       = var.regional ? 1 : 0
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 1 : 0
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   region = var.region
diff --git a/modules/beta-private-cluster/cluster_zonal.tf b/modules/beta-private-cluster/cluster_zonal.tf
index 93abaac85b..6f05dbecd6 100644
--- a/modules/beta-private-cluster/cluster_zonal.tf
+++ b/modules/beta-private-cluster/cluster_zonal.tf
@@ -22,10 +22,10 @@
 resource "google_container_cluster" "zonal_primary" {
   provider = google-beta
 
-  count       = var.regional ? 0 : 1
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 0 : 1
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
diff --git a/modules/private-cluster/cluster_regional.tf b/modules/private-cluster/cluster_regional.tf
index f3a9e2ae37..1e5b6669d3 100644
--- a/modules/private-cluster/cluster_regional.tf
+++ b/modules/private-cluster/cluster_regional.tf
@@ -22,10 +22,10 @@
 resource "google_container_cluster" "primary" {
   provider = google-beta
 
-  count       = var.regional ? 1 : 0
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 1 : 0
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   region = var.region
diff --git a/modules/private-cluster/cluster_zonal.tf b/modules/private-cluster/cluster_zonal.tf
index 40690bc609..361657a34b 100644
--- a/modules/private-cluster/cluster_zonal.tf
+++ b/modules/private-cluster/cluster_zonal.tf
@@ -22,10 +22,10 @@
 resource "google_container_cluster" "zonal_primary" {
   provider = google-beta
 
-  count       = var.regional ? 0 : 1
-  name        = var.name
-  description = var.description
-  project     = var.project_id
+  count           = var.regional ? 0 : 1
+  name            = var.name
+  description     = var.description
+  project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
   zone              = var.zones[0]
diff --git a/variables.tf b/variables.tf
index dea8306c9d..e9759c237c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
+  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({ key = string, value = string, effect = string })))
+  type        = map(list(object({key=string,value=string,effect=string})))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {

From b5b33ccc9f5cfa3bcae9f10a4efa4f29a36b6187 Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Mon, 22 Jul 2019 15:14:38 +0100
Subject: [PATCH 4/7] Add CHANGELOG note

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d676d77480..d494e36041 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 Extending the adopted spec, each change should have a link to its corresponding pull request appended.
 
 ## [Unreleased]
+### Added
+
+* Support for GCE cluster resource_labels. [#210]
 
 ## [4.0.0] 2019-07-12
 

From 73eb751799626664fcdef6cacb3d967d25cfb3fc Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Mon, 22 Jul 2019 15:23:20 +0100
Subject: [PATCH 5/7] Fix indentation for zone_count

---
 autogen/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/autogen/main.tf b/autogen/main.tf
index 407f65d21e..19d5e27a6a 100644
--- a/autogen/main.tf
+++ b/autogen/main.tf
@@ -43,7 +43,7 @@ locals {
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count = length(var.zones)
+  zone_count                  = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 

From 8b47cd1e1405795aa00f40e0d1ca8ffc991c54e6 Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Mon, 22 Jul 2019 15:40:55 +0100
Subject: [PATCH 6/7] Regenerate

---
 main.tf                              | 2 +-
 modules/beta-private-cluster/main.tf | 2 +-
 modules/beta-public-cluster/main.tf  | 2 +-
 modules/private-cluster/main.tf      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index d88d74d5a2..62c1ebf31c 100644
--- a/main.tf
+++ b/main.tf
@@ -39,7 +39,7 @@ locals {
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count = length(var.zones)
+  zone_count                  = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index bb50ac42a3..05ff053554 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -39,7 +39,7 @@ locals {
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count = length(var.zones)
+  zone_count                  = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index 7563a5598c..7784a2ff90 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -39,7 +39,7 @@ locals {
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count = length(var.zones)
+  zone_count                  = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index 958d82ed07..0a9a78c202 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -39,7 +39,7 @@ locals {
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count = length(var.zones)
+  zone_count                  = length(var.zones)
 
   cluster_type = var.regional ? "regional" : "zonal"
 

From a06ebd1867ee4bc26d4e1c3e6a7244f5da80b9e7 Mon Sep 17 00:00:00 2001
From: Devan Patel <devan2patel@gmail.com>
Date: Mon, 22 Jul 2019 16:24:25 +0100
Subject: [PATCH 7/7] Regenerate/fmt

---
 main.tf                                   | 18 +++++++++---------
 modules/beta-private-cluster/main.tf      | 22 +++++++++++-----------
 modules/beta-private-cluster/variables.tf | 14 +++++++-------
 modules/beta-public-cluster/main.tf       | 22 +++++++++++-----------
 modules/beta-public-cluster/variables.tf  | 14 +++++++-------
 modules/private-cluster/main.tf           | 18 +++++++++---------
 modules/private-cluster/variables.tf      |  4 ++--
 variables.tf                              |  4 ++--
 8 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/main.tf b/main.tf
index 62c1ebf31c..218babf66a 100644
--- a/main.tf
+++ b/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google
 
-  project  = var.project_id
-  region   = var.region
+  project = var.project_id
+  region  = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,7 +35,7 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
@@ -46,8 +46,8 @@ locals {
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-  }] : [{
-    enabled = false
+    }] : [{
+    enabled  = false
     provider = null
   }]
 
@@ -247,10 +247,10 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
 }
 
 /******************************************
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index 05ff053554..91d4722e55 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google-beta
 
-  project  = var.project_id
-  region   = var.region
+  project = var.project_id
+  region  = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,7 +35,7 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
@@ -46,12 +46,12 @@ locals {
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-  }] : [{
-    enabled = false
+    }] : [{
+    enabled  = false
     provider = null
   }]
 
-  cluster_cloudrun_config = var.cloudrun ? [{disabled = false}] : []
+  cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
 
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
@@ -262,12 +262,12 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
   # BETA features
-  cluster_istio_enabled               = !local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_istio_enabled               = ! local.cluster_type_output_istio_enabled[local.cluster_type]
   cluster_cloudrun_enabled            = var.cloudrun
   cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
   # /BETA features
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index bfd6216679..c3ef14d53a 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
+  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({key=string,value=string,effect=string})))
+  type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {
@@ -322,10 +322,10 @@ variable "istio" {
 
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
-  type        = list(object({state = string, key_name = string}))
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
+  type        = list(object({ state = string, key_name = string }))
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
   }]
 }
 
@@ -341,7 +341,7 @@ variable "enable_binary_authorization" {
 
 variable "pod_security_policy_config" {
   description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-  default     = [{
+  default = [{
     "enabled" = false
   }]
 }
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index 7784a2ff90..0bc2bbcd1c 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google-beta
 
-  project  = var.project_id
-  region   = var.region
+  project = var.project_id
+  region  = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,7 +35,7 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
@@ -46,12 +46,12 @@ locals {
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-  }] : [{
-    enabled = false
+    }] : [{
+    enabled  = false
     provider = null
   }]
 
-  cluster_cloudrun_config = var.cloudrun ? [{disabled = false}] : []
+  cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
 
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
@@ -264,12 +264,12 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
   # BETA features
-  cluster_istio_enabled               = !local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_istio_enabled               = ! local.cluster_type_output_istio_enabled[local.cluster_type]
   cluster_cloudrun_enabled            = var.cloudrun
   cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
   # /BETA features
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index e5582b845c..9a5ee6a91a 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
+  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({key=string,value=string,effect=string})))
+  type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {
@@ -298,10 +298,10 @@ variable "istio" {
 
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
-  type        = list(object({state = string, key_name = string}))
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
+  type        = list(object({ state = string, key_name = string }))
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
   }]
 }
 
@@ -317,7 +317,7 @@ variable "enable_binary_authorization" {
 
 variable "pod_security_policy_config" {
   description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-  default     = [{
+  default = [{
     "enabled" = false
   }]
 }
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index 0a9a78c202..d39207827d 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -22,8 +22,8 @@
 data "google_compute_zones" "available" {
   provider = google-beta
 
-  project  = var.project_id
-  region   = var.region
+  project = var.project_id
+  region  = var.region
 }
 
 resource "random_shuffle" "available_zones" {
@@ -35,7 +35,7 @@ locals {
   kubernetes_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version
   kubernetes_version_zonal    = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version
   node_version_regional       = var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional
-  node_version_zonal          = var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal
+  node_version_zonal          = var.node_version != "" && ! var.regional ? var.node_version : local.kubernetes_version_zonal
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
@@ -46,8 +46,8 @@ locals {
   cluster_network_policy = var.network_policy ? [{
     enabled  = true
     provider = var.network_policy_provider
-  }] : [{
-    enabled = false
+    }] : [{
+    enabled  = false
     provider = null
   }]
 
@@ -245,10 +245,10 @@ locals {
   cluster_monitoring_service                 = local.cluster_type_output_monitoring_service[local.cluster_type]
   cluster_node_pools_names                   = local.cluster_type_output_node_pools_names[local.cluster_type]
   cluster_node_pools_versions                = local.cluster_type_output_node_pools_versions[local.cluster_type]
-  cluster_network_policy_enabled             = !local.cluster_type_output_network_policy_enabled[local.cluster_type]
-  cluster_http_load_balancing_enabled        = !local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
-  cluster_horizontal_pod_autoscaling_enabled = !local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
-  cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
+  cluster_network_policy_enabled             = ! local.cluster_type_output_network_policy_enabled[local.cluster_type]
+  cluster_http_load_balancing_enabled        = ! local.cluster_type_output_http_load_balancing_enabled[local.cluster_type]
+  cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
+  cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
 }
 
 /******************************************
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index b342f75d61..73c11d1b87 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
+  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({key=string,value=string,effect=string})))
+  type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {
diff --git a/variables.tf b/variables.tf
index e9759c237c..dea8306c9d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -78,7 +78,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
+  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -179,7 +179,7 @@ variable "node_pools_metadata" {
 }
 
 variable "node_pools_taints" {
-  type        = map(list(object({key=string,value=string,effect=string})))
+  type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"
 
   default = {