diff --git a/.circleci/config.yml b/.circleci/config.yml
index e69de29..9d883d6 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -0,0 +1,105 @@
+defaults: &defaults
+  machine: true
+  environment:
+    GRUNTWORK_INSTALLER_VERSION: v0.0.21
+    TERRATEST_LOG_PARSER_VERSION: v0.13.13
+    MODULE_CI_VERSION: v0.13.3
+    TERRAFORM_VERSION: 0.11.8
+    TERRAGRUNT_VERSION: NONE
+    PACKER_VERSION: NONE
+    GOLANG_VERSION: 1.11.2
+    K8S_VERSION: v1.10.0
+    KUBECONFIG: /home/circleci/.kube/config
+
+install_gruntwork_utils: &install_gruntwork_utils
+  name: install gruntwork utils
+  command: |
+    curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version "${GRUNTWORK_INSTALLER_VERSION}"
+    gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/module-ci" --tag "${MODULE_CI_VERSION}"
+    gruntwork-install --binary-name "terratest_log_parser" --repo "https://github.com/gruntwork-io/terratest" --tag "${TERRATEST_LOG_PARSER_VERSION}"
+    configure-environment-for-gruntwork-module \
+      --circle-ci-2-machine-executor \
+      --terraform-version ${TERRAFORM_VERSION} \
+      --terragrunt-version ${TERRAGRUNT_VERSION} \
+      --packer-version ${PACKER_VERSION} \
+      --use-go-dep \
+      --go-version ${GOLANG_VERSION} \
+      --go-src-path test
+
+version: 2
+jobs:
+  build:
+    <<: *defaults
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+          - dep-v1-{{ checksum "test/Gopkg.lock" }}
+
+      # Install gruntwork utilities
+      - run:
+          <<: *install_gruntwork_utils
+
+      - save_cache:
+          key: dep-v1-{{ checksum "test/Gopkg.lock" }}
+          paths:
+          - ./test/vendor
+
+      # Fail the build if the pre-commit hooks don't pass. Note: if you run pre-commit install locally, these hooks will
+      # execute automatically every time before you commit, ensuring the build never fails at this step!
+      - run: pip install pre-commit==1.11.2
+      - run: pre-commit install
+      - run: pre-commit run --all-files
+
+      - persist_to_workspace:
+          root: /home/circleci
+          paths:
+            - project
+            - terraform
+            - packer
+
+  test:
+    <<: *defaults
+    steps:
+    - attach_workspace:
+        at: /home/circleci
+    - checkout
+    - run: echo 'export PATH=$HOME/terraform:$HOME/packer:$PATH' >> $BASH_ENV
+    - run:
+          <<: *install_gruntwork_utils
+    - run:
+        name: update gcloud
+        command: |
+          sudo apt-get remove -y google-cloud-sdk
+          sudo /opt/google-cloud-sdk/bin/gcloud --quiet components update
+          sudo /opt/google-cloud-sdk/bin/gcloud --quiet components update beta kubectl
+    - run:
+        name: run tests
+        command: |
+          mkdir -p /tmp/logs
+          # required for gcloud and kubectl to authenticate correctly
+          echo $GCLOUD_SERVICE_KEY | gcloud auth activate-service-account --key-file=-
+          gcloud --quiet config set project ${GOOGLE_PROJECT_ID}
+          gcloud --quiet config set compute/zone ${GOOGLE_COMPUTE_ZONE}
+          # required for terraform and terratest to authenticate correctly
+          echo $GCLOUD_SERVICE_KEY > /tmp/gcloud.json
+          export GOOGLE_APPLICATION_CREDENTIALS="/tmp/gcloud.json"
+          # run the tests
+          run-go-tests --path test --timeout 60m | tee /tmp/logs/all.log
+        no_output_timeout: 3600s
+    - run:
+        command: terratest_log_parser --testlog /tmp/logs/all.log --outputdir /tmp/logs
+        when: always
+    - store_artifacts:
+        path: /tmp/logs
+    - store_test_results:
+        path: /tmp/logs
+
+workflows:
+  version: 2
+  build-and-test:
+    jobs:
+    - build
+    - test:
+        requires:
+        - build
diff --git a/.gitignore b/.gitignore
index 40c6dd5..16fc95e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,5 +21,8 @@ out/
 # Go best practices dictate that libraries should not include the vendor directory
 vendor
 
-# Ignore test data
-.test_data/
+# Folder used to store temporary test data by Terratest
+.test-data
+
+# Mock user-data log file
+mock-user-data.log
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..dd17d91
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,6 @@
+repos:
+  - repo: https://github.com/gruntwork-io/pre-commit
+    sha: v0.0.2
+    hooks:
+      - id: terraform-fmt
+
diff --git a/examples/gke-regional-private-cluster/README.md b/examples/gke-regional-private-cluster/README.md
new file mode 100644
index 0000000..397533f
--- /dev/null
+++ b/examples/gke-regional-private-cluster/README.md
@@ -0,0 +1,49 @@
+# GKE Regional Private Cluster
+
+This example creates a Regional Private GKE Cluster.
+
+Regional GKE Clusters are high-availability clusters where the cluster master is
+spread across multiple GCP zones. During a zonal outage, the Kubernetes control
+plane and a subset of your nodes will still be available, provided that at least
+1 zone that your cluster is running in is still available.
+
+Regional control planes are accessible even during upgrades.
+
+By default, regional clusters will create nodes across 3 zones in a region. If
+you're interested in how nodes are distributed in regional clusters, read the
+GCP docs about [balancing across zones](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#balancing_across_zones).
+
+Nodes in a private cluster are only granted private IP addresses; they're not
+accessible from the public internet, as part of a defense-in-depth strategy. A
+private cluster can use a GCP HTTP(S) or Network load balancer to accept public
+traffic, or an internal load balancer from within your VPC network.
+
+Private clusters use [Private Google Access](https://cloud.google.com/vpc/docs/private-access-options)
+to access Google APIs such as Stackdriver, and to pull container images from
+Google Container Registry. To use other APIs and services over the internet, you
+can use a [`gke-regional-public-cluster`](../gke-regional-public-cluster).
+Private clusters are recommended for running most apps and services.
+
+## Limitations
+
+No region shares GPU types across all of their zones; you will need to
+explicitly specify the zones your cluster runs in in order to use GPUs.
+
+Node Pools cannot be created in zones without a master cluster; you can update
+the zones of your cluster master provided your new zones are within the
+region your cluster is present in.
+
+<!-- TODO(rileykarson): Clarify what this means when we find out- this is pulled
+from the GKE docs. -->
+Currently, you cannot use a proxy to reach the cluster master of a regional
+cluster through its private IP address.
+
+## How do you run these examples?
+
+1. Install [Terraform](https://www.terraform.io/).
+1. Make sure you have Python installed (version 2.x) and in your `PATH`.
+1. Open `variables.tf`,  and fill in any required variables that don't have a
+default.
+1. Run `terraform get`.
+1. Run `terraform plan`.
+1. If the plan looks good, run `terraform apply`.
diff --git a/examples/gke-regional-public-cluster/README.md b/examples/gke-regional-public-cluster/README.md
new file mode 100644
index 0000000..c70f507
--- /dev/null
+++ b/examples/gke-regional-public-cluster/README.md
@@ -0,0 +1,37 @@
+# GKE Regional Public Cluster
+
+This example creates a Regional Public GKE Cluster.
+
+Regional GKE Clusters are high-availability clusters where the cluster master is
+spread across multiple GCP zones. During a zonal outage, the Kubernetes control
+plane and a subset of your nodes will still be available, provided that at least
+1 zone that your cluster is running in is still available.
+
+Regional control planes are accessible even during upgrades.
+
+By default, regional clusters will create nodes across 3 zones in a region. If
+you're interested in how nodes are distributed in regional clusters, read the
+GCP docs about [balancing across zones](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#balancing_across_zones).
+
+Nodes in a public cluster are accessible from the public internet; try using a
+private cluster such as in [`gke-regional-private-cluster`](../gke-regional-private-cluster)
+to limit access to/from your nodes. Private clusters are recommended for running
+most apps and services.
+
+## Limitations
+
+No region shares GPU types across all of their zones; you will need to
+explicitly specify the zones your cluster runs in in order to use GPUs.
+
+Node Pools cannot be created in zones without a master cluster; you can update
+the zones of your cluster master provided your new zones are within the
+region your cluster is present in.
+
+## How do you run these examples?
+
+1. Install [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) v0.10.3 or later.
+1. Open `variables.tf`,  and fill in any required variables that don't have a
+default.
+1. Run `terraform get`.
+1. Run `terraform plan`.
+1. If the plan looks good, run `terraform apply`.
diff --git a/examples/gke-regional-public-cluster/main.tf b/examples/gke-regional-public-cluster/main.tf
new file mode 100644
index 0000000..e50124c
--- /dev/null
+++ b/examples/gke-regional-public-cluster/main.tf
@@ -0,0 +1,101 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY A GKE REGIONAL PUBLIC CLUSTER IN GOOGLE CLOUD
+# This is an example of how to use the gke-cluster module to deploy a regional public Kubernetes cluster in GCP with a
+# Load Balancer in front of it.
+# ---------------------------------------------------------------------------------------------------------------------
+
+provider "google-beta" {
+  project = "${var.project}"
+  region  = "${var.region}"
+}
+
+# Use Terraform 0.10.x so that we can take advantage of Terraform GCP functionality as a separate provider via
+# https://github.com/terraform-providers/terraform-provider-google
+terraform {
+  required_version = ">= 0.10.3"
+}
+
+module "gke_cluster" {
+  # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
+  # to a specific version of the modules, such as the following example:
+  # source = "git::git@github.com:gruntwork-io/gke-cluster.git//modules/gke-cluster?ref=v0.0.1"
+  source = "../../modules/gke-cluster"
+
+  name = "${var.cluster_name}"
+
+  project    = "${var.project}"
+  region     = "${var.region}"
+  network    = "${google_compute_network.main.name}"
+  subnetwork = "${google_compute_subnetwork.main.name}"
+}
+
+# Node Pool
+
+// Node Pool Resource
+resource "google_container_node_pool" "node_pool" {
+  provider = "google-beta"
+
+  name    = "main-pool"
+  project = "${var.project}"
+  region  = "${var.region}"
+  cluster = "${module.gke_cluster.name}"
+
+  initial_node_count = "1"
+
+  autoscaling {
+    min_node_count = "1"
+    max_node_count = "5"
+  }
+
+  management {
+    auto_repair  = "true"
+    auto_upgrade = "true"
+  }
+
+  node_config {
+    image_type   = "COS"
+    machine_type = "n1-standard-1"
+
+    labels = {
+      all-pools-example = "true"
+    }
+
+    tags         = ["main-pool-example"]
+    disk_size_gb = "30"
+    disk_type    = "pd-standard"
+    preemptible  = false
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
+  lifecycle {
+    ignore_changes = ["initial_node_count"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+}
+
+# TODO(rileykarson): Add proper VPC network config once we've made a VPC module
+resource "random_string" "suffix" {
+  length  = 4
+  special = false
+  upper   = false
+}
+
+resource "google_compute_network" "main" {
+  name                    = "${var.cluster_name}-network-${random_string.suffix.result}"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "main" {
+  name          = "${var.cluster_name}-subnetwork-${random_string.suffix.result}"
+  ip_cidr_range = "10.0.0.0/17"
+  region        = "${var.region}"
+  network       = "${google_compute_network.main.self_link}"
+}
diff --git a/examples/gke-regional-public-cluster/outputs.tf b/examples/gke-regional-public-cluster/outputs.tf
new file mode 100644
index 0000000..51f473b
--- /dev/null
+++ b/examples/gke-regional-public-cluster/outputs.tf
@@ -0,0 +1,22 @@
+output "cluster_endpoint" {
+  description = "The IP address of the cluster master."
+  sensitive   = true
+  value       = "${module.gke_cluster.endpoint}"
+}
+
+output "client_certificate" {
+  description = "Public certificate used by clients to authenticate to the cluster endpoint."
+  value       = "${module.gke_cluster.client_certificate}"
+}
+
+output "client_key" {
+  description = "Private key used by clients to authenticate to the cluster endpoint."
+  sensitive   = true
+  value       = "${module.gke_cluster.client_key}"
+}
+
+output "cluster_ca_certificate" {
+  description = "The public certificate that is the root of trust for the cluster."
+  sensitive   = true
+  value       = "${module.gke_cluster.cluster_ca_certificate}"
+}
diff --git a/examples/gke-regional-public-cluster/variables.tf b/examples/gke-regional-public-cluster/variables.tf
new file mode 100644
index 0000000..d9beee1
--- /dev/null
+++ b/examples/gke-regional-public-cluster/variables.tf
@@ -0,0 +1,22 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED PARAMETERS
+# These parameters must be supplied when consuming this module.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "project" {
+  description = "The name of the GCP Project where all resources will be launched."
+}
+
+variable "region" {
+  description = "The Region in which all GCP resources will be launched."
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# OPTIONAL PARAMETERS
+# These parameters have reasonable defaults.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "cluster_name" {
+  description = "The name of the Kubernetes cluster."
+  default     = "example-cluster"
+}
diff --git a/examples/zonal-gke-cluster/README.md b/examples/gke-zonal-private-cluster/README.md
similarity index 100%
rename from examples/zonal-gke-cluster/README.md
rename to examples/gke-zonal-private-cluster/README.md
diff --git a/examples/gke-zonal-public-cluster/README.md b/examples/gke-zonal-public-cluster/README.md
new file mode 100644
index 0000000..1333ed7
--- /dev/null
+++ b/examples/gke-zonal-public-cluster/README.md
@@ -0,0 +1 @@
+TODO
diff --git a/examples/regional-gke-cluster/TODO.md b/examples/regional-gke-cluster/TODO.md
deleted file mode 100644
index e69de29..0000000
diff --git a/main.tf b/main.tf
index e69de29..8b13789 100644
--- a/main.tf
+++ b/main.tf
@@ -0,0 +1 @@
+
diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index e69de29..3584f31 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -0,0 +1,71 @@
+# GKE Cluster Module
+
+The GKE Cluster module is used to administer the [cluster master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture)
+for a [Google Kubernetes Engine (GKE) Cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-admin-overview).
+
+The cluster master is the "control plane" of the cluster; for example, it runs
+the Kubernetes API used by `kubectl`. Worker machines are configured by
+attaching [GKE node pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools)
+to the cluster module.
+
+## How do you use this module?
+
+* See the [root README](/README.md) for instructions on using Terraform modules.
+* See the [examples](/examples) folder for example usage.
+* See [variables.tf](./variables.tf) for all the variables you can set on this module.
+* See [outputs.tf](./outputs.tf) for all the variables that are outputed by this module.
+
+## What is a GKE Cluster?
+
+The GKE Cluster, or "cluster master", runs the Kubernetes control plane
+processes including the Kubernetes API server, scheduler, and core resource
+controllers.
+
+The master is the unified endpoint for your cluster; it's the "hub" through
+which all other components such as nodes interact. Users can interact with the
+cluster via Kubernetes API calls, such as by using `kubectl`. The GKE cluster
+is responsible for running workloads on nodes, as well as scaling/upgrading
+nodes.
+
+## How do I attach worker machines using a GKE node pool?
+
+A "[node](https://kubernetes.io/docs/concepts/architecture/nodes/)" is
+a worker machine in Kubernetes; in GKE, nodes are provisioned as
+[Google Compute Engine VM instances](https://cloud.google.com/compute/docs/instances/).
+
+[GKE Node Pools](https://cloud.google.com/kubernetes-engine/docs/concepts/node-pools)
+are a group of nodes who share the same configuration, defined as a [NodeConfig](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/NodeConfig).
+Node pools also control the autoscaling of their nodes, and autoscaling
+configuration is done inline, alongside the node config definition. A GKE
+Cluster can have multiple node pools defined.
+
+Node pools are configured directly with the
+[`google_container_node_pool`](https://www.terraform.io/docs/providers/google/r/container_node_pool.html)
+Terraform resource by providing a reference to the cluster you configured with
+this module as the `cluster` field.
+
+## What VPC network will this cluster use?
+
+You must explicitly specify the network and subnetwork of your GKE cluster using
+the `network` and `subnetwork` fields; this module will not implicitly use the
+`default` network with an automatically generated subnetwork.
+
+The modules in the [`terraform-google-network`](https://github.com/gruntwork-io/terraform-google-network)
+Gruntwork module are a useful tool for configuring your VPC network and 
+subnetworks in GCP.
+
+## What IAM roles does this module configure? (unimplemented)
+
+Given a service account, this module will enable the following IAM roles:
+
+* roles/compute.viewer
+* roles/container.clusterAdmin
+* roles/container.developer
+* roles/iam.serviceAccountUser
+
+## What services does this module enable on my project? (unimplemented)
+
+This module will ensure the following services are active on your project:
+
+* Compute Engine API - compute.googleapis.com
+* Kubernetes Engine API - container.googleapis.com
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
new file mode 100644
index 0000000..1366bfa
--- /dev/null
+++ b/modules/gke-cluster/main.tf
@@ -0,0 +1,97 @@
+resource "google_container_cluster" "cluster" {
+  name        = "${var.name}"
+  description = "${var.description}"
+
+  project    = "${var.project}"
+  region     = "${var.region}"
+  network    = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+
+  logging_service    = "${var.logging_service}"
+  monitoring_service = "${var.monitoring_service}"
+  min_master_version = "${local.kubernetes_version}"
+
+  # We want to make a cluster with no node pools, and manage them all with the
+  # fine-grained google_container_node_pool resource. The API requires a node
+  # pool or an initial count to be defined; that initial count creates the
+  # "default node pool" with that # of nodes.
+  #
+  # So, we need to set an initial_node_count of 1. This will make a default node
+  # pool with server-defined defaults that Terraform will immediately delete as
+  # part of Create. This leaves us in our desired state- with a cluster master
+  # with no node pools.
+  remove_default_node_pool = true
+
+  initial_node_count = 1
+
+  addons_config {
+    http_load_balancing {
+      disabled = "${var.http_load_balancing ? 0 : 1}"
+    }
+
+    horizontal_pod_autoscaling {
+      disabled = "${var.horizontal_pod_autoscaling ? 0 : 1}"
+    }
+
+    kubernetes_dashboard {
+      disabled = "${var.enable_kubernetes_dashboard ? 0 : 1}"
+    }
+
+    network_policy_config {
+      disabled = "${var.enable_network_policy ? 0 : 1}"
+    }
+  }
+
+  network_policy {
+    enabled = "${var.enable_network_policy}"
+
+    # Tigera (Calico Felix) is the only provider
+    provider = "CALICO"
+  }
+
+  master_auth {
+    username = "${var.basic_auth_username}"
+    password = "${var.basic_auth_password}"
+
+    client_certificate_config {
+      issue_client_certificate = "${var.enable_kubernetes_dashboard}"
+    }
+  }
+
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
+  maintenance_policy {
+    daily_maintenance_window {
+      start_time = "${var.maintenance_start_time}"
+    }
+  }
+
+  # Version 2.0.0 will set the default timeouts to these values.
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+}
+
+locals {
+  kubernetes_version = "${var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_node_version}"
+  network_project    = "${var.network_project != "" ? var.network_project : var.project}"
+}
+
+data "google_compute_network" "gke_network" {
+  name    = "${var.network}"
+  project = "${local.network_project}"
+}
+
+data "google_compute_subnetwork" "gke_subnetwork" {
+  name    = "${var.subnetwork}"
+  region  = "${var.region}"
+  project = "${local.network_project}"
+}
+
+// Get available master versions in our region to determine the latest version
+data "google_container_engine_versions" "region" {
+  region  = "${var.region}"
+  project = "${var.project}"
+}
diff --git a/modules/gke-cluster/outputs.tf b/modules/gke-cluster/outputs.tf
new file mode 100644
index 0000000..78e9734
--- /dev/null
+++ b/modules/gke-cluster/outputs.tf
@@ -0,0 +1,34 @@
+output "name" {
+  # This may seem redundant with the `name` input, but it serves an important
+  # purpose. Terraform won't establish a dependency graph without this to interpolate on.
+  description = "The name of the cluster master. This output is used for interpolation with node pools, other modules."
+
+  value = "${google_container_cluster.cluster.name}"
+}
+
+output "master_version" {
+  description = "The Kubernetes master version."
+  value       = "${google_container_cluster.cluster.master_version}"
+}
+
+output "endpoint" {
+  description = "The IP address of the cluster master."
+  sensitive   = true
+  value       = "${google_container_cluster.cluster.endpoint}"
+}
+
+# The following outputs allow authentication and connectivity to the GKE Cluster.
+output "client_certificate" {
+  description = "Public certificate used by clients to authenticate to the cluster endpoint."
+  value       = "${base64decode(google_container_cluster.cluster.master_auth.0.client_certificate)}"
+}
+
+output "client_key" {
+  description = "Private key used by clients to authenticate to the cluster endpoint."
+  value       = "${base64decode(google_container_cluster.cluster.master_auth.0.client_key)}"
+}
+
+output "cluster_ca_certificate" {
+  description = "The public certificate that is the root of trust for the cluster."
+  value       = "${base64decode(google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)}"
+}
diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf
new file mode 100644
index 0000000..463be08
--- /dev/null
+++ b/modules/gke-cluster/variables.tf
@@ -0,0 +1,145 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED PARAMETERS
+# These variables are expected to be passed in by the operator
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "project" {
+  description = "The project ID to host the cluster in"
+}
+
+variable "region" {
+  description = "The region to host the cluster in"
+}
+
+variable "name" {
+  description = "The name of the cluster"
+}
+
+variable "network" {
+  description = "The VPC network to host the cluster in"
+}
+
+variable "subnetwork" {
+  description = "The subnetwork to host the cluster in"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# OPTIONAL PARAMETERS
+# Generally, these values won't need to be changed.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "description" {
+  description = "The description of the cluster"
+  default     = ""
+}
+
+variable "kubernetes_version" {
+  description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region."
+  default     = "latest"
+}
+
+variable "logging_service" {
+  description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
+  default     = "logging.googleapis.com"
+}
+
+variable "monitoring_service" {
+  description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none"
+  default     = "monitoring.googleapis.com"
+}
+
+variable "horizontal_pod_autoscaling" {
+  description = "Whether to enable the horizontal pod autoscaling addon"
+  default     = true
+}
+
+variable "http_load_balancing" {
+  description = "Whether to enable the http (L7) load balancing addon"
+  default     = true
+}
+
+// TODO(robmorgan): Are we using these values below? We should understand them more fully before adding them to configs.
+
+variable "network_project" {
+  description = "The project ID of the shared VPC's host (for shared vpc support)"
+  default     = ""
+}
+
+variable "master_authorized_networks_config" {
+  type = "list"
+
+  description = <<EOF
+  The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)
+  ### example format ###
+  master_authorized_networks_config = [{
+    cidr_blocks = [{
+      cidr_block   = "10.0.0.0/8"
+      display_name = "example_network"
+    }],
+  }]
+  EOF
+
+  default = []
+}
+
+variable "maintenance_start_time" {
+  description = "Time window specified for daily maintenance operations in RFC3339 format"
+  default     = "05:00"
+}
+
+variable "stub_domains" {
+  type        = "map"
+  description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
+  default     = {}
+}
+
+variable "non_masquerade_cidrs" {
+  type        = "list"
+  description = "List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading."
+  default     = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+}
+
+variable "ip_masq_resync_interval" {
+  description = "The interval at which the agent attempts to sync its ConfigMap file from the disk."
+  default     = "60s"
+}
+
+variable "ip_masq_link_local" {
+  description = "Whether to masquerade traffic to the link-local prefix (169.254.0.0/16)."
+  default     = "false"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# OPTIONAL PARAMETERS - RECOMMENDED DEFAULTS
+# These values shouldn't be changed; they're following the best practices defined at https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "enable_kubernetes_dashboard" {
+  description = "Whether to enable the Kubernetes Web UI (Dashboard). The Web UI requires a highly privileged security account."
+  default     = false
+}
+
+variable "enable_legacy_abac" {
+  description = "Whether to enable legacy Attribute-Based Access Control (ABAC). RBAC has significant security advantages over ABAC."
+  default     = false
+}
+
+variable "enable_network_policy" {
+  description = "Whether to enable Kubernetes NetworkPolicy on the master, which is required to be enabled to be used on Nodes."
+  default     = true
+}
+
+variable "basic_auth_username" {
+  description = "The username used for basic auth; set both this and `basic_auth_password` to \"\" to disable basic auth."
+  default     = ""
+}
+
+variable "basic_auth_password" {
+  description = "The password used for basic auth; set both this and `basic_auth_username` to \"\" to disable basic auth."
+  default     = ""
+}
+
+variable "enable_client_certificate_authentication" {
+  description = "Whether to enable authentication by x509 certificates. With ABAC disabled, these certificates are effectively useless."
+  default     = false
+}
diff --git a/outputs.tf b/outputs.tf
index e69de29..8b13789 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -0,0 +1 @@
+
diff --git a/test/Gopkg.lock b/test/Gopkg.lock
new file mode 100644
index 0000000..cd04ce2
--- /dev/null
+++ b/test/Gopkg.lock
@@ -0,0 +1,718 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  digest = "1:8b95956b70e181b19025c7ba3578fdfd8efbec4ce916490700488afb9218972c"
+  name = "cloud.google.com/go"
+  packages = [
+    "compute/metadata",
+    "iam",
+    "internal",
+    "internal/optional",
+    "internal/trace",
+    "internal/version",
+    "storage",
+  ]
+  pruneopts = ""
+  revision = "64a2037ec6be8a4b0c1d1f706ed35b428b989239"
+  version = "v0.26.0"
+
+[[projects]]
+  digest = "1:4d581a0828b5c0f9e252edb5cd85f2c5c20809783dddedae5be94cc8ee26639b"
+  name = "github.com/aws/aws-sdk-go"
+  packages = [
+    "aws",
+    "aws/awserr",
+    "aws/awsutil",
+    "aws/client",
+    "aws/client/metadata",
+    "aws/corehandlers",
+    "aws/credentials",
+    "aws/credentials/ec2rolecreds",
+    "aws/credentials/endpointcreds",
+    "aws/credentials/processcreds",
+    "aws/credentials/stscreds",
+    "aws/csm",
+    "aws/defaults",
+    "aws/ec2metadata",
+    "aws/endpoints",
+    "aws/request",
+    "aws/session",
+    "aws/signer/v4",
+    "internal/ini",
+    "internal/s3err",
+    "internal/sdkio",
+    "internal/sdkrand",
+    "internal/sdkuri",
+    "internal/shareddefaults",
+    "private/protocol",
+    "private/protocol/ec2query",
+    "private/protocol/eventstream",
+    "private/protocol/eventstream/eventstreamapi",
+    "private/protocol/json/jsonutil",
+    "private/protocol/jsonrpc",
+    "private/protocol/query",
+    "private/protocol/query/queryutil",
+    "private/protocol/rest",
+    "private/protocol/restxml",
+    "private/protocol/xml/xmlutil",
+    "service/acm",
+    "service/autoscaling",
+    "service/cloudwatchlogs",
+    "service/ec2",
+    "service/iam",
+    "service/kms",
+    "service/rds",
+    "service/s3",
+    "service/s3/s3iface",
+    "service/s3/s3manager",
+    "service/sns",
+    "service/sqs",
+    "service/sts",
+  ]
+  pruneopts = ""
+  revision = "3afa899153ab972b5e6bf2552721b677e3fdaeb5"
+  version = "v1.16.20"
+
+[[projects]]
+  digest = "1:b529f4bf748979caa18b599d40d13e8b6e591a74b340f315ce4f95e119c288c2"
+  name = "github.com/boombuler/barcode"
+  packages = [
+    ".",
+    "qr",
+    "utils",
+  ]
+  pruneopts = ""
+  revision = "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:0deddd908b6b4b768cfc272c16ee61e7088a60f7fe2f06c547bd3d8e1f8b8e77"
+  name = "github.com/davecgh/go-spew"
+  packages = ["spew"]
+  pruneopts = ""
+  revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"
+  version = "v1.1.1"
+
+[[projects]]
+  digest = "1:b13707423743d41665fd23f0c36b2f37bb49c30e94adb813319c44188a51ba22"
+  name = "github.com/ghodss/yaml"
+  packages = ["."]
+  pruneopts = ""
+  revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:e692d16fdfbddb94e9e4886aaf6c08bdbae5cb4ac80651445de9181b371c6e46"
+  name = "github.com/go-sql-driver/mysql"
+  packages = ["."]
+  pruneopts = ""
+  revision = "72cd26f257d44c1114970e19afddcd812016007e"
+  version = "v1.4.1"
+
+[[projects]]
+  digest = "1:527e1e468c5586ef2645d143e9f5fbd50b4fe5abc8b1e25d9f1c416d22d24895"
+  name = "github.com/gogo/protobuf"
+  packages = [
+    "proto",
+    "sortkeys",
+  ]
+  pruneopts = ""
+  revision = "4cbf7e384e768b4e01799441fdf2a706a5635ae7"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:107b233e45174dbab5b1324201d092ea9448e58243ab9f039e4c0f332e121e3a"
+  name = "github.com/golang/glog"
+  packages = ["."]
+  pruneopts = ""
+  revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998"
+
+[[projects]]
+  digest = "1:3dd078fda7500c341bc26cfbc6c6a34614f295a2457149fc1045cab767cbcf18"
+  name = "github.com/golang/protobuf"
+  packages = [
+    "proto",
+    "protoc-gen-go/descriptor",
+    "ptypes",
+    "ptypes/any",
+    "ptypes/duration",
+    "ptypes/timestamp",
+  ]
+  pruneopts = ""
+  revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:1e5b1e14524ed08301977b7b8e10c719ed853cbf3f24ecb66fae783a46f207a6"
+  name = "github.com/google/btree"
+  packages = ["."]
+  pruneopts = ""
+  revision = "4030bb1f1f0c35b30ca7009e9ebd06849dd45306"
+
+[[projects]]
+  branch = "master"
+  digest = "1:754f77e9c839b24778a4b64422236d38515301d2baeb63113aa3edc42e6af692"
+  name = "github.com/google/gofuzz"
+  packages = ["."]
+  pruneopts = ""
+  revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1"
+
+[[projects]]
+  digest = "1:c1d7e883c50a26ea34019320d8ae40fad86c9e5d56e63a1ba2cb618cef43e986"
+  name = "github.com/google/uuid"
+  packages = ["."]
+  pruneopts = ""
+  revision = "064e2069ce9c359c118179501254f67d7d37ba24"
+  version = "0.2"
+
+[[projects]]
+  digest = "1:55c1b46a80db2baf4d762c1d0b5cb4946e46125baa02b8959310abab15b54aee"
+  name = "github.com/googleapis/gax-go"
+  packages = [
+    ".",
+    "v2",
+  ]
+  pruneopts = ""
+  revision = "c8a15bac9b9fe955bd9f900272f9a306465d28cf"
+  version = "v2.0.3"
+
+[[projects]]
+  digest = "1:16b2837c8b3cf045fa2cdc82af0cf78b19582701394484ae76b2c3bc3c99ad73"
+  name = "github.com/googleapis/gnostic"
+  packages = [
+    "OpenAPIv2",
+    "compiler",
+    "extensions",
+  ]
+  pruneopts = ""
+  revision = "7c663266750e7d82587642f65e60bc4083f1f84e"
+  version = "v0.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:5e345eb75d8bfb2b91cfbfe02a82a79c0b2ea55cf06c5a4d180a9321f36973b4"
+  name = "github.com/gregjones/httpcache"
+  packages = [
+    ".",
+    "diskcache",
+  ]
+  pruneopts = ""
+  revision = "c63ab54fda8f77302f8d414e19933f2b6026a089"
+
+[[projects]]
+  digest = "1:f095be8f8054d5dfca75318f21aabbad9b88862f6dfadad7f7cfddb1ec8be9cf"
+  name = "github.com/gruntwork-io/terratest"
+  packages = [
+    "modules/aws",
+    "modules/collections",
+    "modules/customerrors",
+    "modules/environment",
+    "modules/files",
+    "modules/gcp",
+    "modules/k8s",
+    "modules/logger",
+    "modules/packer",
+    "modules/random",
+    "modules/retry",
+    "modules/shell",
+    "modules/ssh",
+    "modules/terraform",
+    "modules/test-structure",
+  ]
+  pruneopts = ""
+  revision = "913f60214f225bac27ef03ee2b93a92931bc9786"
+  version = "v0.13.23"
+
+[[projects]]
+  digest = "1:31bfd110d31505e9ffbc9478e31773bf05bf02adcaeb9b139af42684f9294c13"
+  name = "github.com/imdario/mergo"
+  packages = ["."]
+  pruneopts = ""
+  revision = "7c29201646fa3de8506f701213473dd407f19646"
+  version = "v0.3.7"
+
+[[projects]]
+  digest = "1:13fe471d0ed891e8544eddfeeb0471fd3c9f2015609a1c000aefdedf52a19d40"
+  name = "github.com/jmespath/go-jmespath"
+  packages = ["."]
+  pruneopts = ""
+  revision = "c2b33e84"
+
+[[projects]]
+  digest = "1:b79fc583e4dc7055ed86742e22164ac41bf8c0940722dbcb600f1a3ace1a8cb5"
+  name = "github.com/json-iterator/go"
+  packages = ["."]
+  pruneopts = ""
+  revision = "1624edc4454b8682399def8740d46db5e4362ba4"
+  version = "v1.1.5"
+
+[[projects]]
+  digest = "1:096a8a9182648da3d00ff243b88407838902b6703fc12657f76890e08d1899bf"
+  name = "github.com/mitchellh/go-homedir"
+  packages = ["."]
+  pruneopts = ""
+  revision = "ae18d6b8b3205b561c79e8e5f69bff09736185f4"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:0c0ff2a89c1bb0d01887e1dac043ad7efbf3ec77482ef058ac423d13497e16fd"
+  name = "github.com/modern-go/concurrent"
+  packages = ["."]
+  pruneopts = ""
+  revision = "bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94"
+  version = "1.0.3"
+
+[[projects]]
+  digest = "1:e32bdbdb7c377a07a9a46378290059822efdce5c8d96fe71940d87cb4f918855"
+  name = "github.com/modern-go/reflect2"
+  packages = ["."]
+  pruneopts = ""
+  revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd"
+  version = "1.0.1"
+
+[[projects]]
+  branch = "master"
+  digest = "1:c24598ffeadd2762552269271b3b1510df2d83ee6696c1e543a0ff653af494bc"
+  name = "github.com/petar/GoLLRB"
+  packages = ["llrb"]
+  pruneopts = ""
+  revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4"
+
+[[projects]]
+  digest = "1:b46305723171710475f2dd37547edd57b67b9de9f2a6267cafdd98331fd6897f"
+  name = "github.com/peterbourgon/diskv"
+  packages = ["."]
+  pruneopts = ""
+  revision = "5f041e8faa004a95c88a202771f4cc3e991971e6"
+  version = "v2.0.1"
+
+[[projects]]
+  digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411"
+  name = "github.com/pmezard/go-difflib"
+  packages = ["difflib"]
+  pruneopts = ""
+  revision = "792786c7400a136282c1664665ae0a8db921c6c2"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:d8c398c75a666d415196ba289402c3f52b595d8cede451a9e57278354e327a93"
+  name = "github.com/pquerna/otp"
+  packages = [
+    ".",
+    "hotp",
+    "totp",
+  ]
+  pruneopts = ""
+  revision = "be78767b3e392ce45ea73444451022a6fc32ad0d"
+  version = "v1.1.0"
+
+[[projects]]
+  digest = "1:cbaf13cdbfef0e4734ed8a7504f57fe893d471d62a35b982bf6fb3f036449a66"
+  name = "github.com/spf13/pflag"
+  packages = ["."]
+  pruneopts = ""
+  revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
+  version = "v1.0.3"
+
+[[projects]]
+  digest = "1:381bcbeb112a51493d9d998bbba207a529c73dbb49b3fd789e48c63fac1f192c"
+  name = "github.com/stretchr/testify"
+  packages = [
+    "assert",
+    "require",
+  ]
+  pruneopts = ""
+  revision = "ffdc059bfe9ce6a4e144ba849dbedead332c6053"
+  version = "v1.3.0"
+
+[[projects]]
+  digest = "1:b1bb9332f6cb7821a730e1681819b2813340eba5e873f05381815a7c6807d172"
+  name = "go.opencensus.io"
+  packages = [
+    ".",
+    "exemplar",
+    "internal",
+    "internal/tagencoding",
+    "plugin/ochttp",
+    "plugin/ochttp/propagation/b3",
+    "stats",
+    "stats/internal",
+    "stats/view",
+    "tag",
+    "trace",
+    "trace/internal",
+    "trace/propagation",
+    "trace/tracestate",
+  ]
+  pruneopts = ""
+  revision = "2b5032d79456124f42db6b7eb19ac6c155449dc2"
+  version = "v0.19.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:59b49c47c11a48f1054529207f65907c014ecf5f9a7c0d9c0f1616dec7b062ed"
+  name = "golang.org/x/crypto"
+  packages = [
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "internal/chacha20",
+    "internal/subtle",
+    "poly1305",
+    "ssh",
+    "ssh/agent",
+    "ssh/terminal",
+  ]
+  pruneopts = ""
+  revision = "ff983b9c42bc9fbf91556e191cc8efb585c16908"
+
+[[projects]]
+  branch = "master"
+  digest = "1:7ec13687f85b25087fe05f6ea8dd116013a8263f8eb7e057da7664bc7599d2d4"
+  name = "golang.org/x/net"
+  packages = [
+    "context",
+    "context/ctxhttp",
+    "http/httpguts",
+    "http2",
+    "http2/hpack",
+    "idna",
+    "internal/timeseries",
+    "trace",
+  ]
+  pruneopts = ""
+  revision = "915654e7eabcea33ae277abbecf52f0d8b7a9fdc"
+
+[[projects]]
+  digest = "1:b697592485cb412be4188c08ca0beed9aab87f36b86418e21acc4a3998f63734"
+  name = "golang.org/x/oauth2"
+  packages = [
+    ".",
+    "google",
+    "internal",
+    "jws",
+    "jwt",
+  ]
+  pruneopts = ""
+  revision = "d2e6202438beef2727060aa7cabdd924d92ebfd9"
+
+[[projects]]
+  branch = "master"
+  digest = "1:7e3b61f51ebcb58b3894928ed7c63aae68820dec1dd57166e5d6e65ef2868f40"
+  name = "golang.org/x/sys"
+  packages = [
+    "unix",
+    "windows",
+  ]
+  pruneopts = ""
+  revision = "b90733256f2e882e81d52f9126de08df5615afd9"
+
+[[projects]]
+  digest = "1:5acd3512b047305d49e8763eef7ba423901e85d5dd2fd1e71778a0ea8de10bd4"
+  name = "golang.org/x/text"
+  packages = [
+    "collate",
+    "collate/build",
+    "internal/colltab",
+    "internal/gen",
+    "internal/tag",
+    "internal/triegen",
+    "internal/ucd",
+    "language",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable",
+  ]
+  pruneopts = ""
+  revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
+  version = "v0.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:14cb1d4240bcbbf1386ae763957e04e2765ec4e4ce7bb2769d05fa6faccd774e"
+  name = "golang.org/x/time"
+  packages = ["rate"]
+  pruneopts = ""
+  revision = "85acf8d2951cb2a3bde7632f9ff273ef0379bcbd"
+
+[[projects]]
+  branch = "master"
+  digest = "1:a0b98ef68cfcc79279eb28a8d27d0f3b03045375bdf12cca49d27a1996442b8e"
+  name = "google.golang.org/api"
+  packages = [
+    "compute/v1",
+    "gensupport",
+    "googleapi",
+    "googleapi/internal/uritemplates",
+    "googleapi/transport",
+    "internal",
+    "iterator",
+    "option",
+    "storage/v1",
+    "transport/http",
+    "transport/http/internal/propagation",
+  ]
+  pruneopts = ""
+  revision = "59f8eae6bc597bfd5d5b292134c4b19d8955ed8a"
+
+[[projects]]
+  digest = "1:bc09e719c4e2a15d17163f5272d9a3131c45d77542b7fdc53ff518815bc19ab3"
+  name = "google.golang.org/appengine"
+  packages = [
+    ".",
+    "cloudsql",
+    "internal",
+    "internal/app_identity",
+    "internal/base",
+    "internal/datastore",
+    "internal/log",
+    "internal/modules",
+    "internal/remote_api",
+    "internal/urlfetch",
+    "urlfetch",
+  ]
+  pruneopts = ""
+  revision = "e9657d882bb81064595ca3b56cbe2546bbabf7b1"
+  version = "v1.4.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:2255fee1df9431ec9c0a373a4e112a60b28ae435d7af57d69f4f2e2e86800cad"
+  name = "google.golang.org/genproto"
+  packages = [
+    "googleapis/api/annotations",
+    "googleapis/iam/v1",
+    "googleapis/rpc/code",
+    "googleapis/rpc/status",
+  ]
+  pruneopts = ""
+  revision = "8819c946db4494a2259bf100a377f51aa585d893"
+
+[[projects]]
+  digest = "1:39d4d828b87d58d114fdc211f0638f32dcae84019fe17d6b48f9b697f4b60213"
+  name = "google.golang.org/grpc"
+  packages = [
+    ".",
+    "balancer",
+    "balancer/base",
+    "balancer/roundrobin",
+    "binarylog/grpc_binarylog_v1",
+    "codes",
+    "connectivity",
+    "credentials",
+    "credentials/internal",
+    "encoding",
+    "encoding/proto",
+    "grpclog",
+    "internal",
+    "internal/backoff",
+    "internal/binarylog",
+    "internal/channelz",
+    "internal/envconfig",
+    "internal/grpcrand",
+    "internal/grpcsync",
+    "internal/syscall",
+    "internal/transport",
+    "keepalive",
+    "metadata",
+    "naming",
+    "peer",
+    "resolver",
+    "resolver/dns",
+    "resolver/passthrough",
+    "stats",
+    "status",
+    "tap",
+  ]
+  pruneopts = ""
+  revision = "a02b0774206b209466313a0b525d2c738fe407eb"
+  version = "v1.18.0"
+
+[[projects]]
+  digest = "1:75fb3fcfc73a8c723efde7777b40e8e8ff9babf30d8c56160d01beffea8a95a6"
+  name = "gopkg.in/inf.v0"
+  packages = ["."]
+  pruneopts = ""
+  revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf"
+  version = "v0.9.1"
+
+[[projects]]
+  digest = "1:cedccf16b71e86db87a24f8d4c70b0a855872eb967cb906a66b95de56aefbd0d"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  pruneopts = ""
+  revision = "51d6538a90f86fe93ac480b35f37b2be17fef232"
+  version = "v2.2.2"
+
+[[projects]]
+  branch = "master"
+  digest = "1:40754e07d7875ab0b4480e711dcd0ba1274deaf1e676096834bb757d3333a04a"
+  name = "k8s.io/api"
+  packages = [
+    "admissionregistration/v1alpha1",
+    "admissionregistration/v1beta1",
+    "apps/v1",
+    "apps/v1beta1",
+    "apps/v1beta2",
+    "authentication/v1",
+    "authentication/v1beta1",
+    "authorization/v1",
+    "authorization/v1beta1",
+    "autoscaling/v1",
+    "autoscaling/v2beta1",
+    "autoscaling/v2beta2",
+    "batch/v1",
+    "batch/v1beta1",
+    "batch/v2alpha1",
+    "certificates/v1beta1",
+    "coordination/v1beta1",
+    "core/v1",
+    "events/v1beta1",
+    "extensions/v1beta1",
+    "networking/v1",
+    "policy/v1beta1",
+    "rbac/v1",
+    "rbac/v1alpha1",
+    "rbac/v1beta1",
+    "scheduling/v1alpha1",
+    "scheduling/v1beta1",
+    "settings/v1alpha1",
+    "storage/v1",
+    "storage/v1alpha1",
+    "storage/v1beta1",
+  ]
+  pruneopts = ""
+  revision = "173ce66c1e39d1d0f56e0b3347ff2988068aecd0"
+
+[[projects]]
+  branch = "release-1.12"
+  digest = "1:8cac653dd97e89700e00ce6ea7134cf28b3e1b59615ab99464760e230fab9860"
+  name = "k8s.io/apimachinery"
+  packages = [
+    "pkg/api/errors",
+    "pkg/api/meta",
+    "pkg/api/resource",
+    "pkg/apis/meta/v1",
+    "pkg/apis/meta/v1/unstructured",
+    "pkg/apis/meta/v1beta1",
+    "pkg/conversion",
+    "pkg/conversion/queryparams",
+    "pkg/fields",
+    "pkg/labels",
+    "pkg/runtime",
+    "pkg/runtime/schema",
+    "pkg/runtime/serializer",
+    "pkg/runtime/serializer/json",
+    "pkg/runtime/serializer/protobuf",
+    "pkg/runtime/serializer/recognizer",
+    "pkg/runtime/serializer/streaming",
+    "pkg/runtime/serializer/versioning",
+    "pkg/selection",
+    "pkg/types",
+    "pkg/util/clock",
+    "pkg/util/errors",
+    "pkg/util/framer",
+    "pkg/util/intstr",
+    "pkg/util/json",
+    "pkg/util/naming",
+    "pkg/util/net",
+    "pkg/util/runtime",
+    "pkg/util/sets",
+    "pkg/util/validation",
+    "pkg/util/validation/field",
+    "pkg/util/yaml",
+    "pkg/version",
+    "pkg/watch",
+    "third_party/forked/golang/reflect",
+  ]
+  pruneopts = ""
+  revision = "49ce2735e5074ffc3f8190c8406cf51a96302dad"
+
+[[projects]]
+  branch = "release-9.0"
+  digest = "1:203ee3d901467a9bfa00c1859438f168288431405b7a30c7c6f14f8391cafa6f"
+  name = "k8s.io/client-go"
+  packages = [
+    "discovery",
+    "kubernetes",
+    "kubernetes/scheme",
+    "kubernetes/typed/admissionregistration/v1alpha1",
+    "kubernetes/typed/admissionregistration/v1beta1",
+    "kubernetes/typed/apps/v1",
+    "kubernetes/typed/apps/v1beta1",
+    "kubernetes/typed/apps/v1beta2",
+    "kubernetes/typed/authentication/v1",
+    "kubernetes/typed/authentication/v1beta1",
+    "kubernetes/typed/authorization/v1",
+    "kubernetes/typed/authorization/v1beta1",
+    "kubernetes/typed/autoscaling/v1",
+    "kubernetes/typed/autoscaling/v2beta1",
+    "kubernetes/typed/autoscaling/v2beta2",
+    "kubernetes/typed/batch/v1",
+    "kubernetes/typed/batch/v1beta1",
+    "kubernetes/typed/batch/v2alpha1",
+    "kubernetes/typed/certificates/v1beta1",
+    "kubernetes/typed/coordination/v1beta1",
+    "kubernetes/typed/core/v1",
+    "kubernetes/typed/events/v1beta1",
+    "kubernetes/typed/extensions/v1beta1",
+    "kubernetes/typed/networking/v1",
+    "kubernetes/typed/policy/v1beta1",
+    "kubernetes/typed/rbac/v1",
+    "kubernetes/typed/rbac/v1alpha1",
+    "kubernetes/typed/rbac/v1beta1",
+    "kubernetes/typed/scheduling/v1alpha1",
+    "kubernetes/typed/scheduling/v1beta1",
+    "kubernetes/typed/settings/v1alpha1",
+    "kubernetes/typed/storage/v1",
+    "kubernetes/typed/storage/v1alpha1",
+    "kubernetes/typed/storage/v1beta1",
+    "pkg/apis/clientauthentication",
+    "pkg/apis/clientauthentication/v1alpha1",
+    "pkg/apis/clientauthentication/v1beta1",
+    "pkg/version",
+    "plugin/pkg/client/auth/exec",
+    "plugin/pkg/client/auth/gcp",
+    "rest",
+    "rest/watch",
+    "third_party/forked/golang/template",
+    "tools/auth",
+    "tools/clientcmd",
+    "tools/clientcmd/api",
+    "tools/clientcmd/api/latest",
+    "tools/clientcmd/api/v1",
+    "tools/metrics",
+    "tools/reference",
+    "transport",
+    "util/cert",
+    "util/connrotation",
+    "util/flowcontrol",
+    "util/homedir",
+    "util/integer",
+    "util/jsonpath",
+  ]
+  pruneopts = ""
+  revision = "701b913670036511e3d752318272c97f1a2a2edd"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  input-imports = [
+    "github.com/gruntwork-io/terratest/modules/gcp",
+    "github.com/gruntwork-io/terratest/modules/k8s",
+    "github.com/gruntwork-io/terratest/modules/logger",
+    "github.com/gruntwork-io/terratest/modules/random",
+    "github.com/gruntwork-io/terratest/modules/retry",
+    "github.com/gruntwork-io/terratest/modules/shell",
+    "github.com/gruntwork-io/terratest/modules/terraform",
+    "github.com/gruntwork-io/terratest/modules/test-structure",
+    "github.com/stretchr/testify/assert",
+  ]
+  solver-name = "gps-cdcl"
+  solver-version = 1
diff --git a/test/Gopkg.toml b/test/Gopkg.toml
index 8cefd9d..1a2445c 100644
--- a/test/Gopkg.toml
+++ b/test/Gopkg.toml
@@ -23,4 +23,8 @@
 
 [[constraint]]
   name = "github.com/gruntwork-io/terratest"
-  version = "0.13.20"
+  version = "0.13.23"
+
+[prune]
+  go-tests = true
+  unused-packages = true
diff --git a/test/README.md b/test/README.md
new file mode 100644
index 0000000..3d2c7e9
--- /dev/null
+++ b/test/README.md
@@ -0,0 +1,60 @@
+# Tests
+
+This folder contains automated tests for this Module. All of the tests are written in [Go](https://golang.org/). 
+Most of these are "integration tests" that deploy real infrastructure using Terraform and verify that infrastructure 
+works as expected using a helper library called [Terratest](https://github.com/gruntwork-io/terratest).  
+
+
+
+## WARNING: These Tests May Cost You Money!
+
+**Note #1**: Many of these tests create real resources in a GCP account and then try to clean those resources up at
+the end of a test run. That means these tests may cost you money to run! When adding tests, please be considerate of 
+the resources you create and take extra care to clean everything up when you're done!
+
+**Note #2**: Never forcefully shut the tests down (e.g. by hitting `CTRL + C`) or the cleanup tasks won't run!
+
+**Note #3**: We set `-timeout 60m` on all tests not because they necessarily take that long, but because Go has a
+default test timeout of 10 minutes, after which it forcefully kills the tests with a `SIGQUIT`, preventing the cleanup
+tasks from running. Therefore, we set an overlying long timeout to make sure all tests have enough time to finish and 
+clean up.
+
+
+
+## Running the tests
+
+### Prerequisites
+
+- Install the latest version of [Go](https://golang.org/).
+- Install [dep](https://github.com/golang/dep) for Go dependency management.
+- Install [Terraform](https://www.terraform.io/downloads.html).
+- Configure your GCP credentials using one of the [options supported by the Google Cloud
+  SDK](https://cloud.google.com/sdk/docs/authorizing).
+
+
+### One-time setup
+
+Download Go dependencies using dep:
+
+```
+cd test
+dep ensure
+```
+
+
+### Run all the tests
+
+```bash
+cd test
+go test -v -timeout 60m
+```
+
+
+### Run a specific test
+
+To run a specific test called `TestFoo`:
+
+```bash
+cd test
+go test -v -timeout 60m -run TestFoo
+```
diff --git a/test/gke_cluster_test.go b/test/gke_cluster_test.go
new file mode 100644
index 0000000..5184083
--- /dev/null
+++ b/test/gke_cluster_test.go
@@ -0,0 +1,87 @@
+package test
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/gruntwork-io/terratest/modules/gcp"
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/gruntwork-io/terratest/modules/shell"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/gruntwork-io/terratest/modules/test-structure"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGKECluster(t *testing.T) {
+	t.Parallel()
+
+	// Uncomment any of the following to skip that section during the test
+	// os.Setenv("SKIP_create_test_copy_of_examples", "true")
+	// os.Setenv("SKIP_create_terratest_options", "true")
+	// os.Setenv("SKIP_terraform_apply", "true")
+	// os.Setenv("SKIP_configure_kubectl", "true")
+	// os.Setenv("SKIP_wait_for_workers", "true")
+	// os.Setenv("SKIP_cleanup", "true")
+
+	// Create a directory path that won't conflict
+	workingDir := filepath.Join(".", "stages", t.Name())
+
+	test_structure.RunTestStage(t, "create_test_copy_of_examples", func() {
+		testFolder := test_structure.CopyTerraformFolderToTemp(t, "..", "examples")
+		logger.Logf(t, "path to test folder %s\n", testFolder)
+		terraformModulePath := filepath.Join(testFolder, "gke-regional-public-cluster")
+		test_structure.SaveString(t, workingDir, "gkeClusterTerraformModulePath", terraformModulePath)
+	})
+
+	test_structure.RunTestStage(t, "create_terratest_options", func() {
+		gkeClusterTerraformModulePath := test_structure.LoadString(t, workingDir, "gkeClusterTerraformModulePath")
+		uniqueID := random.UniqueId()
+		project := gcp.GetGoogleProjectIDFromEnvVar(t)
+		region := gcp.GetRandomRegion(t, project, nil, nil)
+		gkeClusterTerratestOptions := createGKEClusterTerraformOptions(t, uniqueID, project, region, gkeClusterTerraformModulePath)
+		test_structure.SaveString(t, workingDir, "uniqueID", uniqueID)
+		test_structure.SaveString(t, workingDir, "project", project)
+		test_structure.SaveString(t, workingDir, "region", region)
+		test_structure.SaveTerraformOptions(t, workingDir, gkeClusterTerratestOptions)
+	})
+
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		gkeClusterTerratestOptions := test_structure.LoadTerraformOptions(t, workingDir)
+		terraform.Destroy(t, gkeClusterTerratestOptions)
+	})
+
+	test_structure.RunTestStage(t, "terraform_apply", func() {
+		gkeClusterTerratestOptions := test_structure.LoadTerraformOptions(t, workingDir)
+		terraform.InitAndApply(t, gkeClusterTerratestOptions)
+	})
+
+	test_structure.RunTestStage(t, "configure_kubectl", func() {
+		gkeClusterTerratestOptions := test_structure.LoadTerraformOptions(t, workingDir)
+		project := test_structure.LoadString(t, workingDir, "project")
+		region := test_structure.LoadString(t, workingDir, "region")
+		clusterName := gkeClusterTerratestOptions.Vars["cluster_name"].(string)
+
+		// gcloud beta container clusters get-credentials example-cluster --region australia-southeast1 --project dev-sandbox-123456
+		cmd := shell.Command{
+			Command: "gcloud",
+			Args:    []string{"beta", "container", "clusters", "get-credentials", clusterName, "--region", region, "--project", project},
+		}
+
+		shell.RunCommand(t, cmd)
+	})
+
+	test_structure.RunTestStage(t, "wait_for_workers", func() {
+		verifyGkeNodesAreReady(t)
+	})
+}
+
+// Verify that all the nodes in the cluster reach the Ready state.
+func verifyGkeNodesAreReady(t *testing.T) {
+	kubeWaitUntilNumNodes(t, 3, 30, 10*time.Second)
+	k8s.WaitUntilAllNodesReady(t, 30, 10*time.Second)
+	readyNodes := k8s.GetReadyNodes(t)
+	assert.Equal(t, len(readyNodes), 3)
+}
diff --git a/test/terratest_options.go b/test/terratest_options.go
new file mode 100644
index 0000000..4db8a23
--- /dev/null
+++ b/test/terratest_options.go
@@ -0,0 +1,32 @@
+package test
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+func createGKEClusterTerraformOptions(
+	t *testing.T,
+	uniqueID,
+	project string,
+	region string,
+	templatePath string,
+) *terraform.Options {
+	gkeClusterName := strings.ToLower(fmt.Sprintf("gke-cluster-%s", uniqueID))
+
+	terraformVars := map[string]interface{}{
+		"region":       region,
+		"project":      project,
+		"cluster_name": gkeClusterName,
+	}
+
+	terratestOptions := terraform.Options{
+		TerraformDir: templatePath,
+		Vars:         terraformVars,
+	}
+
+	return &terratestOptions
+}
diff --git a/test/test_helpers.go b/test/test_helpers.go
new file mode 100644
index 0000000..127eeb9
--- /dev/null
+++ b/test/test_helpers.go
@@ -0,0 +1,39 @@
+package test
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/gruntwork-io/terratest/modules/logger"
+	"github.com/gruntwork-io/terratest/modules/retry"
+)
+
+// kubeWaitUntilNumNodes continuously polls the Kubernetes cluster until there are the expected number of nodes
+// registered (regardless of readiness).
+func kubeWaitUntilNumNodes(t *testing.T, numNodes int, retries int, sleepBetweenRetries time.Duration) {
+	statusMsg := fmt.Sprintf("Wait for %d Kube Nodes to be registered.", numNodes)
+	message, err := retry.DoWithRetryE(
+		t,
+		statusMsg,
+		retries,
+		sleepBetweenRetries,
+		func() (string, error) {
+			nodes, err := k8s.GetNodesE(t)
+			if err != nil {
+				return "", err
+			}
+			if len(nodes) != numNodes {
+				return "", errors.New("Not enough nodes")
+			}
+			return "All nodes registered", nil
+		},
+	)
+	if err != nil {
+		logger.Logf(t, "Error waiting for expected number of nodes: %s", err)
+		t.Fatal(err)
+	}
+	logger.Logf(t, message)
+}
diff --git a/variables.tf b/variables.tf
index e69de29..8b13789 100644
--- a/variables.tf
+++ b/variables.tf
@@ -0,0 +1 @@
+