diff --git a/CHANGELOG.md b/CHANGELOG.md
index a2d135c47..831209a26 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
 - fix Cloud NAT module internal router name lookup
 - re-enable and update outputs for the foundations environments example
 - add peering route configuration for private clusters to GKE cluster module
+- add `workload_metadata_config` variable to GKE cluster module
 - **incompatible changes** in the GKE nodepool module
   - rename `node_config_workload_metadata_config` variable to `workload_metadata_config`
   - new default for `workload_metadata_config` is `GKE_METADATA_SERVER`
diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index fcbae58fa..fcf9d3458 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -65,6 +65,7 @@ module "cluster-1" {
 | *resource_usage_export_config* | Configure the ResourceUsageExportConfig feature. | <code title="object&#40;&#123;&#10;enabled &#61; bool&#10;dataset &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;enabled &#61; null&#10;dataset &#61; null&#10;&#125;">...</code> |
 | *vertical_pod_autoscaling* | Enable the Vertical Pod Autoscaling feature. | <code title="">bool</code> |  | <code title="">null</code> |
 | *workload_identity* | Enable the Workload Identity feature. | <code title="">bool</code> |  | <code title="">true</code> |
+| *workload_metadata_config* | Define how to expose node metadata to workloads. | <code title="">string</code> |  | <code title="">GKE_METADATA_SERVER</code> |
 
 ## Outputs
 
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index 4b98acd54..85df98f26 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -208,6 +208,10 @@ resource "google_container_cluster" "cluster" {
     }
   }
 
+  workload_metadata_config {
+    node_metadata = var.workload_metadata_config
+  }
+
 }
 
 resource "google_compute_network_peering_routes_config" "gke_master" {
diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf
index 270a20f2a..7d008dc93 100644
--- a/modules/gke-cluster/variables.tf
+++ b/modules/gke-cluster/variables.tf
@@ -245,3 +245,9 @@ variable "workload_identity" {
   type        = bool
   default     = true
 }
+
+variable "workload_metadata_config" {
+  description = "Define how to expose node metadata to workloads."
+  type        = string
+  default     = "GKE_METADATA_SERVER"
+}