Node metadata is not concealed for Google Container Node Pool. This could lead to sensitive data exposure.
Configuring a secure metadata environment will require some prerequisites to be setup. For steps on how to do that, then utilize the metadata environment for a GKE cluster, follow the steps in the GKE documentation below. Once the prerequisites are met, Terraform can also be used.
In Terraform -
References:
https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool#node_config
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#nested_node_config