diff --git a/CHANGELOG.md b/CHANGELOG.md
index e955c8fc..a2d135c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@ All notable changes to this project will be documented in this file.
 - fix Cloud NAT module internal router name lookup
 - re-enable and update outputs for the foundations environments example
 - add peering route configuration for private clusters to GKE cluster module
+- **incompatible changes** in the GKE nodepool module
+  - rename `node_config_workload_metadata_config` variable to `workload_metadata_config`
+  - new default for `workload_metadata_config` is `GKE_METADATA_SERVER`
 
 ## [1.3.0] - 2020-04-08
 
diff --git a/modules/gke-nodepool/main.tf b/modules/gke-nodepool/main.tf
index 40019e09..3fe022a7 100644
--- a/modules/gke-nodepool/main.tf
+++ b/modules/gke-nodepool/main.tf
@@ -77,7 +77,7 @@ resource "google_container_node_pool" "nodepool" {
     }
 
     workload_metadata_config {
-      node_metadata = var.node_config_workload_metadata_config
+      node_metadata = var.workload_metadata_config
     }
 
   }
diff --git a/modules/gke-nodepool/variables.tf b/modules/gke-nodepool/variables.tf
index 049cfb3e..96f05d07 100644
--- a/modules/gke-nodepool/variables.tf
+++ b/modules/gke-nodepool/variables.tf
@@ -165,12 +165,6 @@ variable "node_config_tags" {
 #   default     = null
 # }
 
-variable "node_config_workload_metadata_config" {
-  description = "Metadata configuration to expose to workloads on the node pool."
-  type        = string
-  default     = "SECURE"
-}
-
 variable "node_count" {
   description = "Number of nodes per instance group, can be updated after creation. Ignored when autoscaling is set."
   type        = number
@@ -196,3 +190,9 @@ variable "upgrade_config" {
   })
   default = null
 }
+
+variable "workload_metadata_config" {
+  description = "Metadata configuration to expose to workloads on the node pool."
+  type        = string
+  default     = "GKE_METADATA_SERVER"
+}