From 7828a0ff35136a9e5fa91a7d26ba07bda734c31b Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Mon, 21 Oct 2024 14:29:28 -0700 Subject: [PATCH] fix: add kubelet_config to default-pool (#2147) --- autogen/main/cluster.tf.tmpl | 15 +++++++++++++++ cluster.tf | 15 +++++++++++++++ .../cluster.tf | 15 +++++++++++++++ modules/beta-private-cluster/cluster.tf | 15 +++++++++++++++ .../beta-public-cluster-update-variant/cluster.tf | 15 +++++++++++++++ modules/beta-public-cluster/cluster.tf | 15 +++++++++++++++ modules/private-cluster-update-variant/cluster.tf | 15 +++++++++++++++ modules/private-cluster/cluster.tf | 15 +++++++++++++++ 8 files changed, 120 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 2827aebf12..e76a211d89 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -530,6 +530,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/cluster.tf b/cluster.tf index 70bdfb412e..8afd7c254b 100644 --- a/cluster.tf +++ b/cluster.tf @@ -407,6 +407,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 38f75b84b6..b000eec61f 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 6600ac2675..909d1a499b 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index e43fa5a5a1..71c7b052a5 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0c1c6f518a..9b823376d1 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index ae4b58deb2..7c7a001cf9 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -407,6 +407,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat( diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 5037e10bd8..8dd811a192 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -407,6 +407,21 @@ resource "google_container_cluster" "primary" { } } + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + } + } + service_account = lookup(var.node_pools[0], "service_account", local.service_account) tags = concat(