From 67dd29317db438c46893ac548d1dbbbf6751e909 Mon Sep 17 00:00:00 2001
From: Jordan Stout <j@jrdn.org>
Date: Wed, 11 Dec 2024 14:59:55 -0800
Subject: [PATCH] feat: add cgroup & sysctls

---
 modules/safer-cluster-update-variant/main.tf  |  4 +++-
 .../safer-cluster-update-variant/variables.tf | 21 +++++++++++++++++++
 modules/safer-cluster/main.tf                 |  4 +++-
 modules/safer-cluster/variables.tf            | 21 +++++++++++++++++++
 4 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
index a13fafe5fe..7af46dc1d1 100644
--- a/modules/safer-cluster-update-variant/main.tf
+++ b/modules/safer-cluster-update-variant/main.tf
@@ -93,7 +93,9 @@ module "gke" {
   node_pools_taints          = var.node_pools_taints
   node_pools_tags            = var.node_pools_tags
 
-  node_pools_oauth_scopes = var.node_pools_oauth_scopes
+  node_pools_oauth_scopes               = var.node_pools_oauth_scopes
+  node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls
+  node_pools_cgroup_mode                = var.node_pools_cgroup_mode
 
   cluster_autoscaling = var.cluster_autoscaling
 
diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
index 02d6f8e526..fe070fd34b 100644
--- a/modules/safer-cluster-update-variant/variables.tf
+++ b/modules/safer-cluster-update-variant/variables.tf
@@ -224,6 +224,27 @@ variable "node_pools_oauth_scopes" {
   }
 }
 
+variable "node_pools_linux_node_configs_sysctls" {
+  type        = map(map(string))
+  description = "Map of maps containing linux node config sysctls by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+variable "node_pools_cgroup_mode" {
+  type        = map(string)
+  description = "Map of strings containing cgroup node config by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
 variable "cluster_autoscaling" {
   type = object({
     enabled             = bool
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
index e113c09a6a..ea8042fe28 100644
--- a/modules/safer-cluster/main.tf
+++ b/modules/safer-cluster/main.tf
@@ -93,7 +93,9 @@ module "gke" {
   node_pools_taints          = var.node_pools_taints
   node_pools_tags            = var.node_pools_tags
 
-  node_pools_oauth_scopes = var.node_pools_oauth_scopes
+  node_pools_oauth_scopes               = var.node_pools_oauth_scopes
+  node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls
+  node_pools_cgroup_mode                = var.node_pools_cgroup_mode
 
   cluster_autoscaling = var.cluster_autoscaling
 
diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
index 02d6f8e526..fe070fd34b 100644
--- a/modules/safer-cluster/variables.tf
+++ b/modules/safer-cluster/variables.tf
@@ -224,6 +224,27 @@ variable "node_pools_oauth_scopes" {
   }
 }
 
+variable "node_pools_linux_node_configs_sysctls" {
+  type        = map(map(string))
+  description = "Map of maps containing linux node config sysctls by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+variable "node_pools_cgroup_mode" {
+  type        = map(string)
+  description = "Map of strings containing cgroup node config by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
 variable "cluster_autoscaling" {
   type = object({
     enabled             = bool