From 4d1f5ba3018ae2f541c81b0bed447ef439544c31 Mon Sep 17 00:00:00 2001 From: Lukasz Czarnota Date: Thu, 16 Sep 2021 15:31:00 +0200 Subject: [PATCH] feat: Add support for gVisor per node pool --- autogen/main/cluster.tf.tmpl | 4 ++-- autogen/main/main.tf.tmpl | 2 -- modules/beta-private-cluster-update-variant/cluster.tf | 4 ++-- modules/beta-private-cluster-update-variant/main.tf | 2 -- modules/beta-private-cluster/cluster.tf | 4 ++-- modules/beta-private-cluster/main.tf | 2 -- modules/beta-public-cluster-update-variant/cluster.tf | 4 ++-- modules/beta-public-cluster-update-variant/main.tf | 2 -- modules/beta-public-cluster/cluster.tf | 4 ++-- modules/beta-public-cluster/main.tf | 2 -- 10 files changed, 10 insertions(+), 20 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 9f13114ce3..c140217c67 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -577,9 +577,9 @@ resource "google_container_node_pool" "pools" { } {% if beta_cluster %} dynamic "sandbox_config" { - for_each = local.cluster_sandbox_enabled - + for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] content { + sandbox_type = sandbox_config.value } } diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index b4a65db067..b50fcb0796 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -105,8 +105,6 @@ locals { cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] - {% endif %} cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index c501378437..1451b1b9a5 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -523,9 +523,9 @@ resource "google_container_node_pool" "pools" { } } dynamic "sandbox_config" { - for_each = local.cluster_sandbox_enabled - + for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] content { + sandbox_type = sandbox_config.value } } diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index b1936826d4..9427c9f5be 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -96,8 +96,6 @@ locals { cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] - cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index dc30efc0ee..d9e1ae1440 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -439,9 +439,9 @@ resource "google_container_node_pool" "pools" { } } dynamic "sandbox_config" { - for_each = local.cluster_sandbox_enabled - + for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] content { + sandbox_type = sandbox_config.value } } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index b1936826d4..9427c9f5be 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -96,8 +96,6 @@ locals { cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] - cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 3c6e8501c6..8bcf6b7d81 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -504,9 +504,9 @@ resource "google_container_node_pool" "pools" { } } dynamic "sandbox_config" { - for_each = local.cluster_sandbox_enabled - + for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] content { + sandbox_type = sandbox_config.value } } diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 27a9762ca7..9a04729f83 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -96,8 +96,6 @@ locals { cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] - cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 7f3770f3fa..2e6171e842 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -420,9 +420,9 @@ resource "google_container_node_pool" "pools" { } } dynamic "sandbox_config" { - for_each = local.cluster_sandbox_enabled - + for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] content { + sandbox_type = sandbox_config.value } } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 27a9762ca7..9a04729f83 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -96,8 +96,6 @@ locals { cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] - cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group