diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 4c6ab3db8..09868231f 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -98,7 +98,7 @@ resource "google_container_cluster" "primary" {
}
}
}
-
+
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
@@ -565,6 +565,20 @@ resource "google_container_node_pool" "pools" {
cpu_manager_policy = lookup(each.value, "cpu_manager_policy")
}
}
+
+ dynamic "linux_node_config" {
+ for_each = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ ) != {} ? [1] : []
+
+ content {
+ sysctls = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ )
+ }
+ }
{% endif %}
shielded_instance_config {
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index 034992434..de571cf0b 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -194,6 +194,19 @@ variable "node_pools_metadata" {
default-node-pool = {}
}
}
+{% if beta_cluster %}
+
+variable "node_pools_linux_node_configs_sysctls" {
+ type = map(map(string))
+ description = "Map of maps containing linux node config sysctls by node-pool name"
+
+ # Default is being set in variables_defaults.tf
+ default = {
+ all = {}
+ default-node-pool = {}
+ }
+}
+{% endif %}
variable "resource_usage_export_dataset_id" {
type = string
diff --git a/autogen/main/variables_defaults.tf b/autogen/main/variables_defaults.tf
index 5ba467eb8..977ebf6a1 100644
--- a/autogen/main/variables_defaults.tf
+++ b/autogen/main/variables_defaults.tf
@@ -69,4 +69,16 @@ locals {
),
var.node_pools_oauth_scopes
)
+ {% if beta_cluster %}
+
+ node_pools_linux_node_configs_sysctls = merge(
+ { all = {} },
+ { default-node-pool = {} },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : {}]
+ ),
+ var.node_pools_linux_node_configs_sysctls
+ )
+ {% endif %}
}
diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf
index 1f978ee6b..a0153ebfb 100644
--- a/examples/node_pool/main.tf
+++ b/examples/node_pool/main.tf
@@ -121,4 +121,16 @@ module "gke" {
"pool-01-example",
]
}
+
+ node_pools_linux_node_configs_sysctls = {
+ all = {
+ "net.core.netdev_max_backlog" = "10000"
+ }
+ pool-01 = {
+ "net.core.rmem_max" = "10000"
+ }
+ pool-03 = {
+ "net.core.netdev_max_backlog" = "20000"
+ }
+ }
}
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 7620338e6..c603620d8 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -220,6 +220,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
+| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | {
"all": [
"https://www.googleapis.com/auth/cloud-platform"
],
"default-node-pool": []
} | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index fcd586eca..3b5a46636 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -522,6 +522,20 @@ resource "google_container_node_pool" "pools" {
}
}
+ dynamic "linux_node_config" {
+ for_each = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ ) != {} ? [1] : []
+
+ content {
+ sysctls = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ )
+ }
+ }
+
shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 4acebb28d..6d8d5c3eb 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -193,6 +193,17 @@ variable "node_pools_metadata" {
}
}
+variable "node_pools_linux_node_configs_sysctls" {
+ type = map(map(string))
+ description = "Map of maps containing linux node config sysctls by node-pool name"
+
+ # Default is being set in variables_defaults.tf
+ default = {
+ all = {}
+ default-node-pool = {}
+ }
+}
+
variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
diff --git a/modules/beta-private-cluster-update-variant/variables_defaults.tf b/modules/beta-private-cluster-update-variant/variables_defaults.tf
index 70ac8ba1c..3cda3a15d 100644
--- a/modules/beta-private-cluster-update-variant/variables_defaults.tf
+++ b/modules/beta-private-cluster-update-variant/variables_defaults.tf
@@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)
+
+ node_pools_linux_node_configs_sysctls = merge(
+ { all = {} },
+ { default-node-pool = {} },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : {}]
+ ),
+ var.node_pools_linux_node_configs_sysctls
+ )
}
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 9e9e08e40..2e28e9d6c 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -198,6 +198,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
+| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | {
"all": [
"https://www.googleapis.com/auth/cloud-platform"
],
"default-node-pool": []
} | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 5940b7154..15991746a 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -438,6 +438,20 @@ resource "google_container_node_pool" "pools" {
}
}
+ dynamic "linux_node_config" {
+ for_each = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ ) != {} ? [1] : []
+
+ content {
+ sysctls = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ )
+ }
+ }
+
shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 4acebb28d..6d8d5c3eb 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -193,6 +193,17 @@ variable "node_pools_metadata" {
}
}
+variable "node_pools_linux_node_configs_sysctls" {
+ type = map(map(string))
+ description = "Map of maps containing linux node config sysctls by node-pool name"
+
+ # Default is being set in variables_defaults.tf
+ default = {
+ all = {}
+ default-node-pool = {}
+ }
+}
+
variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
diff --git a/modules/beta-private-cluster/variables_defaults.tf b/modules/beta-private-cluster/variables_defaults.tf
index 70ac8ba1c..3cda3a15d 100644
--- a/modules/beta-private-cluster/variables_defaults.tf
+++ b/modules/beta-private-cluster/variables_defaults.tf
@@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)
+
+ node_pools_linux_node_configs_sysctls = merge(
+ { all = {} },
+ { default-node-pool = {} },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : {}]
+ ),
+ var.node_pools_linux_node_configs_sysctls
+ )
}
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index cc2ae62f7..5153a5c06 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -209,6 +209,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
+| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | {
"all": [
"https://www.googleapis.com/auth/cloud-platform"
],
"default-node-pool": []
} | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 00bc55fb8..87a12e6c4 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -503,6 +503,20 @@ resource "google_container_node_pool" "pools" {
}
}
+ dynamic "linux_node_config" {
+ for_each = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ ) != {} ? [1] : []
+
+ content {
+ sysctls = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ )
+ }
+ }
+
shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 7e4e34534..9552c2333 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -193,6 +193,17 @@ variable "node_pools_metadata" {
}
}
+variable "node_pools_linux_node_configs_sysctls" {
+ type = map(map(string))
+ description = "Map of maps containing linux node config sysctls by node-pool name"
+
+ # Default is being set in variables_defaults.tf
+ default = {
+ all = {}
+ default-node-pool = {}
+ }
+}
+
variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
diff --git a/modules/beta-public-cluster-update-variant/variables_defaults.tf b/modules/beta-public-cluster-update-variant/variables_defaults.tf
index 70ac8ba1c..3cda3a15d 100644
--- a/modules/beta-public-cluster-update-variant/variables_defaults.tf
+++ b/modules/beta-public-cluster-update-variant/variables_defaults.tf
@@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)
+
+ node_pools_linux_node_configs_sysctls = merge(
+ { all = {} },
+ { default-node-pool = {} },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : {}]
+ ),
+ var.node_pools_linux_node_configs_sysctls
+ )
}
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 028c2d271..58b3dd1fd 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -187,6 +187,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
+| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | {
"all": [
"https://www.googleapis.com/auth/cloud-platform"
],
"default-node-pool": []
} | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 8947b990e..1c9df5d0d 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -419,6 +419,20 @@ resource "google_container_node_pool" "pools" {
}
}
+ dynamic "linux_node_config" {
+ for_each = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ ) != {} ? [1] : []
+
+ content {
+ sysctls = merge(
+ local.node_pools_linux_node_configs_sysctls["all"],
+ local.node_pools_linux_node_configs_sysctls[each.value["name"]]
+ )
+ }
+ }
+
shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 7e4e34534..9552c2333 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -193,6 +193,17 @@ variable "node_pools_metadata" {
}
}
+variable "node_pools_linux_node_configs_sysctls" {
+ type = map(map(string))
+ description = "Map of maps containing linux node config sysctls by node-pool name"
+
+ # Default is being set in variables_defaults.tf
+ default = {
+ all = {}
+ default-node-pool = {}
+ }
+}
+
variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
diff --git a/modules/beta-public-cluster/variables_defaults.tf b/modules/beta-public-cluster/variables_defaults.tf
index 70ac8ba1c..3cda3a15d 100644
--- a/modules/beta-public-cluster/variables_defaults.tf
+++ b/modules/beta-public-cluster/variables_defaults.tf
@@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)
+
+ node_pools_linux_node_configs_sysctls = merge(
+ { all = {} },
+ { default-node-pool = {} },
+ zipmap(
+ [for node_pool in var.node_pools : node_pool["name"]],
+ [for node_pool in var.node_pools : {}]
+ ),
+ var.node_pools_linux_node_configs_sysctls
+ )
}
diff --git a/test/integration/node_pool/controls/gcloud.rb b/test/integration/node_pool/controls/gcloud.rb
index 281455794..060077078 100644
--- a/test/integration/node_pool/controls/gcloud.rb
+++ b/test/integration/node_pool/controls/gcloud.rb
@@ -174,6 +174,22 @@
)
)
end
+
+ it "has the expected linux node config sysctls" do
+ expect(data['nodePools']).to include(
+ including(
+ "name" => "pool-01",
+ "config" => including(
+ "linuxNodeConfig" => including(
+ "sysctls" => including(
+ "net.core.netdev_max_backlog" => "10000",
+ "net.core.rmem_max" => "10000"
+ )
+ )
+ )
+ )
+ )
+ end
end
describe "pool-02" do
@@ -303,6 +319,21 @@
)
)
end
+
+ it "has the expected linux node config sysctls" do
+ expect(data['nodePools']).to include(
+ including(
+ "name" => "pool-02",
+ "config" => including(
+ "linuxNodeConfig" => including(
+ "sysctls" => including(
+ "net.core.netdev_max_backlog" => "10000"
+ )
+ )
+ )
+ )
+ )
+ end
end
describe "pool-03" do
@@ -396,6 +427,21 @@
)
)
end
+
+ it "has the expected linux node config sysctls" do
+ expect(data['nodePools']).to include(
+ including(
+ "name" => "pool-03",
+ "config" => including(
+ "linuxNodeConfig" => including(
+ "sysctls" => including(
+ "net.core.netdev_max_backlog" => "20000"
+ )
+ )
+ )
+ )
+ )
+ end
end
end
end