From cc747e4d2a1a8276c039e4e3eeae32091c797b0f Mon Sep 17 00:00:00 2001 From: m10ev <42208556+m10ev@users.noreply.github.com> Date: Sun, 29 Nov 2020 15:37:55 +0200 Subject: [PATCH 1/6] Add option for CPU manager policy --- README.md | 1 + autogen/main/README.md | 1 + autogen/main/cluster.tf.tmpl | 4 ++++ cluster.tf | 4 ++++ modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/cluster.tf | 4 ++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 4 ++++ modules/beta-public-cluster-update-variant/README.md | 1 + modules/beta-public-cluster-update-variant/cluster.tf | 4 ++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 4 ++++ modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 4 ++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 4 ++++ 16 files changed, 40 insertions(+) diff --git a/README.md b/README.md index da19bc5059..1da20324d4 100644 --- a/README.md +++ b/README.md @@ -220,6 +220,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/autogen/main/README.md b/autogen/main/README.md index b472dcdbbc..dd4192ed32 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -163,6 +163,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 0526d02a76..b37653f633 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -237,6 +237,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/cluster.tf b/cluster.tf index 2d4cb9a1a4..b174705983 100644 --- a/cluster.tf +++ b/cluster.tf @@ -143,6 +143,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 3d6ce9cf4a..4c6fc3ff4e 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -283,6 +283,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index ddd9857f35..f125dba145 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -212,6 +212,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index bb1aa43177..9704549b4e 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -261,6 +261,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 7bea7d0e2c..284c41503f 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -212,6 +212,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 9a5ba632a1..93ca564073 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -270,6 +270,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 4d130f1f3d..a26fca5954 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -212,6 +212,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 9ae1a7c000..6f2361d89c 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -248,6 +248,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 4b3fd37cd5..33eee057c5 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -212,6 +212,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index a6fcab2e57..6d01778cf2 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -254,6 +254,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 2a4a5e0479..203c67b564 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -143,6 +143,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index c5f6ce7a0b..1b43b15b4d 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -232,6 +232,7 @@ The node_pools variable takes the following parameters: | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index c2ecba7473..16fec95c76 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -143,6 +143,10 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } } } From ed05af3c8343757fb24da000f59b70345aafaf4d Mon Sep 17 00:00:00 2001 From: m10ev <42208556+m10ev@users.noreply.github.com> Date: Sun, 29 Nov 2020 15:40:39 +0200 Subject: [PATCH 2/6] Drive-by sort variable names --- README.md | 6 +++--- autogen/main/README.md | 4 ++-- modules/beta-private-cluster-update-variant/README.md | 6 +++--- modules/beta-private-cluster/README.md | 6 +++--- modules/beta-public-cluster-update-variant/README.md | 6 +++--- modules/beta-public-cluster/README.md | 6 +++--- modules/private-cluster-update-variant/README.md | 6 +++--- modules/private-cluster/README.md | 6 +++--- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 1da20324d4..cf4ae060f2 100644 --- a/README.md +++ b/README.md @@ -209,18 +209,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/autogen/main/README.md b/autogen/main/README.md index dd4192ed32..b35749deab 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -158,8 +158,6 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | @@ -167,6 +165,8 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 4c6fc3ff4e..01028eb3e6 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -272,18 +272,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 9704549b4e..e33ec012c8 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -250,18 +250,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 93ca564073..35a2969889 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -259,18 +259,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 6f2361d89c..70da699841 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -237,18 +237,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 6d01778cf2..6a3f7a49e5 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -243,18 +243,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 1b43b15b4d..4118c5031f 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -221,18 +221,18 @@ The node_pools variable takes the following parameters: | --- | --- | --- | --- | | accelerator_count | The number of the guest accelerator cards exposed to this instance | 0 | Optional | | accelerator_type | The accelerator type resource to expose to the instance | " " | Optional | -| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | -| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | +| enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS | Optional | | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional | | key | The key required for the taint | | Required | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | local_ssd_count | The amount of local SSD disks that will be attached to each cluster node | 0 | Optional | | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional | | max_count | Maximum number of nodes in the NodePool. Must be >= min_count | 100 | Optional | From 67f8ea04a291b0804d3fb50da7dfc08cbdf82153 Mon Sep 17 00:00:00 2001 From: m10ev <42208556+m10ev@users.noreply.github.com> Date: Sun, 29 Nov 2020 16:08:19 +0200 Subject: [PATCH 3/6] Define kubelet_config in beta --- README.md | 1 - autogen/main/README.md | 2 ++ autogen/main/cluster.tf.tmpl | 8 ++++---- cluster.tf | 4 ---- modules/beta-private-cluster-update-variant/cluster.tf | 8 ++++---- modules/beta-private-cluster/cluster.tf | 8 ++++---- modules/beta-public-cluster-update-variant/cluster.tf | 8 ++++---- modules/beta-public-cluster/cluster.tf | 8 ++++---- modules/private-cluster-update-variant/README.md | 1 - modules/private-cluster-update-variant/cluster.tf | 4 ---- modules/private-cluster/README.md | 1 - modules/private-cluster/cluster.tf | 4 ---- 12 files changed, 22 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index cf4ae060f2..4b92c609e7 100644 --- a/README.md +++ b/README.md @@ -212,7 +212,6 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/autogen/main/README.md b/autogen/main/README.md index b35749deab..a63121ae28 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -161,7 +161,9 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +{% if beta_cluster %} | cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | +{% endif %} | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index b37653f633..87503156d9 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -237,10 +237,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } @@ -531,6 +527,10 @@ resource "google_container_node_pool" "pools" { } boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } {% endif %} shielded_instance_config { diff --git a/cluster.tf b/cluster.tf index b174705983..2d4cb9a1a4 100644 --- a/cluster.tf +++ b/cluster.tf @@ -143,10 +143,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index f125dba145..295f967adf 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -212,10 +212,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } @@ -488,6 +484,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 284c41503f..581af75c73 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -212,10 +212,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } @@ -416,6 +412,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index a26fca5954..ba907c34b8 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -212,10 +212,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } @@ -469,6 +465,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 33eee057c5..18641de5fc 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -212,10 +212,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } @@ -397,6 +393,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + kubelet_config { + cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + } + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 6a3f7a49e5..31b7a815af 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -246,7 +246,6 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 203c67b564..2a4a5e0479 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -143,10 +143,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 4118c5031f..9f5096e588 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -224,7 +224,6 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | -| cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "none" | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 16fec95c76..c2ecba7473 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -143,10 +143,6 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } - - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") - } } } From 2216262354132b4819cca705ac469da2fa557ac9 Mon Sep 17 00:00:00 2001 From: m10ev <42208556+m10ev@users.noreply.github.com> Date: Wed, 2 Dec 2020 22:56:21 +0200 Subject: [PATCH 4/6] Declare kubelet_config with dynamic only when cpu_manager_policy is set --- autogen/main/cluster.tf.tmpl | 8 ++++++-- modules/beta-private-cluster-update-variant/cluster.tf | 8 ++++++-- modules/beta-private-cluster/cluster.tf | 8 ++++++-- modules/beta-public-cluster-update-variant/cluster.tf | 8 ++++++-- modules/beta-public-cluster/cluster.tf | 8 ++++++-- 5 files changed, 30 insertions(+), 10 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 87503156d9..d7db5ea3b6 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -528,8 +528,12 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + dynamic "kubelet_config" { + for_each = each.value.cpu_manager_policy[*] + + content { + cpu_manager_policy = each.value.cpu_manager_policy + } } {% endif %} diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 295f967adf..d2b6211eb3 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -484,8 +484,12 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + dynamic "kubelet_config" { + for_each = each.value.cpu_manager_policy[*] + + content { + cpu_manager_policy = each.value.cpu_manager_policy + } } shielded_instance_config { diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 581af75c73..01d1faab61 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -412,8 +412,12 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + dynamic "kubelet_config" { + for_each = each.value.cpu_manager_policy[*] + + content { + cpu_manager_policy = each.value.cpu_manager_policy + } } shielded_instance_config { diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index ba907c34b8..043ea62a26 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -465,8 +465,12 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + dynamic "kubelet_config" { + for_each = each.value.cpu_manager_policy[*] + + content { + cpu_manager_policy = each.value.cpu_manager_policy + } } shielded_instance_config { diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 18641de5fc..86352ac90a 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -393,8 +393,12 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - kubelet_config { - cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "none") + dynamic "kubelet_config" { + for_each = each.value.cpu_manager_policy[*] + + content { + cpu_manager_policy = each.value.cpu_manager_policy + } } shielded_instance_config { From 6dd33b16192cf8691b8182cc8bae2ddf6a657ac8 Mon Sep 17 00:00:00 2001 From: m10ev <42208556+m10ev@users.noreply.github.com> Date: Wed, 2 Dec 2020 23:29:41 +0200 Subject: [PATCH 5/6] Wrap in lookup for safety --- autogen/main/cluster.tf.tmpl | 2 +- modules/beta-private-cluster-update-variant/cluster.tf | 2 +- modules/beta-private-cluster/cluster.tf | 2 +- modules/beta-public-cluster-update-variant/cluster.tf | 2 +- modules/beta-public-cluster/cluster.tf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index d7db5ea3b6..a014a78d97 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -529,7 +529,7 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = each.value.cpu_manager_policy[*] + for_each = lookup(each.value, "cpu_manager_policy", null)[*] content { cpu_manager_policy = each.value.cpu_manager_policy diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index d2b6211eb3..7f7101eb84 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -485,7 +485,7 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = each.value.cpu_manager_policy[*] + for_each = lookup(each.value, "cpu_manager_policy", null)[*] content { cpu_manager_policy = each.value.cpu_manager_policy diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 01d1faab61..b0207bbb89 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -413,7 +413,7 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = each.value.cpu_manager_policy[*] + for_each = lookup(each.value, "cpu_manager_policy", null)[*] content { cpu_manager_policy = each.value.cpu_manager_policy diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 043ea62a26..352938e3c2 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -466,7 +466,7 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = each.value.cpu_manager_policy[*] + for_each = lookup(each.value, "cpu_manager_policy", null)[*] content { cpu_manager_policy = each.value.cpu_manager_policy diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 86352ac90a..f7cd1ca416 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -394,7 +394,7 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = each.value.cpu_manager_policy[*] + for_each = lookup(each.value, "cpu_manager_policy", null)[*] content { cpu_manager_policy = each.value.cpu_manager_policy From ab282a30fdf751505134ed952ad2a4e12d0bed1e Mon Sep 17 00:00:00 2001 From: m10ev <42208556+m10ev@users.noreply.github.com> Date: Thu, 3 Dec 2020 08:47:27 +0200 Subject: [PATCH 6/6] Apply suggestion from code review --- autogen/main/cluster.tf.tmpl | 4 ++-- modules/beta-private-cluster-update-variant/cluster.tf | 4 ++-- modules/beta-private-cluster/cluster.tf | 4 ++-- modules/beta-public-cluster-update-variant/cluster.tf | 4 ++-- modules/beta-public-cluster/cluster.tf | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index a014a78d97..3ce9086c2d 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -529,10 +529,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = lookup(each.value, "cpu_manager_policy", null)[*] + for_each = contains(keys(each.value), "cpu_manager_policy") ? [1] : [] content { - cpu_manager_policy = each.value.cpu_manager_policy + cpu_manager_policy = lookup(each.value, "cpu_manager_policy") } } {% endif %} diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 7f7101eb84..2debd9aac4 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -485,10 +485,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = lookup(each.value, "cpu_manager_policy", null)[*] + for_each = contains(keys(each.value), "cpu_manager_policy") ? [1] : [] content { - cpu_manager_policy = each.value.cpu_manager_policy + cpu_manager_policy = lookup(each.value, "cpu_manager_policy") } } diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index b0207bbb89..5eef665aff 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -413,10 +413,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = lookup(each.value, "cpu_manager_policy", null)[*] + for_each = contains(keys(each.value), "cpu_manager_policy") ? [1] : [] content { - cpu_manager_policy = each.value.cpu_manager_policy + cpu_manager_policy = lookup(each.value, "cpu_manager_policy") } } diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 352938e3c2..38661039ea 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -466,10 +466,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = lookup(each.value, "cpu_manager_policy", null)[*] + for_each = contains(keys(each.value), "cpu_manager_policy") ? [1] : [] content { - cpu_manager_policy = each.value.cpu_manager_policy + cpu_manager_policy = lookup(each.value, "cpu_manager_policy") } } diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index f7cd1ca416..b79fabb909 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -394,10 +394,10 @@ resource "google_container_node_pool" "pools" { boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") dynamic "kubelet_config" { - for_each = lookup(each.value, "cpu_manager_policy", null)[*] + for_each = contains(keys(each.value), "cpu_manager_policy") ? [1] : [] content { - cpu_manager_policy = each.value.cpu_manager_policy + cpu_manager_policy = lookup(each.value, "cpu_manager_policy") } }