Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Linux node config #782

Merged
merged 17 commits into from
Jan 14, 2021
Merged

feat: Linux node config #782

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
4f0f021
Add linux node config
m10ev Jan 9, 2021
2f0f08f
Add variable node_pools_linux_node_configs
m10ev Jan 9, 2021
216b26e
Generate modules
m10ev Jan 9, 2021
945d97e
Fix dynamic block
m10ev Jan 9, 2021
4dbe448
Generate modules
m10ev Jan 9, 2021
8df92d2
Deep merge for sysctls maps
m10ev Jan 11, 2021
fee5139
Generate modules
m10ev Jan 11, 2021
1edaff2
Add sysctls to node_pool example and test
m10ev Jan 11, 2021
cb6f0eb
Flatten sysctls map
m10ev Jan 12, 2021
b48460e
Generate modules
m10ev Jan 12, 2021
af6e2f3
Fix typo in test
m10ev Jan 12, 2021
ea31c13
Fix trailing whitespace
m10ev Jan 12, 2021
aa107b3
Fix parens
m10ev Jan 12, 2021
88172bb
Update autogen/main/cluster.tf.tmpl
m10ev Jan 12, 2021
f5d9199
Generate modules
m10ev Jan 12, 2021
e990f68
Merge branch 'master' into feature/linux-node-config
bharathkkb Jan 13, 2021
4515629
Merge branch 'master' into feature/linux-node-config
bharathkkb Jan 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 13 additions & 0 deletions autogen/main/cluster.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -543,6 +543,19 @@ resource "google_container_node_pool" "pools" {
cpu_manager_policy = lookup(each.value, "cpu_manager_policy")
}
}

dynamic "linux_node_config" {
for_each = contains(
keys(
merge(
local.node_pools_linux_node_configs["all"],
local.node_pools_linux_node_configs[each.value["name"]])),
"sysctls") ? [1] : []

content {
sysctls = merge(local.node_pools_linux_node_configs["all"], local.node_pools_linux_node_configs[each.value["name"]])["sysctls"]
}
}
{% endif %}

shielded_instance_config {
Expand Down
13 changes: 13 additions & 0 deletions autogen/main/variables.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,19 @@ variable "node_pools_metadata" {
default-node-pool = {}
}
}
{% if beta_cluster %}

variable "node_pools_linux_node_configs" {
type = map(map(map(string)))
description = "Map of maps containing linux node config by node-pool name"

# Default is being set in variables_defaults.tf
default = {
all = {}
default-node-pool = {}
}
}
{% endif %}

variable "resource_usage_export_dataset_id" {
type = string
Expand Down
12 changes: 12 additions & 0 deletions autogen/main/variables_defaults.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,16 @@ locals {
),
var.node_pools_oauth_scopes
)
{% if beta_cluster %}

node_pools_linux_node_configs = merge(
{ all = {} },
{ default-node-pool = {} },
zipmap(
[for node_pool in var.node_pools : node_pool["name"]],
[for node_pool in var.node_pools : {}]
),
var.node_pools_linux_node_configs
)
{% endif %}
}
1 change: 1 addition & 0 deletions modules/beta-private-cluster-update-variant/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br> {<br> "name": "default-node-pool"<br> }<br>]</pre> | no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_linux\_node\_configs | Map of maps containing linux node config by node-pool name | `map(map(map(string)))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | <pre>{<br> "all": [<br> "https://www.googleapis.com/auth/cloud-platform"<br> ],<br> "default-node-pool": []<br>}</pre> | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | <pre>{<br> "all": [],<br> "default-node-pool": []<br>}</pre> | no |
Expand Down
13 changes: 13 additions & 0 deletions modules/beta-private-cluster-update-variant/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -500,6 +500,19 @@ resource "google_container_node_pool" "pools" {
}
}

dynamic "linux_node_config" {
for_each = contains(
keys(
merge(
local.node_pools_linux_node_configs["all"],
local.node_pools_linux_node_configs[each.value["name"]])),
"sysctls") ? [1] : []

content {
sysctls = merge(local.node_pools_linux_node_configs["all"], local.node_pools_linux_node_configs[each.value["name"]])["sysctls"]
}
}

shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
Expand Down
11 changes: 11 additions & 0 deletions modules/beta-private-cluster-update-variant/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,17 @@ variable "node_pools_metadata" {
}
}

variable "node_pools_linux_node_configs" {
type = map(map(map(string)))
description = "Map of maps containing linux node config by node-pool name"

# Default is being set in variables_defaults.tf
default = {
all = {}
default-node-pool = {}
}
}

variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
Expand Down
10 changes: 10 additions & 0 deletions modules/beta-private-cluster-update-variant/variables_defaults.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)

node_pools_linux_node_configs = merge(
{ all = {} },
{ default-node-pool = {} },
zipmap(
[for node_pool in var.node_pools : node_pool["name"]],
[for node_pool in var.node_pools : {}]
),
var.node_pools_linux_node_configs
)
}
1 change: 1 addition & 0 deletions modules/beta-private-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br> {<br> "name": "default-node-pool"<br> }<br>]</pre> | no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_linux\_node\_configs | Map of maps containing linux node config by node-pool name | `map(map(map(string)))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | <pre>{<br> "all": [<br> "https://www.googleapis.com/auth/cloud-platform"<br> ],<br> "default-node-pool": []<br>}</pre> | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | <pre>{<br> "all": [],<br> "default-node-pool": []<br>}</pre> | no |
Expand Down
13 changes: 13 additions & 0 deletions modules/beta-private-cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -428,6 +428,19 @@ resource "google_container_node_pool" "pools" {
}
}

dynamic "linux_node_config" {
for_each = contains(
keys(
merge(
local.node_pools_linux_node_configs["all"],
local.node_pools_linux_node_configs[each.value["name"]])),
"sysctls") ? [1] : []

content {
sysctls = merge(local.node_pools_linux_node_configs["all"], local.node_pools_linux_node_configs[each.value["name"]])["sysctls"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for a config like

all = {
      sysctls = {
        "foo"  = 1
      }
}
pool-01 = {
      sysctls = {
       "bar" = 2
      }
}

Wouldn't merge of the second map override the key sysctls from the first unless we do

sysctls = merge(lookup(local.node_pools_linux_node_configs["all"],"sysctls",{}),lookup(local.node_pools_linux_node_configs[each.value["name"]],"sysctls",{}))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you are right. Are you in favour of keeping this structure and doing this more complex "deep" merge or do you prefer to flatten the structure one level because sysctls is currently the only key in this map?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@m10ev I think it makes sense to flatten as only sysctls is available.

}
}

shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
Expand Down
11 changes: 11 additions & 0 deletions modules/beta-private-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,17 @@ variable "node_pools_metadata" {
}
}

variable "node_pools_linux_node_configs" {
type = map(map(map(string)))
description = "Map of maps containing linux node config by node-pool name"

# Default is being set in variables_defaults.tf
default = {
all = {}
default-node-pool = {}
}
}

variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
Expand Down
10 changes: 10 additions & 0 deletions modules/beta-private-cluster/variables_defaults.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)

node_pools_linux_node_configs = merge(
{ all = {} },
{ default-node-pool = {} },
zipmap(
[for node_pool in var.node_pools : node_pool["name"]],
[for node_pool in var.node_pools : {}]
),
var.node_pools_linux_node_configs
)
}
1 change: 1 addition & 0 deletions modules/beta-public-cluster-update-variant/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br> {<br> "name": "default-node-pool"<br> }<br>]</pre> | no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_linux\_node\_configs | Map of maps containing linux node config by node-pool name | `map(map(map(string)))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | <pre>{<br> "all": [<br> "https://www.googleapis.com/auth/cloud-platform"<br> ],<br> "default-node-pool": []<br>}</pre> | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | <pre>{<br> "all": [],<br> "default-node-pool": []<br>}</pre> | no |
Expand Down
13 changes: 13 additions & 0 deletions modules/beta-public-cluster-update-variant/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,19 @@ resource "google_container_node_pool" "pools" {
}
}

dynamic "linux_node_config" {
for_each = contains(
keys(
merge(
local.node_pools_linux_node_configs["all"],
local.node_pools_linux_node_configs[each.value["name"]])),
"sysctls") ? [1] : []

content {
sysctls = merge(local.node_pools_linux_node_configs["all"], local.node_pools_linux_node_configs[each.value["name"]])["sysctls"]
}
}

shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
Expand Down
11 changes: 11 additions & 0 deletions modules/beta-public-cluster-update-variant/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,17 @@ variable "node_pools_metadata" {
}
}

variable "node_pools_linux_node_configs" {
type = map(map(map(string)))
description = "Map of maps containing linux node config by node-pool name"

# Default is being set in variables_defaults.tf
default = {
all = {}
default-node-pool = {}
}
}

variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
Expand Down
10 changes: 10 additions & 0 deletions modules/beta-public-cluster-update-variant/variables_defaults.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)

node_pools_linux_node_configs = merge(
{ all = {} },
{ default-node-pool = {} },
zipmap(
[for node_pool in var.node_pools : node_pool["name"]],
[for node_pool in var.node_pools : {}]
),
var.node_pools_linux_node_configs
)
}
1 change: 1 addition & 0 deletions modules/beta-public-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,7 @@ Then perform the following commands on the root folder:
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no |
| node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br> {<br> "name": "default-node-pool"<br> }<br>]</pre> | no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_linux\_node\_configs | Map of maps containing linux node config by node-pool name | `map(map(map(string)))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no |
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | <pre>{<br> "all": [<br> "https://www.googleapis.com/auth/cloud-platform"<br> ],<br> "default-node-pool": []<br>}</pre> | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | <pre>{<br> "all": [],<br> "default-node-pool": []<br>}</pre> | no |
Expand Down
13 changes: 13 additions & 0 deletions modules/beta-public-cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -409,6 +409,19 @@ resource "google_container_node_pool" "pools" {
}
}

dynamic "linux_node_config" {
for_each = contains(
keys(
merge(
local.node_pools_linux_node_configs["all"],
local.node_pools_linux_node_configs[each.value["name"]])),
"sysctls") ? [1] : []

content {
sysctls = merge(local.node_pools_linux_node_configs["all"], local.node_pools_linux_node_configs[each.value["name"]])["sysctls"]
}
}

shielded_instance_config {
enable_secure_boot = lookup(each.value, "enable_secure_boot", false)
enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true)
Expand Down
11 changes: 11 additions & 0 deletions modules/beta-public-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,17 @@ variable "node_pools_metadata" {
}
}

variable "node_pools_linux_node_configs" {
type = map(map(map(string)))
description = "Map of maps containing linux node config by node-pool name"

# Default is being set in variables_defaults.tf
default = {
all = {}
default-node-pool = {}
}
}

variable "resource_usage_export_dataset_id" {
type = string
description = "The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export."
Expand Down
10 changes: 10 additions & 0 deletions modules/beta-public-cluster/variables_defaults.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,14 @@ locals {
),
var.node_pools_oauth_scopes
)

node_pools_linux_node_configs = merge(
{ all = {} },
{ default-node-pool = {} },
zipmap(
[for node_pool in var.node_pools : node_pool["name"]],
[for node_pool in var.node_pools : {}]
),
var.node_pools_linux_node_configs
)
}