From 9a03f0c135c7ca67b5637054b8882dfd8e73c5bc Mon Sep 17 00:00:00 2001 From: Daisy prakash khoja Date: Sun, 31 Aug 2025 16:27:56 +0530 Subject: [PATCH 01/12] added the connection for nodepool from standard cluster --- modules/gke-node-pool/metadata.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index cd29dee409..180dd6d127 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -129,7 +129,12 @@ spec: - name: cluster description: The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. varType: string - required: true + connections: + - source: + source: github.com/Daisyprakash/terraform-google-kubernetes-engine//modules/gke-standard-cluster + version: ">=38.0.1" + spec: + outputExpr: cluster_id - name: project description: The ID of the project in which to create the node pool. varType: string From 3d054d24f0ecdf11795342335a749fb2b61aefa6 Mon Sep 17 00:00:00 2001 From: Daisy prakash khoja Date: Mon, 1 Sep 2025 15:12:09 +0530 Subject: [PATCH 02/12] configured the field with defaults values --- modules/gke-node-pool/metadata.yaml | 3 ++- modules/gke-standard-cluster/metadata.display.yaml | 6 ++++++ modules/gke-standard-cluster/metadata.yaml | 5 ++++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index 180dd6d127..9eca1bbb52 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -129,6 +129,7 @@ spec: - name: cluster description: The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. varType: string + required: true connections: - source: source: github.com/Daisyprakash/terraform-google-kubernetes-engine//modules/gke-standard-cluster @@ -319,7 +320,7 @@ spec: insecure_kubelet_readonly_port_enabled: false machine_type: e2-medium workload_metadata_config: - mode: GKE_METADATA + mode: MODE_UNSPECIFIED - name: network_config description: " The network configuration of the pool. Such as configuration for Adding Pod IP address ranges to the node pool. Or enabling private nodes.\n - create_pod_range: Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.\n - enable_private_nodes: Whether nodes have internal IP addresses only.\n - pod_ipv4_cidr_block: The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.\n - pod_range - The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.\n - additional_node_network_configs - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface.\n - network - Name of the VPC where the additional interface belongs.\n - subnetwork - Name of the subnetwork where the additional interface belongs\n - additional_pod_network_configs - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node.\n - subnetwork - Name of the subnetwork where the additional pod network belongs.\n - secondary_pod_range - The name of the secondary range on the subnet which provides IP address for this pod range.\n - max_pods_per_node - The maximum number of pods per node which use this pod network.\n - pod_cidr_overprovision_config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited.\n - disabled - Whether pod cidr overprovision is disabled.\n - network_performance_config - Network bandwidth tier configuration.\n - total_egress_bandwidth_tier - Specifies the total network bandwidth tier for the NodePool. Valid values include: \"TIER_1\" and \"TIER_UNSPECIFIED\".\n" varType: |- diff --git a/modules/gke-standard-cluster/metadata.display.yaml b/modules/gke-standard-cluster/metadata.display.yaml index fefcc7a84a..791677f269 100644 --- a/modules/gke-standard-cluster/metadata.display.yaml +++ b/modules/gke-standard-cluster/metadata.display.yaml @@ -61,6 +61,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + altDefaults: + - type: ALTERNATE_TYPE_DC + value: LEGACY_DATAPATH default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -202,6 +205,9 @@ spec: private_ipv6_google_access: name: private_ipv6_google_access title: Private Ipv6 Google Access + altDefaults: + - type: ALTERNATE_TYPE_DC + value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED project: name: project title: Project diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index 3279346661..b221ff1823 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -136,6 +136,7 @@ spec: - name: project description: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. varType: string + required: true - name: location description: The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well. varType: string @@ -303,7 +304,7 @@ spec: - name: initial_node_count description: The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not specified. varType: number - defaultValue: 0 + defaultValue: 1 - name: ip_allocation_policy description: "Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. " varType: |- @@ -366,6 +367,8 @@ spec: gcp_public_cidrs_access_enabled = optional(bool) private_endpoint_enforcement_enabled = optional(bool) }) + defaultValue: + private_endpoint_enforcement_enabled: true - name: min_master_version description: The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the master version--use the read-only master_version field to obtain a current version. If unset, the server's default version will be used. varType: string From e65378850711007472bbe7603f8160eb11cd1827 Mon Sep 17 00:00:00 2001 From: Daisy prakash khoja Date: Mon, 1 Sep 2025 16:51:33 +0530 Subject: [PATCH 03/12] changes --- modules/gke-standard-cluster/metadata.display.yaml | 7 +++++++ modules/gke-standard-cluster/metadata.yaml | 4 +--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/gke-standard-cluster/metadata.display.yaml b/modules/gke-standard-cluster/metadata.display.yaml index 791677f269..4c9755e22e 100644 --- a/modules/gke-standard-cluster/metadata.display.yaml +++ b/modules/gke-standard-cluster/metadata.display.yaml @@ -130,6 +130,9 @@ spec: initial_node_count: name: initial_node_count title: Initial Node Count + altDefaults: + - type: ALTERNATE_TYPE_DC + value: 1 ip_allocation_policy: name: ip_allocation_policy title: Ip Allocation Policy @@ -151,6 +154,10 @@ spec: master_authorized_networks_config: name: master_authorized_networks_config title: Master Authorized Networks Config + altDefaults: + - type: ALTERNATE_TYPE_DC + value: + private_endpoint_enforcement_enabled: true mesh_certificates: name: mesh_certificates title: Mesh Certificates diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index b221ff1823..4c4342ed53 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -304,7 +304,7 @@ spec: - name: initial_node_count description: The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not specified. varType: number - defaultValue: 1 + defaultValue: 0 - name: ip_allocation_policy description: "Configuration of cluster IP allocation for VPC-native clusters. If this block is unset during creation, it will be set by the GKE backend. " varType: |- @@ -367,8 +367,6 @@ spec: gcp_public_cidrs_access_enabled = optional(bool) private_endpoint_enforcement_enabled = optional(bool) }) - defaultValue: - private_endpoint_enforcement_enabled: true - name: min_master_version description: The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the master version--use the read-only master_version field to obtain a current version. If unset, the server's default version will be used. varType: string From 87d5e14a86059309986e419034cafed4fee9b2ba Mon Sep 17 00:00:00 2001 From: Daisy prakash khoja Date: Wed, 3 Sep 2025 15:05:45 +0530 Subject: [PATCH 04/12] added enumValue,regex,output variable in metadata.display, changed variable project to project_id --- modules/gke-node-pool/main.tf | 2 +- modules/gke-node-pool/metadata.display.yaml | 206 ++++- modules/gke-node-pool/metadata.yaml | 6 +- modules/gke-node-pool/outputs.tf | 2 +- modules/gke-node-pool/variables.tf | 4 +- modules/gke-standard-cluster/main.tf | 2 +- .../metadata.display.yaml | 743 +++++++++++++++++- modules/gke-standard-cluster/metadata.yaml | 4 +- modules/gke-standard-cluster/variables.tf | 4 +- 9 files changed, 955 insertions(+), 18 deletions(-) diff --git a/modules/gke-node-pool/main.tf b/modules/gke-node-pool/main.tf index 76b3e5fc6c..7145408543 100644 --- a/modules/gke-node-pool/main.tf +++ b/modules/gke-node-pool/main.tf @@ -19,7 +19,7 @@ resource "google_container_node_pool" "main" { name = var.name name_prefix = var.name_prefix - project = var.project + project = var.project_id cluster = var.cluster location = var.location diff --git a/modules/gke-node-pool/metadata.display.yaml b/modules/gke-node-pool/metadata.display.yaml index 772ad2c5d4..46282de5f6 100644 --- a/modules/gke-node-pool/metadata.display.yaml +++ b/modules/gke-node-pool/metadata.display.yaml @@ -31,6 +31,15 @@ spec: autoscaling: name: autoscaling title: Autoscaling + properties: + location_policy: + name: location_policy + title: Location Policy + enumValueLabels: + - label: ANY + value: ANY + - label: BALANCED + value: BALANCED cluster: name: cluster title: Cluster @@ -43,6 +52,7 @@ spec: location: name: location title: Location + level: 1 management: name: management title: Management @@ -58,9 +68,179 @@ spec: network_config: name: network_config title: Network Config + properties: + network_performance_config: + name: network_performance_config + title: Network Performance Config + properties: + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier + enumValueLabels: + - label: TIER_UNSPECIFIED + value: TIER_UNSPECIFIED + - label: TIER_1 + value: TIER_1 node_config: name: node_config title: Node Config + properties: + disk_type: + name: disk_type + title: Disk Type + enumValueLabels: + - label: pd-standard + value: pd-standard + - label: pd-balanced + value: pd-balanced + - label: pd-ssd + value: pd-ssd + local_ssd_encryption_mode: + name: local_ssd_encryption_mode + title: Local SSD Encryption Mode + enumValueLabels: + - label: STANDARD_ENCRYPTION + value: STANDARD_ENCRYPTION + - label: EPHEMERAL_KEY_ENCRYPTION + value: EPHEMERAL_KEY_ENCRYPTION + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT + guest_accelerator: + name: guest_accelerator + title: Guest Accelerator + properties: + gpu_driver_installation_config: + name: gpu_driver_installation_config + title: GPU Driver Installation Config + properties: + gpu_driver_version: + name: gpu_driver_version + title: GPU Driver Version + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: INSTALLATION_DISABLED + value: INSTALLATION_DISABLED + - label: LATEST + value: LATEST + - label: GPU_DRIVER_VERSION_UNSPECIFIED + value: GPU_DRIVER_VERSION_UNSPECIFIED + gpu_sharing_config: + name: gpu_sharing_config + title: GPU Sharing Config + properties: + gpu_sharing_strategy: + name: gpu_sharing_strategy + title: GPU Sharing Strategy + enumValueLabels: + - label: TIME_SHARING + value: TIME_SHARING + - label: MPS + value: MPS + oauth_scopes: + name: oauth_scopes + title: Oauth Scopes + subtext: A list of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. + reservation_affinity: + name: reservation_affinity + title: Reservation Affinity + properties: + consume_reservation_type: + name: consume_reservation_type + title: Consume Reservation Type + enumValueLabels: + - label: UNSPECIFIED + value: UNSPECIFIED + - label: NO_RESERVATION + value: NO_RESERVATION + - label: ANY_RESERVATION + value: ANY_RESERVATION + - label: SPECIFIC_RESERVATION + value: SPECIFIC_RESERVATION + sandbox_config: + name: sandbox_config + title: Sandbox Config + properties: + sandbox_type: + name: sandbox_type + title: Sandbox Type + enumValueLabels: + - label: gvisor + value: gvisor + taint: + name: taint + title: Taint + properties: + effect: + name: effect + title: Effect + enumValueLabels: + - label: NO_SCHEDULE + value: NO_SCHEDULE + - label: PREFER_NO_SCHEDULE + value: PREFER_NO_SCHEDULE + - label: NO_EXECUTE + value: NO_EXECUTE + workload_metadata_config: + name: workload_metadata_config + title: Workload Metadata Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: GCE_METADATA + value: GCE_METADATA + - label: GKE_METADATA + value: GKE_METADATA + - label: MODE_UNSPECIFIED + value: MODE_UNSPECIFIED + kubelet_config: + name: kubelet_config + title: Kubelet Config + properties: + cpu_manager_policy: + name: cpu_manager_policy + title: CPU Manager Policy + enumValueLabels: + - label: none + value: none + - label: static + value: static + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 + windows_node_config: + name: windows_node_config + title: Windows Node Config + properties: + osversion: + name: osversion + title: OS Version + enumValueLabels: + - label: OS_VERSION_UNSPECIFIED + value: OS_VERSION_UNSPECIFIED + - label: OS_VERSION_LTSC2019 + value: OS_VERSION_LTSC2019 + - label: OS_VERSION_LTSC2022 + value: OS_VERSION_LTSC2022 node_count: name: node_count title: Node Count @@ -70,9 +250,16 @@ spec: placement_policy: name: placement_policy title: Placement Policy - project: - name: project - title: Project + properties: + type: + name: type + title: Type + enumValueLabels: + - label: COMPACT + value: COMPACT + project_id: + name: project_id + title: Project Id queued_provisioning: name: queued_provisioning title: Queued Provisioning @@ -82,3 +269,16 @@ spec: upgrade_settings: name: upgrade_settings title: Upgrade Settings + properties: + strategy: + name: strategy + title: Strategy + enumValueLabels: + - label: SURGE + value: SURGE + - label: BLUE_GREEN + value: BLUE_GREEN + runtime: + outputs: + id: + visibility: VISIBILITY_ROOT diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index 9eca1bbb52..70879a7ab5 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -127,7 +127,7 @@ spec: interfaces: variables: - name: cluster - description: The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. + description: The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project_id}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. varType: string required: true connections: @@ -136,7 +136,7 @@ spec: version: ">=38.0.1" spec: outputExpr: cluster_id - - name: project + - name: project_id description: The ID of the project in which to create the node pool. varType: string required: true @@ -400,7 +400,7 @@ spec: update: 45m outputs: - name: id - description: an identifier for the resource with format {{project}}/{{location}}/{{cluster}}/{{name}} + description: an identifier for the resource with format {{project_id}}/{{location}}/{{cluster}}/{{name}} - name: instance_group_urls description: The resource URLs of the managed instance groups associated with this node pool. - name: managed_instance_group_urls diff --git a/modules/gke-node-pool/outputs.tf b/modules/gke-node-pool/outputs.tf index 8cd1b8a379..6d9fd10d15 100644 --- a/modules/gke-node-pool/outputs.tf +++ b/modules/gke-node-pool/outputs.tf @@ -15,7 +15,7 @@ */ output "id" { - description = "an identifier for the resource with format {{project}}/{{location}}/{{cluster}}/{{name}}" + description = "an identifier for the resource with format {{project_id}}/{{location}}/{{cluster}}/{{name}}" value = google_container_node_pool.main.id } diff --git a/modules/gke-node-pool/variables.tf b/modules/gke-node-pool/variables.tf index dd76f35031..4dca72365a 100644 --- a/modules/gke-node-pool/variables.tf +++ b/modules/gke-node-pool/variables.tf @@ -15,11 +15,11 @@ */ variable "cluster" { - description = "The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster." + description = "The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project_id}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster." type = string } -variable "project" { +variable "project_id" { description = "The ID of the project in which to create the node pool." type = string } diff --git a/modules/gke-standard-cluster/main.tf b/modules/gke-standard-cluster/main.tf index c866223dc8..9520101d5d 100644 --- a/modules/gke-standard-cluster/main.tf +++ b/modules/gke-standard-cluster/main.tf @@ -19,7 +19,7 @@ resource "google_container_cluster" "main" { name = var.name description = var.description - project = var.project + project = var.project_id resource_labels = var.resource_labels location = var.location diff --git a/modules/gke-standard-cluster/metadata.display.yaml b/modules/gke-standard-cluster/metadata.display.yaml index 4c9755e22e..8a19d66c33 100644 --- a/modules/gke-standard-cluster/metadata.display.yaml +++ b/modules/gke-standard-cluster/metadata.display.yaml @@ -31,21 +31,133 @@ spec: addons_config: name: addons_config title: Addons Config + properties: + http_load_balancing: + name: http_load_balancing + title: Http Load Balancing + horizontal_pod_autoscaling: + name: horizontal_pod_autoscaling + title: Horizontal Pod Autoscaling + network_policy_config: + name: network_policy_config + title: Network Policy Config + istio_config: + name: istio_config + title: Istio Config + properties: + auth: + name: auth + title: Auth + enumValueLabels: + - label: MUTUAL_TLS + value: MUTUAL_TLS + dns_cache_config: + name: dns_cache_config + title: Dns Cache Config + config_connector_config: + name: config_connector_config + title: Config Connector Config + gce_persistent_disk_csi_driver_config: + name: gce_persistent_disk_csi_driver_config + title: Gce Persistent Disk Csi Driver Config + kalm_config: + name: kalm_config + title: Kalm Config + gcp_filestore_csi_driver_config: + name: gcp_filestore_csi_driver_config + title: Gcp Filestore Csi Driver Config + gke_backup_agent_config: + name: gke_backup_agent_config + title: Gke Backup Agent Config + gcs_fuse_csi_driver_config: + name: gcs_fuse_csi_driver_config + title: Gcs Fuse Csi Driver Config + stateful_ha_config: + name: stateful_ha_config + title: Stateful Ha Config + parallelstore_csi_driver_config: + name: parallelstore_csi_driver_config + title: Parallelstore Csi Driver Config + ray_operator_config: + name: ray_operator_config + title: Ray Operator Config authenticator_groups_config: name: authenticator_groups_config title: Authenticator Groups Config + properties: + security_group: + name: security_group + title: Security Group + regexValidation: ^gke-security-groups@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ + validation: Please use a valid email address with the gke-security-groups prefix. binary_authorization: name: binary_authorization title: Binary Authorization + properties: + evaluation_mode: + name: evaluation_mode + title: Evaluation Mode + enumValueLabels: + - label: DISABLED + value: DISABLED + - label: POLICY_BINDINGS + value: POLICY_BINDINGS cluster_autoscaling: name: cluster_autoscaling title: Cluster Autoscaling + properties: + resource_limits: + name: resource_limits + title: Resource Limits + auto_provisioning_defaults: + name: auto_provisioning_defaults + title: Auto Provisioning Defaults + properties: + management: + name: management + title: Management + upgrade_settings: + name: upgrade_settings + title: Upgrade Settings + properties: + strategy: + name: strategy + title: Strategy + enumValueLabels: + - label: SURGE + value: SURGE + - label: BLUE_GREEN + value: BLUE_GREEN + blue_green_settings: + name: blue_green_settings + title: Blue Green Settings + autoscaling_profile: + name: autoscaling_profile + title: Autoscaling Profile + enumValueLabels: + - label: OPTIMIZE_UTILIZATION + value: OPTIMIZE_UTILIZATION + - label: BALANCED + value: BALANCED cluster_ipv4_cidr: name: cluster_ipv4_cidr title: Cluster Ipv4 Cidr + regexValidation: ^10\.(?:[0-9]{1,2}|1(?:[0-9]{2})?|2(?:[0-4][0-9]|5[0-5]))\.(?:[0-9]{1,2}|1(?:[0-9]{2})?|2(?:[0-4][0-9]|5[0-5]))\.0\/14$ + validation: Must be a /14 CIDR block in the 10.0.0.0/8 range. Example - 10.10.0.0/14. Invalid examples - 10.10.0.0/16, 172.16.0.0/14. cluster_telemetry: name: cluster_telemetry title: Cluster Telemetry + properties: + type: + name: type + title: Type + enumValueLabels: + - label: ENABLED + value: ENABLED + - label: DISABLED + value: DISABLED + - label: SYSTEM_ONLY + value: SYSTEM_ONLY confidential_nodes: name: confidential_nodes title: Confidential Nodes @@ -58,12 +170,26 @@ spec: database_encryption: name: database_encryption title: Database Encryption + properties: + state: + name: state + title: State + enumValueLabels: + - label: ENCRYPTED + value: ENCRYPTED + - label: DECRYPTED + value: DECRYPTED datapath_provider: name: datapath_provider title: Datapath Provider altDefaults: - type: ALTERNATE_TYPE_DC value: LEGACY_DATAPATH + enumValueLabels: + - label: LEGACY_DATAPATH + value: LEGACY_DATAPATH + - label: ADVANCED_DATAPATH + value: ADVANCED_DATAPATH default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -82,6 +208,25 @@ spec: dns_config: name: dns_config title: Dns Config + properties: + cluster_dns: + name: cluster_dns + title: Cluster Dns + enumValueLabels: + - label: CLOUD_DNS + value: CLOUD_DNS + - label: PLATFORM_DEFAULT + value: PLATFORM_DEFAULT + cluster_dns_scope: + name: cluster_dns_scope + title: Cluster Dns Scope + enumValueLabels: + - label: DNS_SCOPE_UNSPECIFIED + value: DNS_SCOPE_UNSPECIFIED + - label: CLUSTER_SCOPE + value: CLUSTER_SCOPE + - label: VPC_SCOPE + value: VPC_SCOPE enable_cilium_clusterwide_network_policy: name: enable_cilium_clusterwide_network_policy title: Enable Cilium Clusterwide Network Policy @@ -115,18 +260,43 @@ spec: enterprise_config: name: enterprise_config title: Enterprise Config + properties: + desired_tier: + name: desired_tier + title: Desired Tier + enumValueLabels: + - label: STANDARD + value: STANDARD + - label: ENTERPRISE + value: ENTERPRISE fleet: name: fleet title: Fleet gateway_api_config: name: gateway_api_config title: Gateway Api Config + properties: + channel: + name: channel + title: Channel + enumValueLabels: + - label: CHANNEL_DISABLED + value: CHANNEL_DISABLED + - label: CHANNEL_EXPERIMENTAL + value: CHANNEL_EXPERIMENTAL + - label: CHANNEL_STANDARD + value: CHANNEL_STANDARD identity_service_config: name: identity_service_config title: Identity Service Config in_transit_encryption_config: name: in_transit_encryption_config title: In Transit Encryption Config + enumValueLabels: + - label: IN_TRANSIT_ENCRYPTION_DISABLED + value: IN_TRANSIT_ENCRYPTION_DISABLED + - label: IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT + value: IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT initial_node_count: name: initial_node_count title: Initial Node Count @@ -136,18 +306,69 @@ spec: ip_allocation_policy: name: ip_allocation_policy title: Ip Allocation Policy + properties: + stack_type: + name: stack_type + title: Stack Type + enumValueLabels: + - label: IPV4 + value: IPV4 + - label: IPV4_IPV6 + value: IPV4_IPV6 location: name: location title: Location + level: 1 logging_config: name: logging_config title: Logging Config + properties: + enable_components: + name: enable_components + title: Enable Components + enumValueLabels: + - label: SYSTEM_COMPONENTS + value: SYSTEM_COMPONENTS + - label: WORKLOADS + value: WORKLOADS + - label: APISERVER + value: APISERVER + - label: CONTROLLER_MANAGER + value: CONTROLLER_MANAGER + - label: SCHEDULER + value: SCHEDULER logging_service: name: logging_service title: Logging Service + enumValueLabels: + - label: logging.googleapis.com + value: logging.googleapis.com + - label: logging.googleapis.com/kubernetes + value: logging.googleapis.com/kubernetes + - label: none + value: none maintenance_policy: name: maintenance_policy title: Maintenance Policy + properties: + maintenance_exclusion: + name: maintenance_exclusion + title: Maintenance Exclusion + properties: + exclusion_options: + name: exclusion_options + title: Exclusion Options + properties: + scope: + name: scope + title: Scope + enumValueLabels: + - label: NO_UPGRADES + value: NO_UPGRADES + - label: NO_MINOR_UPGRADES + value: NO_MINOR_UPGRADES + - label: NO_MINOR_OR_NODE_UPGRADES + value: NO_MINOR_OR_NODE_UPGRADES master_auth: name: master_auth title: Master Auth @@ -167,9 +388,20 @@ spec: monitoring_config: name: monitoring_config title: Monitoring Config + properties: + enable_components: + name: enable_components + title: Enable Components monitoring_service: name: monitoring_service title: Monitoring Service + enumValueLabels: + - label: monitoring.googleapis.com + value: monitoring.googleapis.com + - label: monitoring.googleapis.com/kubernetes + value: monitoring.googleapis.com/kubernetes + - label: none + value: none name: name: name title: Name @@ -179,30 +411,465 @@ spec: network_policy: name: network_policy title: Network Policy + properties: + provider: + name: provider + title: Provider + enumValueLabels: + - label: PROVIDER_UNSPECIFIED + value: PROVIDER_UNSPECIFIED node_config: name: node_config title: Node Config + properties: + disk_type: + name: disk_type + title: Disk Type + enumValueLabels: + - label: pd-standard + value: pd-standard + - label: pd-balanced + value: pd-balanced + - label: pd-ssd + value: pd-ssd + local_ssd_encryption_mode: + name: local_ssd_encryption_mode + title: Local Ssd Encryption Mode + enumValueLabels: + - label: STANDARD_ENCRYPTION + value: STANDARD_ENCRYPTION + - label: EPHEMERAL_KEY_ENCRYPTION + value: EPHEMERAL_KEY_ENCRYPTION + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT + secondary_boot_disks: + name: secondary_boot_disks + title: Secondary Boot Disks + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: CONTAINER_IMAGE_CACHE + value: CONTAINER_IMAGE_CACHE + guest_accelerator: + name: guest_accelerator + title: Guest Accelerator + properties: + type: + name: type + title: Type + gpu_driver_installation_config: + name: gpu_driver_installation_config + title: Gpu Driver Installation Config + properties: + gpu_driver_version: + name: gpu_driver_version + title: Gpu Driver Version + enumValueLabels: + - label: GPU_DRIVER_VERSION_UNSPECIFIED + value: GPU_DRIVER_VERSION_UNSPECIFIED + - label: DEFAULT + value: DEFAULT + - label: LATEST + value: LATEST + - label: INSTALLATION_DISABLED + value: INSTALLATION_DISABLED + gpu_sharing_config: + name: gpu_sharing_config + title: Gpu Sharing Config + properties: + gpu_sharing_strategy: + name: gpu_sharing_strategy + title: Gpu Sharing Strategy + enumValueLabels: + - label: TIME_SHARING + value: TIME_SHARING + - label: MPS + value: MPS + reservation_affinity: + name: reservation_affinity + title: Reservation Affinity + properties: + consume_reservation_type: + name: consume_reservation_type + title: Consume Reservation Type + enumValueLabels: + - label: UNSPECIFIED + value: UNSPECIFIED + - label: NO_RESERVATION + value: NO_RESERVATION + - label: ANY_RESERVATION + value: ANY_RESERVATION + - label: SPECIFIC_RESERVATION + value: SPECIFIC_RESERVATION + sandbox_config: + name: sandbox_config + title: Sandbox Config + properties: + sandbox_type: + name: sandbox_type + title: Sandbox Type + enumValueLabels: + - label: gvisor + value: gvisor + workload_metadata_config: + name: workload_metadata_config + title: Workload Metadata Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: MODE_UNSPECIFIED + value: MODE_UNSPECIFIED + - label: GCE_METADATA + value: GCE_METADATA + - label: GKE_METADATA + value: GKE_METADATA + kubelet_config: + name: kubelet_config + title: Kubelet Config + properties: + cpu_manager_policy: + name: cpu_manager_policy + title: Cpu Manager Policy + enumValueLabels: + - label: none + value: none + - label: static + value: static + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 + windows_node_config: + name: windows_node_config + title: Windows Node Config + properties: + osversion: + name: osversion + title: Osversion + enumValueLabels: + - label: OS_VERSION_UNSPECIFIED + value: OS_VERSION_UNSPECIFIED + - label: OS_VERSION_LTSC2019 + value: OS_VERSION_LTSC2019 + - label: OS_VERSION_LTSC2022 + value: OS_VERSION_LTSC2022 + containerd_config: + name: containerd_config + title: Containerd Config node_locations: name: node_locations title: Node Locations node_pool: name: node_pool title: Node Pool + properties: + node_locations: + name: node_locations + title: Node Locations + autoscaling: + name: autoscaling + title: Autoscaling + properties: + location_policy: + name: location_policy + title: Location Policy + enumValueLabels: + - label: BALANCED + value: BALANCED + - label: ANY + value: ANY + management: + name: management + title: Management + node_config: + name: node_config + title: Node Config + properties: + disk_type: + name: disk_type + title: Disk Type + enumValueLabels: + - label: pd-standard + value: pd-standard + - label: pd-balanced + value: pd-balanced + - label: pd-ssd + value: pd-ssd + local_ssd_encryption_mode: + name: local_ssd_encryption_mode + title: Local Ssd Encryption Mode + enumValueLabels: + - label: STANDARD_ENCRYPTION + value: STANDARD_ENCRYPTION + - label: EPHEMERAL_KEY_ENCRYPTION + value: EPHEMERAL_KEY_ENCRYPTION + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT + secondary_boot_disks: + name: secondary_boot_disks + title: Secondary Boot Disks + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: CONTAINER_IMAGE_CACHE + value: CONTAINER_IMAGE_CACHE + guest_accelerator: + name: guest_accelerator + title: Guest Accelerator + properties: + type: + name: type + title: Type + gpu_driver_installation_config: + name: gpu_driver_installation_config + title: Gpu Driver Installation Config + properties: + gpu_driver_version: + name: gpu_driver_version + title: Gpu Driver Version + enumValueLabels: + - label: GPU_DRIVER_VERSION_UNSPECIFIED + value: GPU_DRIVER_VERSION_UNSPECIFIED + - label: DEFAULT + value: DEFAULT + - label: LATEST + value: LATEST + - label: INSTALLATION_DISABLED + value: INSTALLATION_DISABLED + gpu_sharing_config: + name: gpu_sharing_config + title: Gpu Sharing Config + properties: + gpu_sharing_strategy: + name: gpu_sharing_strategy + title: Gpu Sharing Strategy + enumValueLabels: + - label: TIME_SHARING + value: TIME_SHARING + - label: MPS + value: MPS + reservation_affinity: + name: reservation_affinity + title: Reservation Affinity + properties: + consume_reservation_type: + name: consume_reservation_type + title: Consume Reservation Type + enumValueLabels: + - label: UNSPECIFIED + value: UNSPECIFIED + - label: NO_RESERVATION + value: NO_RESERVATION + - label: ANY_RESERVATION + value: ANY_RESERVATION + - label: SPECIFIC_RESERVATION + value: SPECIFIC_RESERVATION + sandbox_config: + name: sandbox_config + title: Sandbox Config + properties: + sandbox_type: + name: sandbox_type + title: Sandbox Type + enumValueLabels: + - label: gvisor + value: gvisor + workload_metadata_config: + name: workload_metadata_config + title: Workload Metadata Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: MODE_UNSPECIFIED + value: MODE_UNSPECIFIED + - label: GCE_METADATA + value: GCE_METADATA + - label: GKE_METADATA + value: GKE_METADATA + kubelet_config: + name: kubelet_config + title: Kubelet Config + properties: + cpu_manager_policy: + name: cpu_manager_policy + title: Cpu Manager Policy + enumValueLabels: + - label: none + value: none + - label: static + value: static + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 + windows_node_config: + name: windows_node_config + title: Windows Node Config + properties: + osversion: + name: osversion + title: Osversion + enumValueLabels: + - label: OS_VERSION_UNSPECIFIED + value: OS_VERSION_UNSPECIFIED + - label: OS_VERSION_LTSC2019 + value: OS_VERSION_LTSC2019 + - label: OS_VERSION_LTSC2022 + value: OS_VERSION_LTSC2022 + containerd_config: + name: containerd_config + title: Containerd Config + network_config: + name: network_config + title: Network Config + properties: + network_performance_config: + name: network_performance_config + title: Network Performance Config + properties: + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier + enumValueLabels: + - label: TIER_UNSPECIFIED + value: TIER_UNSPECIFIED + - label: TIER_1 + value: TIER_1 + upgrade_settings: + name: upgrade_settings + title: Upgrade Settings + properties: + strategy: + name: strategy + title: Strategy + enumValueLabels: + - label: SURGE + value: SURGE + - label: BLUE_GREEN + value: BLUE_GREEN + placement_policy: + name: placement_policy + title: Placement Policy + properties: + type: + name: type + title: Type + enumValueLabels: + - label: COMPACT + value: COMPACT node_pool_auto_config: name: node_pool_auto_config title: Node Pool Auto Config + properties: + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 node_pool_defaults: name: node_pool_defaults title: Node Pool Defaults + properties: + node_config_defaults: + name: node_config_defaults + title: Node Config Defaults + properties: + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT node_version: name: node_version title: Node Version notification_config: name: notification_config title: Notification Config + properties: + pubsub: + name: pubsub + title: Pubsub + properties: + filter: + name: filter + title: Filter + properties: + event_type: + name: event_type + title: Event Type + enumValueLabels: + - label: UPGRADE_AVAILABLE_EVENT + value: UPGRADE_AVAILABLE_EVENT + - label: UPGRADE_EVENT + value: UPGRADE_EVENT + - label: SECURITY_BULLETIN_EVENT + value: SECURITY_BULLETIN_EVENT + - label: UPGRADE_INFO_EVENT + value: UPGRADE_INFO_EVENT pod_autoscaling: name: pod_autoscaling title: Pod Autoscaling + properties: + hpa_profile: + name: hpa_profile + title: Hpa Profile + enumValueLabels: + - label: NONE + value: NONE + - label: PERFORMANCE + value: PERFORMANCE pod_security_policy_config: name: pod_security_policy_config title: Pod Security Policy Config @@ -215,15 +882,60 @@ spec: altDefaults: - type: ALTERNATE_TYPE_DC value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED - project: - name: project - title: Project + enumValueLabels: + - label: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED + value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED + - label: PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED + value: PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED + - label: PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE + value: PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE + - label: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL + value: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL + project_id: + name: project_id + title: Project Id protect_config: name: protect_config title: Protect Config + properties: + workload_config: + name: workload_config + title: Workload Config + properties: + audit_mode: + name: audit_mode + title: Audit Mode + enumValueLabels: + - label: DISABLED + value: DISABLED + - label: BASIC + value: BASIC + workload_vulnerability_mode: + name: workload_vulnerability_mode + title: Workload Vulnerability Mode + enumValueLabels: + - label: DISABLED + value: DISABLED + - label: BASIC + value: BASIC release_channel: name: release_channel title: Release Channel + properties: + channel: + name: channel + title: Channel + enumValueLabels: + - label: UNSPECIFIED + value: UNSPECIFIED + - label: RAPID + value: RAPID + - label: REGULAR + value: REGULAR + - label: STABLE + value: STABLE + - label: EXTENDED + value: EXTENDED remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool @@ -239,6 +951,27 @@ spec: security_posture_config: name: security_posture_config title: Security Posture Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: DISABLED + value: DISABLED + - label: BASIC + value: BASIC + - label: ENTERPRISE + value: ENTERPRISE + vulnerability_mode: + name: vulnerability_mode + title: Vulnerability Mode + enumValueLabels: + - label: VULNERABILITY_DISABLED + value: VULNERABILITY_DISABLED + - label: VULNERABILITY_BASIC + value: VULNERABILITY_BASIC + - label: VULNERABILITY_ENTERPRISE + value: VULNERABILITY_ENTERPRISE service_external_ips_config: name: service_external_ips_config title: Service External Ips Config @@ -257,3 +990,7 @@ spec: workload_identity_config: name: workload_identity_config title: Workload Identity Config + runtime: + outputs: + cluster_id: + visibility: VISIBILITY_ROOT diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index 4c4342ed53..f81d6c6ed7 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -133,8 +133,8 @@ spec: - name: description description: Description of the cluster. varType: string - - name: project - description: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + - name: project_id + description: The ID of the project in which the resource belongs. If it is not provided, the provider project id is used. varType: string required: true - name: location diff --git a/modules/gke-standard-cluster/variables.tf b/modules/gke-standard-cluster/variables.tf index 16779e74ab..3027a585bd 100644 --- a/modules/gke-standard-cluster/variables.tf +++ b/modules/gke-standard-cluster/variables.tf @@ -26,8 +26,8 @@ variable "description" { default = null } -variable "project" { - description = "The ID of the project in which the resource belongs. If it is not provided, the provider project is used." +variable "project_id" { + description = "The ID of the project in which the resource belongs. If it is not provided, the provider project id is used." type = string default = null } From c1d7eebdf8fc4b084d175e7c2f6b3dc8c6233bee Mon Sep 17 00:00:00 2001 From: Daisy prakash khoja Date: Wed, 3 Sep 2025 16:57:23 +0530 Subject: [PATCH 05/12] simplyified the description in node-pool and added regex --- modules/gke-node-pool/metadata.display.yaml | 1 + modules/gke-node-pool/metadata.yaml | 8 ++++---- modules/gke-standard-cluster/metadata.display.yaml | 2 ++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/gke-node-pool/metadata.display.yaml b/modules/gke-node-pool/metadata.display.yaml index 46282de5f6..9a485bc0d3 100644 --- a/modules/gke-node-pool/metadata.display.yaml +++ b/modules/gke-node-pool/metadata.display.yaml @@ -62,6 +62,7 @@ spec: name: name: name title: Name + level: 1 name_prefix: name: name_prefix title: Name Prefix diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index 70879a7ab5..e8fe8c52a7 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -157,7 +157,7 @@ spec: max_node_count: 100 min_node_count: 1 - name: initial_node_count - description: "The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. WARNING: Resizing your node pool manually may change this value in your existing cluster, which will trigger destruction and recreation on the next Terraform run (to rectify the discrepancy). If you don't need this value, don't set it." + description: Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage. varType: number - name: management description: | @@ -185,7 +185,7 @@ spec: description: Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name. varType: string - name: node_config - description: " Parameters used in creating the node pool.\n - confidential_nodes - (Optional) Configuration for Confidential Nodes feature.\n - enabled (Required) - Enable Confidential GKE Nodes for this node pool, to enforce encryption of data in-use.\n - disk_size_gb - (Optional) Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.\n - disk_type - (Optional) Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-balanced'\n - enable_confidential_storage - (Optional) Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.\n - local_ssd_encryption_mode - (Optional) Possible Local SSD encryption modes: Accepted values are:\n - STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.\n - EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.\n - ephemeral_storage_config - (Optional, Beta) Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.\n - local_ssd_count\n - ephemeral_storage_local_ssd_config - (Optional) Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.\n - local_ssd_count\n - data_cache_count\n - fast_socket - (Optional) Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later.\n - enabled - Whether or not the NCCL Fast Socket is enabled\n - local_nvme_ssd_block_config - (Optional) Parameters for the local NVMe SSDs.\n - local_ssd_count (Required) - Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node. -> Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.\n - logging_variant (Optional) Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See [Increasing logging agent throughput](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#throughput) for more information.\n - secondary_boot_disks - (Optional) Parameters for secondary boot disks to preload container images and data on new nodes. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.\n - disk_image (Required) - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME.\n - mode (Optional) - Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE.\n - gcfs_config - (Optional) Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = \"COS_CONTAINERD\" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming.\n - enabled (Required) - Whether or not the Google Container Filesystem (GCFS) is enabled.\n - gvnic - (Optional) Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later.\n - enabled (Required) - Whether or not the Google Virtual NIC (gVNIC) is enabled\n - guest_accelerator - (Optional) List of the type and count of accelerator cards attached to the instance. Note: As of 6.0.0, argument syntax is no longer supported for this field in favor of block syntax. To dynamically set a list of guest accelerators, use dynamic blocks. To set an empty list, use a single guest_accelerator block with count = 0.\n - type (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.\n - count (Required) - The number of the guest accelerator cards exposed to this instance.\n - gpu_driver_installation_config (Optional) - Configuration for auto installation of GPU driver.\n - gpu_driver_version (Required) - Mode for how the GPU driver is installed. Accepted values are:\n - \"GPU_DRIVER_VERSION_UNSPECIFIED\": Default value is to install the \"Default\" GPU driver. Before GKE 1.30.1-gke.1156000, the default value is to not install any GPU driver.\n - \"INSTALLATION_DISABLED\": Disable GPU driver auto installation and needs manual installation.\n - \"DEFAULT\": \"Default\" GPU driver in COS and Ubuntu.\n - \"LATEST\": \"Latest\" GPU driver in COS.\n - gpu_partition_size (Optional) - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.\n - gpu_sharing_config (Optional) - Configuration for GPU sharing.\n - gpu_sharing_strategy (Required) - The type of GPU sharing strategy to enable on the GPU node. Accepted values are:\n - \"TIME_SHARING\": Allow multiple containers to have time-shared access to a single GPU device.\n - \"MPS\": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS\n - max_shared_clients_per_gpu (Required) - The maximum number of containers that can share a GPU.\n - image_type - (Optional) The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.\n - labels - (Optional) The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.\n - resource_labels - (Optional) The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.\n - max_run_duration - (Optional) The runtime of each node in the node pool in seconds, terminated by 's'. Example: \"3600s\".\n - flex_start - (Optional) Enables Flex Start provisioning model for the node pool.\n - local_ssd_count - (Optional) The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.\n - machine_type - (Optional) The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.\n - metadata - (Optional) The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, Terraform will attempt to unset the value. To avoid this, set the value in your config.\n - min_cpu_platform - (Optional) Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.\n - oauth_scopes - (Optional) The set of Google API scopes to be made available on all of the node VMs under the \"default\" service account. Use the \"https://www.googleapis.com/auth/cloud-platform\" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes) for information on migrating off of legacy access scopes.\n - preemptible - (Optional) A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.\n - reservation_affinity (Optional) The configuration of the desired reservation which instances could take capacity from.\n - consume_reservation_type (Required) The type of reservation consumption Accepted values are:\n - \"UNSPECIFIED\": Default value. This should not be used.\n - \"NO_RESERVATION\": Do not consume from any reserved capacity.\n - \"ANY_RESERVATION\": Consume any reservation available.\n - \"SPECIFIC_RESERVATION\": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.\n - key (Optional) The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify \"compute.googleapis.com/reservation-name\" as the key and specify the name of your reservation as its value.\n - values (Optional) The list of label values of reservation resources. For example: the name of the specific reservation when using a key of \"compute.googleapis.com/reservation-name\"\n - spot - (Optional) A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.\n - sandbox_config - (Optional, Beta) GKE Sandbox configuration. When enabling this feature you must specify image_type = \"COS_CONTAINERD\" and node_version = \"1.12.7-gke.17\" or later to use it.\n - sandbox_type (Required) Which sandbox to use for pods in the node pool. Accepted values are:\n - \"gvisor\": Pods run within a gVisor sandbox.\n - boot_disk_kms_key - (Optional) The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption.\n - service_account - (Optional) The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.\n - shielded_instance_config - (Optional) Shielded Instance options.\n - enable_secure_boot (Optional) - Defines if the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.\n - enable_integrity_monitoring (Optional) - Defines if the instance has integrity monitoring enabled.\n - storage_pools - (Optional) The list of Storage Pools where boot disks are provisioned.\n - tags - (Optional) The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.\n - resource_manager_tags - (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.\n - taint - (Optional) A list of Kubernetes taints to apply to nodes. This field will only report drift on taint keys that are already managed with Terraform, use effective_taints to view the list of GKE-managed taints on the node pool from all sources. Importing this resource will not record any taints as being Terraform-managed, and will cause drift with any configured taints.\n - key (Required) Key for taint.\n - value (Required) Value for taint.\n - effect (Required) Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE.\n - workload_metadata_config - (Optional) Metadata configuration to expose to workloads on the node pool.\n - mode (Required) How to expose the node metadata to the workload running on the node. Accepted values are:\n - MODE_UNSPECIFIED: Not Set\n - GCE_METADATA: Expose all Compute Engine metadata to pods.\n - GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.\n - kubelet_config - (Optional) Kubelet configuration, currently supported attributes can be found [here](https://cloud.google.com/sdk/gcloud/reference/beta/container/node-pools/create#--system-config-from-file).\n - cpu_manager_policy - The CPU management policy on the node. See K8S CPU Management Policies. One of \"none\" or \"static\". If unset (or set to the empty string \"\"), the API will treat the field as if set to \"none\". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string \"\", which will function identically to not setting this field.\n - cpu_cfs_quota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.\n - cpu_cfs_quota_period - The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". The value must be a positive duration.\n - insecure_kubelet_readonly_port_enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.\n - pod_pids_limit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.\n - container_log_max_size - Defines the maximum size of the container log file before it is rotated. Specified as a positive number and a unit suffix, such as \"100Ki\", \"10Mi\". Valid units are \"Ki\", \"Mi\", \"Gi\". The value must be between \"10Mi\" and \"500Mi\", inclusive. And the total container log size (container_log_max_size * container_log_max_files) cannot exceed 1% of the total storage of the node.\n - container_log_max_files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.\n - image_gc_low_threshold_percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.\n - image_gc_high_threshold_percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.\n - image_minimum_gc_age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300s\", \"1.5m\". The value cannot be greater than \"2m\".\n - allowed_unsafe_sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, and net.*.\n - linux_node_config - (Optional) Parameters that can be configured on Linux nodes.\n - sysctls - (Optional) The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found [here](https://cloud.google.com/sdk/gcloud/reference/beta/container/node-pools/create#--system-config-from-file). Note that validations happen all server side. All attributes are optional.\n - cgroup_mode - (Optional) Possible cgroup modes that can be used. Accepted values are:\n - CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.\n - CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.\n - CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.\n - hugepages_config - (Optional) Amounts for 2M and 1G hugepages.\n - hugepage_size_2m - (Optional) Amount of 2M hugepages.\n - hugepage_size_1g - (Optional) Amount of 1G hugepages.\n - windows_node_config - (Optional) Windows node configuration, currently supporting OSVersion attribute. The value must be one of [OS_VERSION_UNSPECIFIED, OS_VERSION_LTSC2019, OS_VERSION_LTSC2022].\n - containerd_config - (Optional) Parameters to customize containerd runtime.\n - private_registry_access_config (Optional) - Configuration for private container registries. There are two fields in this config:\n - enabled (Required) - Enables private registry config. If set to false, all other fields in this object must not be set.\n - certificate_authority_domain_config (Optional) - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail.\n - fqdns - List of Fully Qualified Domain Names.\n - gcp_secret_manager_certificate_config\n - secret_uri - URI for the Google Cloud Secret that stores the certificate. Format is 'projects/PROJECT_NUMBER/secrets/SECRET_NAME/versions/VERSION'.\n - node_group - (Optional) Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.\n - sole_tenant_config (Optional) Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.\n - node_affinity\n - key (Required) - The default or custom node affinity label key name.\n - operator (Required) - Specifies affinity or anti-affinity. Accepted values are \"IN\" or \"NOT_IN\"\n - values (Required) - List of node affinity label values as strings.\n" + description: Parameters used in creating the node pool. varType: |- object({ confidential_nodes = optional(object({ @@ -322,7 +322,7 @@ spec: workload_metadata_config: mode: MODE_UNSPECIFIED - name: network_config - description: " The network configuration of the pool. Such as configuration for Adding Pod IP address ranges to the node pool. Or enabling private nodes.\n - create_pod_range: Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.\n - enable_private_nodes: Whether nodes have internal IP addresses only.\n - pod_ipv4_cidr_block: The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.\n - pod_range - The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.\n - additional_node_network_configs - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface.\n - network - Name of the VPC where the additional interface belongs.\n - subnetwork - Name of the subnetwork where the additional interface belongs\n - additional_pod_network_configs - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node.\n - subnetwork - Name of the subnetwork where the additional pod network belongs.\n - secondary_pod_range - The name of the secondary range on the subnet which provides IP address for this pod range.\n - max_pods_per_node - The maximum number of pods per node which use this pod network.\n - pod_cidr_overprovision_config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited.\n - disabled - Whether pod cidr overprovision is disabled.\n - network_performance_config - Network bandwidth tier configuration.\n - total_egress_bandwidth_tier - Specifies the total network bandwidth tier for the NodePool. Valid values include: \"TIER_1\" and \"TIER_UNSPECIFIED\".\n" + description: The network configuration of the pool. varType: |- object({ create_pod_range = optional(bool) @@ -350,7 +350,7 @@ spec: varType: number defaultValue: 1 - name: upgrade_settings - description: " Specify node upgrade settings to change how GKE upgrades nodes. The maximum number of nodes upgraded simultaneously is limited to 20.\n - max_surge:he number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.\n - max_unavailable - (Optional) The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.\n - strategy - (Default SURGE) The upgrade strategy to be used for upgrading the nodes.\n - blue_green_settings: The settings to adjust blue green upgrades.\n - standard_rollout_policy: Specifies the standard policy settings for blue-green upgrades.\n - batch_percentage: Percentage of the blue pool nodes to drain in a batch.\n - batch_node_count:Number of blue nodes to drain in a batch.\n - batch_soak_duration: Soak time after each batch gets drained.\n - local_ssd_encryption_mode: Possible Local SSD encryption modes: Accepted values are:\n - STANDARD_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.\n - EPHEMERAL_KEY_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.\n - node_pool_soak_duration: Time needed after draining the entire blue pool. After this period, the blue pool will be cleaned up.\n" + description: Specify node upgrade settings to change how GKE upgrades nodes. varType: |- object({ max_surge = optional(number) diff --git a/modules/gke-standard-cluster/metadata.display.yaml b/modules/gke-standard-cluster/metadata.display.yaml index 8a19d66c33..a5252eb195 100644 --- a/modules/gke-standard-cluster/metadata.display.yaml +++ b/modules/gke-standard-cluster/metadata.display.yaml @@ -405,6 +405,8 @@ spec: name: name: name title: Name + regexValidation: ^[a-z][a-z0-9-]{0,38}[a-z0-9]$ + validation: The cluster name must start with a lowercase letter and can contain up to 40 characters. It can include lowercase letters, numbers, and hyphens, but it cannot end with a hyphen. The name must be unique within its project and location. network: name: network title: Network From cc15ca8d68c93cc3c98868aa571eef124b2109d2 Mon Sep 17 00:00:00 2001 From: Daisy Date: Thu, 4 Sep 2025 09:00:17 +0000 Subject: [PATCH 06/12] lint changes of standard cluster and node pool --- modules/gke-node-pool/README.md | 6 +- modules/gke-node-pool/metadata.display.yaml | 112 ++--- modules/gke-node-pool/metadata.yaml | 4 +- modules/gke-standard-cluster/README.md | 2 +- .../metadata.display.yaml | 408 +++++++++--------- modules/gke-standard-cluster/metadata.yaml | 2 +- 6 files changed, 267 insertions(+), 267 deletions(-) diff --git a/modules/gke-node-pool/README.md b/modules/gke-node-pool/README.md index d6c753dec3..08f32de5c3 100644 --- a/modules/gke-node-pool/README.md +++ b/modules/gke-node-pool/README.md @@ -7,7 +7,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- min\_node\_count: Minimum number of nodes per zone in the NodePool. Must be >=0 and <= max\_node\_count. Cannot be used with total limits.
- max\_node\_count: Maximum number of nodes per zone in the NodePool. Must be >= min\_node\_count. Cannot be used with total limits.
- total\_min\_node\_count: Total minimum number of nodes in the NodePool. Must be >=0 and <= total\_max\_node\_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters.
- total\_max\_node\_count: Total maximum number of nodes in the NodePool. Must be >= total\_min\_node\_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters.
- location\_policy: Location policy specifies the algorithm used when scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters.
- "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones.
- "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduce preemption risk for Spot VMs. | 
object({
    min_node_count       = optional(number)
    max_node_count       = optional(number)
    total_min_node_count = optional(number)
    total_max_node_count = optional(number)
    location_policy      = optional(string)
  })
| 
{
  "max_node_count": 100,
  "min_node_count": 1
}
| no | -| cluster | The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. | `string` | n/a | yes | +| cluster | The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project\_id}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. | `string` | n/a | yes | | initial\_node\_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. WARNING: Resizing your node pool manually may change this value in your existing cluster, which will trigger destruction and recreation on the next Terraform run (to rectify the discrepancy). If you don't need this value, don't set it. | `number` | `null` | no | | kubernetes\_version | The Kubernetes version for the nodes in this pool. Note that if this field and auto\_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google\_container\_engine\_versions data source's version\_prefix field to approximate fuzzy versions in a Terraform-compatible way. | `string` | `null` | no | | location | The location (region or zone) of the cluster. | `string` | `null` | no | @@ -20,7 +20,7 @@ | node\_count | The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling. | `number` | `1` | no | | node\_locations | The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node\_locations will be used. Note: node\_locations will not revert to the cluster's default set of zones upon being unset. You must manually reconcile the list of zones with your cluster. | `list(string)` | `null` | no | | placement\_policy | Specifies a custom placement policy for the nodes.
- type: The type of the policy. Supports a single value: COMPACT. Specifying COMPACT placement policy type places node pool's nodes in a closer physical proximity in order to reduce network latency between nodes.
- policy\_name: If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu\_topology: The TPU topology like "2x4" or "2x2x2". | 
object({
    type         = string
    policy_name  = optional(string)
    tpu_topology = optional(string)
  })
| `null` | no | -| project | The ID of the project in which to create the node pool. | `string` | n/a | yes | +| project\_id | The ID of the project in which to create the node pool. | `string` | n/a | yes | | queued\_provisioning | Specifies node pool-level settings of queued provisioning.
- enabled (Required) - Makes nodes obtainable through the ProvisioningRequest API exclusively. | 
object({
    enabled = bool
  })
| `null` | no | | timeouts | Timeout for cluster operations. | 
object({
    create = optional(string)
    update = optional(string)
    delete = optional(string)
  })
| 
{
  "create": "45m",
  "delete": "45m",
  "update": "45m"
}
| no | | upgrade\_settings | Specify node upgrade settings to change how GKE upgrades nodes. The maximum number of nodes upgraded simultaneously is limited to 20.
- max\_surge:he number of additional nodes that can be added to the node pool during an upgrade. Increasing max\_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.
- max\_unavailable - (Optional) The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max\_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.
- strategy - (Default SURGE) The upgrade strategy to be used for upgrading the nodes.
- blue\_green\_settings: The settings to adjust blue green upgrades.
- standard\_rollout\_policy: Specifies the standard policy settings for blue-green upgrades.
- batch\_percentage: Percentage of the blue pool nodes to drain in a batch.
- batch\_node\_count:Number of blue nodes to drain in a batch.
- batch\_soak\_duration: Soak time after each batch gets drained.
- local\_ssd\_encryption\_mode: Possible Local SSD encryption modes: Accepted values are:
- STANDARD\_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.
- EPHEMERAL\_KEY\_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- node\_pool\_soak\_duration: Time needed after draining the entire blue pool. After this period, the blue pool will be cleaned up. | 
object({
    max_surge       = optional(number)
    max_unavailable = optional(number)
    strategy        = optional(string)
    blue_green_settings = optional(object({
      standard_rollout_policy = object({
        batch_percentage    = optional(number)
        batch_node_count    = optional(number)
        batch_soak_duration = optional(string)
      })
      node_pool_soak_duration = optional(string)
    }))
  })
| 
{
  "max_surge": 1,
  "max_unavailable": 0,
  "strategy": "SURGE"
}
| no | @@ -29,7 +29,7 @@ | Name | Description | |------|-------------| -| id | an identifier for the resource with format {{project}}/{{location}}/{{cluster}}/{{name}} | +| id | an identifier for the resource with format {{project\_id}}/{{location}}/{{cluster}}/{{name}} | | instance\_group\_urls | The resource URLs of the managed instance groups associated with this node pool. | | managed\_instance\_group\_urls | List of instance group URLs which have been assigned to this node pool. | diff --git a/modules/gke-node-pool/metadata.display.yaml b/modules/gke-node-pool/metadata.display.yaml index 9a485bc0d3..093b4c11af 100644 --- a/modules/gke-node-pool/metadata.display.yaml +++ b/modules/gke-node-pool/metadata.display.yaml @@ -96,22 +96,6 @@ spec: value: pd-balanced - label: pd-ssd value: pd-ssd - local_ssd_encryption_mode: - name: local_ssd_encryption_mode - title: Local SSD Encryption Mode - enumValueLabels: - - label: STANDARD_ENCRYPTION - value: STANDARD_ENCRYPTION - - label: EPHEMERAL_KEY_ENCRYPTION - value: EPHEMERAL_KEY_ENCRYPTION - logging_variant: - name: logging_variant - title: Logging Variant - enumValueLabels: - - label: DEFAULT - value: DEFAULT - - label: MAX_THROUGHPUT - value: MAX_THROUGHPUT guest_accelerator: name: guest_accelerator title: Guest Accelerator @@ -144,6 +128,48 @@ spec: value: TIME_SHARING - label: MPS value: MPS + kubelet_config: + name: kubelet_config + title: Kubelet Config + properties: + cpu_manager_policy: + name: cpu_manager_policy + title: CPU Manager Policy + enumValueLabels: + - label: none + value: none + - label: static + value: static + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 + local_ssd_encryption_mode: + name: local_ssd_encryption_mode + title: Local SSD Encryption Mode + enumValueLabels: + - label: STANDARD_ENCRYPTION + value: STANDARD_ENCRYPTION + - label: EPHEMERAL_KEY_ENCRYPTION + value: EPHEMERAL_KEY_ENCRYPTION + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT oauth_scopes: name: oauth_scopes title: Oauth Scopes @@ -188,46 +214,6 @@ spec: value: PREFER_NO_SCHEDULE - label: NO_EXECUTE value: NO_EXECUTE - workload_metadata_config: - name: workload_metadata_config - title: Workload Metadata Config - properties: - mode: - name: mode - title: Mode - enumValueLabels: - - label: GCE_METADATA - value: GCE_METADATA - - label: GKE_METADATA - value: GKE_METADATA - - label: MODE_UNSPECIFIED - value: MODE_UNSPECIFIED - kubelet_config: - name: kubelet_config - title: Kubelet Config - properties: - cpu_manager_policy: - name: cpu_manager_policy - title: CPU Manager Policy - enumValueLabels: - - label: none - value: none - - label: static - value: static - linux_node_config: - name: linux_node_config - title: Linux Node Config - properties: - cgroup_mode: - name: cgroup_mode - title: Cgroup Mode - enumValueLabels: - - label: CGROUP_MODE_UNSPECIFIED - value: CGROUP_MODE_UNSPECIFIED - - label: CGROUP_MODE_V1 - value: CGROUP_MODE_V1 - - label: CGROUP_MODE_V2 - value: CGROUP_MODE_V2 windows_node_config: name: windows_node_config title: Windows Node Config @@ -242,6 +228,20 @@ spec: value: OS_VERSION_LTSC2019 - label: OS_VERSION_LTSC2022 value: OS_VERSION_LTSC2022 + workload_metadata_config: + name: workload_metadata_config + title: Workload Metadata Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: GCE_METADATA + value: GCE_METADATA + - label: GKE_METADATA + value: GKE_METADATA + - label: MODE_UNSPECIFIED + value: MODE_UNSPECIFIED node_count: name: node_count title: Node Count diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index e8fe8c52a7..c393a66157 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -144,7 +144,7 @@ spec: description: The location (region or zone) of the cluster. varType: string - name: autoscaling - description: " Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.\n - min_node_count: Minimum number of nodes per zone in the NodePool. Must be >=0 and <= max_node_count. Cannot be used with total limits.\n - max_node_count: Maximum number of nodes per zone in the NodePool. Must be >= min_node_count. Cannot be used with total limits.\n - total_min_node_count: Total minimum number of nodes in the NodePool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters.\n - total_max_node_count: Total maximum number of nodes in the NodePool. Must be >= total_min_node_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters.\n - location_policy: Location policy specifies the algorithm used when scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters.\n - \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones.\n - \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduce preemption risk for Spot VMs.\n" + description: Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage. varType: |- object({ min_node_count = optional(number) @@ -409,9 +409,9 @@ spec: roles: - level: Project roles: + - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin - - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/gke-standard-cluster/README.md b/modules/gke-standard-cluster/README.md index 06db1d69f9..b0d13d30aa 100644 --- a/modules/gke-standard-cluster/README.md +++ b/modules/gke-standard-cluster/README.md @@ -67,7 +67,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes | pod\_security\_policy\_config | Configuration for the [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature. | 
object({
    enabled = bool
  })
| `null` | no | | private\_cluster\_config | Configuration for private clusters, clusters with private nodes. | 
object({
    enable_private_nodes        = optional(bool)
    enable_private_endpoint     = optional(bool)
    master_ipv4_cidr_block      = optional(string)
    private_endpoint_subnetwork = optional(string)
    master_global_access_config = optional(object({
      enabled = optional(bool)
    }))
  })
| 
{
  "enable_private_endpoint": true,
  "enable_private_nodes": true,
  "master_global_access_config": {
    "enabled": true
  }
}
| no | | private\_ipv6\_google\_access | The desired state of IPv6 access to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). | `string` | `null` | no | -| project | The ID of the project in which the resource belongs. If it is not provided, the provider project is used. | `string` | `null` | no | +| project\_id | The ID of the project in which the resource belongs. If it is not provided, the provider project id is used. | `string` | `null` | no | | protect\_config | Enable GKE Protect workloads for this cluster. | 
object({
    workload_config = object({
      audit_mode = string
    })
    workload_vulnerability_mode = optional(string)
  })
| `null` | no | | release\_channel | Configuration for the release channel feature, which provides more control over automatic upgrades of your GKE clusters. | 
object({
    channel = optional(string)
  })
| `null` | no | | remove\_default\_node\_pool | If true, deletes the default node pool upon cluster creation. If you're using google\_container\_node\_pool resources with no default node pool, this should be set to true. | `bool` | `true` | no | diff --git a/modules/gke-standard-cluster/metadata.display.yaml b/modules/gke-standard-cluster/metadata.display.yaml index a5252eb195..1eb79072e4 100644 --- a/modules/gke-standard-cluster/metadata.display.yaml +++ b/modules/gke-standard-cluster/metadata.display.yaml @@ -32,15 +32,30 @@ spec: name: addons_config title: Addons Config properties: - http_load_balancing: - name: http_load_balancing - title: Http Load Balancing + config_connector_config: + name: config_connector_config + title: Config Connector Config + dns_cache_config: + name: dns_cache_config + title: Dns Cache Config + gce_persistent_disk_csi_driver_config: + name: gce_persistent_disk_csi_driver_config + title: Gce Persistent Disk Csi Driver Config + gcp_filestore_csi_driver_config: + name: gcp_filestore_csi_driver_config + title: Gcp Filestore Csi Driver Config + gcs_fuse_csi_driver_config: + name: gcs_fuse_csi_driver_config + title: Gcs Fuse Csi Driver Config + gke_backup_agent_config: + name: gke_backup_agent_config + title: Gke Backup Agent Config horizontal_pod_autoscaling: name: horizontal_pod_autoscaling title: Horizontal Pod Autoscaling - network_policy_config: - name: network_policy_config - title: Network Policy Config + http_load_balancing: + name: http_load_balancing + title: Http Load Balancing istio_config: name: istio_config title: Istio Config @@ -51,36 +66,21 @@ spec: enumValueLabels: - label: MUTUAL_TLS value: MUTUAL_TLS - dns_cache_config: - name: dns_cache_config - title: Dns Cache Config - config_connector_config: - name: config_connector_config - title: Config Connector Config - gce_persistent_disk_csi_driver_config: - name: gce_persistent_disk_csi_driver_config - title: Gce Persistent Disk Csi Driver Config kalm_config: name: kalm_config title: Kalm Config - gcp_filestore_csi_driver_config: - name: gcp_filestore_csi_driver_config - title: Gcp Filestore Csi Driver Config - gke_backup_agent_config: - name: gke_backup_agent_config - title: Gke Backup Agent Config - gcs_fuse_csi_driver_config: - name: gcs_fuse_csi_driver_config - title: Gcs Fuse Csi Driver Config - stateful_ha_config: - name: stateful_ha_config - title: Stateful Ha Config + network_policy_config: + name: network_policy_config + title: Network Policy Config parallelstore_csi_driver_config: name: parallelstore_csi_driver_config title: Parallelstore Csi Driver Config ray_operator_config: name: ray_operator_config title: Ray Operator Config + stateful_ha_config: + name: stateful_ha_config + title: Stateful Ha Config authenticator_groups_config: name: authenticator_groups_config title: Authenticator Groups Config @@ -106,9 +106,6 @@ spec: name: cluster_autoscaling title: Cluster Autoscaling properties: - resource_limits: - name: resource_limits - title: Resource Limits auto_provisioning_defaults: name: auto_provisioning_defaults title: Auto Provisioning Defaults @@ -120,6 +117,9 @@ spec: name: upgrade_settings title: Upgrade Settings properties: + blue_green_settings: + name: blue_green_settings + title: Blue Green Settings strategy: name: strategy title: Strategy @@ -128,9 +128,6 @@ spec: value: SURGE - label: BLUE_GREEN value: BLUE_GREEN - blue_green_settings: - name: blue_green_settings - title: Blue Green Settings autoscaling_profile: name: autoscaling_profile title: Autoscaling Profile @@ -139,6 +136,9 @@ spec: value: OPTIMIZE_UTILIZATION - label: BALANCED value: BALANCED + resource_limits: + name: resource_limits + title: Resource Limits cluster_ipv4_cidr: name: cluster_ipv4_cidr title: Cluster Ipv4 Cidr @@ -182,14 +182,14 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider - altDefaults: - - type: ALTERNATE_TYPE_DC - value: LEGACY_DATAPATH enumValueLabels: - label: LEGACY_DATAPATH value: LEGACY_DATAPATH - label: ADVANCED_DATAPATH value: ADVANCED_DATAPATH + altDefaults: + - type: ALTERNATE_TYPE_DC + value: LEGACY_DATAPATH default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -424,6 +424,9 @@ spec: name: node_config title: Node Config properties: + containerd_config: + name: containerd_config + title: Containerd Config disk_type: name: disk_type title: Disk Type @@ -434,39 +437,10 @@ spec: value: pd-balanced - label: pd-ssd value: pd-ssd - local_ssd_encryption_mode: - name: local_ssd_encryption_mode - title: Local Ssd Encryption Mode - enumValueLabels: - - label: STANDARD_ENCRYPTION - value: STANDARD_ENCRYPTION - - label: EPHEMERAL_KEY_ENCRYPTION - value: EPHEMERAL_KEY_ENCRYPTION - logging_variant: - name: logging_variant - title: Logging Variant - enumValueLabels: - - label: DEFAULT - value: DEFAULT - - label: MAX_THROUGHPUT - value: MAX_THROUGHPUT - secondary_boot_disks: - name: secondary_boot_disks - title: Secondary Boot Disks - properties: - mode: - name: mode - title: Mode - enumValueLabels: - - label: CONTAINER_IMAGE_CACHE - value: CONTAINER_IMAGE_CACHE guest_accelerator: name: guest_accelerator title: Guest Accelerator properties: - type: - name: type - title: Type gpu_driver_installation_config: name: gpu_driver_installation_config title: Gpu Driver Installation Config @@ -495,6 +469,51 @@ spec: value: TIME_SHARING - label: MPS value: MPS + type: + name: type + title: Type + kubelet_config: + name: kubelet_config + title: Kubelet Config + properties: + cpu_manager_policy: + name: cpu_manager_policy + title: Cpu Manager Policy + enumValueLabels: + - label: none + value: none + - label: static + value: static + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 + local_ssd_encryption_mode: + name: local_ssd_encryption_mode + title: Local Ssd Encryption Mode + enumValueLabels: + - label: STANDARD_ENCRYPTION + value: STANDARD_ENCRYPTION + - label: EPHEMERAL_KEY_ENCRYPTION + value: EPHEMERAL_KEY_ENCRYPTION + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT reservation_affinity: name: reservation_affinity title: Reservation Affinity @@ -521,46 +540,16 @@ spec: enumValueLabels: - label: gvisor value: gvisor - workload_metadata_config: - name: workload_metadata_config - title: Workload Metadata Config + secondary_boot_disks: + name: secondary_boot_disks + title: Secondary Boot Disks properties: mode: name: mode title: Mode enumValueLabels: - - label: MODE_UNSPECIFIED - value: MODE_UNSPECIFIED - - label: GCE_METADATA - value: GCE_METADATA - - label: GKE_METADATA - value: GKE_METADATA - kubelet_config: - name: kubelet_config - title: Kubelet Config - properties: - cpu_manager_policy: - name: cpu_manager_policy - title: Cpu Manager Policy - enumValueLabels: - - label: none - value: none - - label: static - value: static - linux_node_config: - name: linux_node_config - title: Linux Node Config - properties: - cgroup_mode: - name: cgroup_mode - title: Cgroup Mode - enumValueLabels: - - label: CGROUP_MODE_UNSPECIFIED - value: CGROUP_MODE_UNSPECIFIED - - label: CGROUP_MODE_V1 - value: CGROUP_MODE_V1 - - label: CGROUP_MODE_V2 - value: CGROUP_MODE_V2 + - label: CONTAINER_IMAGE_CACHE + value: CONTAINER_IMAGE_CACHE windows_node_config: name: windows_node_config title: Windows Node Config @@ -575,9 +564,20 @@ spec: value: OS_VERSION_LTSC2019 - label: OS_VERSION_LTSC2022 value: OS_VERSION_LTSC2022 - containerd_config: - name: containerd_config - title: Containerd Config + workload_metadata_config: + name: workload_metadata_config + title: Workload Metadata Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: MODE_UNSPECIFIED + value: MODE_UNSPECIFIED + - label: GCE_METADATA + value: GCE_METADATA + - label: GKE_METADATA + value: GKE_METADATA node_locations: name: node_locations title: Node Locations @@ -585,9 +585,6 @@ spec: name: node_pool title: Node Pool properties: - node_locations: - name: node_locations - title: Node Locations autoscaling: name: autoscaling title: Autoscaling @@ -603,10 +600,29 @@ spec: management: name: management title: Management + network_config: + name: network_config + title: Network Config + properties: + network_performance_config: + name: network_performance_config + title: Network Performance Config + properties: + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier + enumValueLabels: + - label: TIER_UNSPECIFIED + value: TIER_UNSPECIFIED + - label: TIER_1 + value: TIER_1 node_config: name: node_config title: Node Config properties: + containerd_config: + name: containerd_config + title: Containerd Config disk_type: name: disk_type title: Disk Type @@ -617,39 +633,10 @@ spec: value: pd-balanced - label: pd-ssd value: pd-ssd - local_ssd_encryption_mode: - name: local_ssd_encryption_mode - title: Local Ssd Encryption Mode - enumValueLabels: - - label: STANDARD_ENCRYPTION - value: STANDARD_ENCRYPTION - - label: EPHEMERAL_KEY_ENCRYPTION - value: EPHEMERAL_KEY_ENCRYPTION - logging_variant: - name: logging_variant - title: Logging Variant - enumValueLabels: - - label: DEFAULT - value: DEFAULT - - label: MAX_THROUGHPUT - value: MAX_THROUGHPUT - secondary_boot_disks: - name: secondary_boot_disks - title: Secondary Boot Disks - properties: - mode: - name: mode - title: Mode - enumValueLabels: - - label: CONTAINER_IMAGE_CACHE - value: CONTAINER_IMAGE_CACHE guest_accelerator: name: guest_accelerator title: Guest Accelerator properties: - type: - name: type - title: Type gpu_driver_installation_config: name: gpu_driver_installation_config title: Gpu Driver Installation Config @@ -678,6 +665,51 @@ spec: value: TIME_SHARING - label: MPS value: MPS + type: + name: type + title: Type + kubelet_config: + name: kubelet_config + title: Kubelet Config + properties: + cpu_manager_policy: + name: cpu_manager_policy + title: Cpu Manager Policy + enumValueLabels: + - label: none + value: none + - label: static + value: static + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 + local_ssd_encryption_mode: + name: local_ssd_encryption_mode + title: Local Ssd Encryption Mode + enumValueLabels: + - label: STANDARD_ENCRYPTION + value: STANDARD_ENCRYPTION + - label: EPHEMERAL_KEY_ENCRYPTION + value: EPHEMERAL_KEY_ENCRYPTION + logging_variant: + name: logging_variant + title: Logging Variant + enumValueLabels: + - label: DEFAULT + value: DEFAULT + - label: MAX_THROUGHPUT + value: MAX_THROUGHPUT reservation_affinity: name: reservation_affinity title: Reservation Affinity @@ -704,46 +736,16 @@ spec: enumValueLabels: - label: gvisor value: gvisor - workload_metadata_config: - name: workload_metadata_config - title: Workload Metadata Config + secondary_boot_disks: + name: secondary_boot_disks + title: Secondary Boot Disks properties: mode: name: mode title: Mode enumValueLabels: - - label: MODE_UNSPECIFIED - value: MODE_UNSPECIFIED - - label: GCE_METADATA - value: GCE_METADATA - - label: GKE_METADATA - value: GKE_METADATA - kubelet_config: - name: kubelet_config - title: Kubelet Config - properties: - cpu_manager_policy: - name: cpu_manager_policy - title: Cpu Manager Policy - enumValueLabels: - - label: none - value: none - - label: static - value: static - linux_node_config: - name: linux_node_config - title: Linux Node Config - properties: - cgroup_mode: - name: cgroup_mode - title: Cgroup Mode - enumValueLabels: - - label: CGROUP_MODE_UNSPECIFIED - value: CGROUP_MODE_UNSPECIFIED - - label: CGROUP_MODE_V1 - value: CGROUP_MODE_V1 - - label: CGROUP_MODE_V2 - value: CGROUP_MODE_V2 + - label: CONTAINER_IMAGE_CACHE + value: CONTAINER_IMAGE_CACHE windows_node_config: name: windows_node_config title: Windows Node Config @@ -758,25 +760,33 @@ spec: value: OS_VERSION_LTSC2019 - label: OS_VERSION_LTSC2022 value: OS_VERSION_LTSC2022 - containerd_config: - name: containerd_config - title: Containerd Config - network_config: - name: network_config - title: Network Config - properties: - network_performance_config: - name: network_performance_config - title: Network Performance Config + workload_metadata_config: + name: workload_metadata_config + title: Workload Metadata Config properties: - total_egress_bandwidth_tier: - name: total_egress_bandwidth_tier - title: Total Egress Bandwidth Tier + mode: + name: mode + title: Mode enumValueLabels: - - label: TIER_UNSPECIFIED - value: TIER_UNSPECIFIED - - label: TIER_1 - value: TIER_1 + - label: MODE_UNSPECIFIED + value: MODE_UNSPECIFIED + - label: GCE_METADATA + value: GCE_METADATA + - label: GKE_METADATA + value: GKE_METADATA + node_locations: + name: node_locations + title: Node Locations + placement_policy: + name: placement_policy + title: Placement Policy + properties: + type: + name: type + title: Type + enumValueLabels: + - label: COMPACT + value: COMPACT upgrade_settings: name: upgrade_settings title: Upgrade Settings @@ -789,16 +799,6 @@ spec: value: SURGE - label: BLUE_GREEN value: BLUE_GREEN - placement_policy: - name: placement_policy - title: Placement Policy - properties: - type: - name: type - title: Type - enumValueLabels: - - label: COMPACT - value: COMPACT node_pool_auto_config: name: node_pool_auto_config title: Node Pool Auto Config @@ -881,9 +881,6 @@ spec: private_ipv6_google_access: name: private_ipv6_google_access title: Private Ipv6 Google Access - altDefaults: - - type: ALTERNATE_TYPE_DC - value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED enumValueLabels: - label: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED @@ -893,6 +890,9 @@ spec: value: PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE - label: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL value: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL + altDefaults: + - type: ALTERNATE_TYPE_DC + value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED project_id: name: project_id title: Project Id @@ -916,10 +916,10 @@ spec: name: workload_vulnerability_mode title: Workload Vulnerability Mode enumValueLabels: - - label: DISABLED - value: DISABLED - - label: BASIC - value: BASIC + - label: DISABLED + value: DISABLED + - label: BASIC + value: BASIC release_channel: name: release_channel title: Release Channel diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index f81d6c6ed7..636ade0841 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -1009,9 +1009,9 @@ spec: roles: - level: Project roles: - - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin + - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com From be1cb266914305dc807beeefcb7b37e6c3d77a96 Mon Sep 17 00:00:00 2001 From: Daisy Date: Mon, 8 Sep 2025 17:42:29 +0000 Subject: [PATCH 07/12] changes done in module gke-autopilot-cluster --- modules/gke-autopilot-cluster/README.md | 2 +- modules/gke-autopilot-cluster/main.tf | 2 +- .../metadata.display.yaml | 280 +++++++++++++++++- modules/gke-autopilot-cluster/metadata.yaml | 4 +- modules/gke-autopilot-cluster/variables.tf | 2 +- 5 files changed, 282 insertions(+), 8 deletions(-) diff --git a/modules/gke-autopilot-cluster/README.md b/modules/gke-autopilot-cluster/README.md index 670273cd8e..b6039284bf 100644 --- a/modules/gke-autopilot-cluster/README.md +++ b/modules/gke-autopilot-cluster/README.md @@ -54,7 +54,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes | pod\_security\_policy\_config | Configuration for the [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature. | 
object({
    enabled = bool
  })
| `null` | no | | private\_cluster\_config | Configuration for private clusters, clusters with private nodes. | 
object({
    enable_private_nodes        = optional(bool)
    enable_private_endpoint     = optional(bool)
    master_ipv4_cidr_block      = optional(string)
    private_endpoint_subnetwork = optional(string)
    master_global_access_config = optional(object({
      enabled = optional(bool)
    }))
  })
| 
{
  "enable_private_endpoint": true,
  "enable_private_nodes": true,
  "master_global_access_config": {
    "enabled": true
  }
}
| no | | private\_ipv6\_google\_access | The desired state of IPv6 access to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). | `string` | `null` | no | -| project | The ID of the project in which the resource belongs. If it is not provided, the provider project is used. | `string` | n/a | yes | +| project\_id | The ID of the project in which the resource belongs. If it is not provided, the provider project is used. | `string` | n/a | yes | | protect\_config | Enable/Disable Protect API features for the cluster. | 
object({
    workload_config = object({
      audit_mode = string
    })
    workload_vulnerability_mode = optional(string)
  })
| `null` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | 
object({
    channel = optional(string)
  })
| 
{
  "channel": "REGULAR"
}
| no | | resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective\_labels' for all of the labels present on the resource. | `map(string)` | `null` | no | diff --git a/modules/gke-autopilot-cluster/main.tf b/modules/gke-autopilot-cluster/main.tf index 76ccbdd4b4..355bbdaaa4 100644 --- a/modules/gke-autopilot-cluster/main.tf +++ b/modules/gke-autopilot-cluster/main.tf @@ -19,7 +19,7 @@ resource "google_container_cluster" "main" { name = var.name description = var.description - project = var.project + project = var.project_id resource_labels = var.resource_labels location = var.location node_locations = var.node_locations diff --git a/modules/gke-autopilot-cluster/metadata.display.yaml b/modules/gke-autopilot-cluster/metadata.display.yaml index db9f489c5a..56b2dcb6b1 100644 --- a/modules/gke-autopilot-cluster/metadata.display.yaml +++ b/modules/gke-autopilot-cluster/metadata.display.yaml @@ -37,9 +37,24 @@ spec: authenticator_groups_config: name: authenticator_groups_config title: Authenticator Groups Config + properties: + security_group: + name: security_group + title: Security Group + regexValidation: ^gke-security-groups@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ + validation: Please use a valid email address with the gke-security-groups prefix. binary_authorization: name: binary_authorization title: Binary Authorization + properties: + evaluation_mode: + name: evaluation_mode + title: Evaluation Mode + enumValueLabels: + - label: PROJECT_SINGLETON_POLICY_ENFORCE + value: PROJECT_SINGLETON_POLICY_ENFORCE + - label: DISABLED + value: DISABLED cluster_autoscaling: name: cluster_autoscaling title: Cluster Autoscaling @@ -49,6 +64,17 @@ spec: cluster_telemetry: name: cluster_telemetry title: Cluster Telemetry + properties: + type: + name: type + title: Type + enumValueLabels: + - label: ENABLED + value: ENABLED + - label: DISABLED + value: DISABLED + - label: SYSTEM_ONLY + value: SYSTEM_ONLY confidential_nodes: name: confidential_nodes title: Confidential Nodes @@ -61,9 +87,26 @@ spec: database_encryption: name: database_encryption title: Database Encryption + properties: + state: + name: state + title: State + enumValueLabels: + - label: ENCRYPTED + value: ENCRYPTED + - label: DECRYPTED + value: DECRYPTED datapath_provider: name: datapath_provider title: Datapath Provider + altDefaults: + - type: ALTERNATE_TYPE_DC + value: LEGACY_DATAPATH + enumValueLabels: + - label: LEGACY_DATAPATH + value: LEGACY_DATAPATH + - label: ADVANCED_DATAPATH + value: ADVANCED_DATAPATH default_snat_status: name: default_snat_status title: Default Snat Status @@ -79,6 +122,15 @@ spec: dns_config: name: dns_config title: Dns Config + properties: + cluster_dns: + name: cluster_dns + title: Cluster Dns + enumValueLabels: + - label: CLOUD_DNS + value: CLOUD_DNS + - label: PLATFORM_DEFAULT + value: PLATFORM_DEFAULT enable_cilium_clusterwide_network_policy: name: enable_cilium_clusterwide_network_policy title: Enable Cilium Clusterwide Network Policy @@ -97,36 +149,117 @@ spec: enterprise_config: name: enterprise_config title: Enterprise Config + properties: + desired_tier: + name: desired_tier + title: Desired Tier + enumValueLabels: + - label: STANDARD + value: STANDARD + - label: ENTERPRISE + value: ENTERPRISE fleet: name: fleet title: Fleet gateway_api_config: name: gateway_api_config title: Gateway Api Config + properties: + channel: + name: channel + title: Channel + enumValueLabels: + - label: CHANNEL_DISABLED + value: CHANNEL_DISABLED + - label: CHANNEL_EXPERIMENTAL + value: CHANNEL_EXPERIMENTAL + - label: CHANNEL_STANDARD + value: CHANNEL_STANDARD identity_service_config: name: identity_service_config title: Identity Service Config in_transit_encryption_config: name: in_transit_encryption_config title: In Transit Encryption Config + enumValueLabels: + - label: IN_TRANSIT_ENCRYPTION_DISABLED + value: IN_TRANSIT_ENCRYPTION_DISABLED + - label: IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT + value: IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT ip_allocation_policy: name: ip_allocation_policy title: Ip Allocation Policy + properties: + stack_type: + name: stack_type + title: Stack Type + enumValueLabels: + - label: IPV4 + value: IPV4 + - label: IPV4_IPV6 + value: IPV4_IPV6 location: name: location title: Location logging_config: name: logging_config title: Logging Config + properties: + enable_components: + name: enable_components + title: Enable Components + enumValueLabels: + - label: SYSTEM_COMPONENTS + value: SYSTEM_COMPONENTS + - label: APISERVER + value: APISERVER + - label: CONTROLLER_MANAGER + value: CONTROLLER_MANAGER + - label: SCHEDULER + value: SCHEDULER + - label: WORKLOADS + value: WORKLOADS maintenance_policy: name: maintenance_policy title: Maintenance Policy + properties: + recurring_window: + name: recurring_window + title: Recurring Window + properties: + recurrence: + name: recurrence + title: Recurrence + regexValidation: "^(FREQ|BYDAY|BYMONTHDAY|BYMONTH|BYYEARDAY|INTERVAL|COUNT|UNTIL|WKST|BYSETPOS|BYWEEKNO|BYHOUR|BYMINUTE|BYSECOND|RRULE|DTSTART|TZID|RDATE|EXDATE|EXRULE|ACTION|ATTENDEE|CALSCALE|CATEGORIES|CLASS|COMMENT|CONTACT|CREATED|DESCRIPTION|GEO|LAST-MODIFIED|LOCATION|ORGANIZER|PRIORITY|SEQUENCE|STATUS|SUMMARY|TRANSP|URL|UID|VERSION|PRODID|X-PUBLISHED-TTL|X-WR-CALNAME|X-WR-CALDESC|X-WR-TIMEZONE|X-WR-RECURID)$" + validation: The recurrence field should be a valid RFC 5545 recurrence rule. + maintenance_exclusion: + name: maintenance_exclusion + title: Maintenance Exclusion + properties: + exclusion_options: + name: exclusion_options + title: Exclusion Options + properties: + scope: + name: scope + title: Scope + enumValueLabels: + - label: NO_UPGRADES + value: NO_UPGRADES + - label: NO_MINOR_UPGRADES + value: NO_MINOR_UPGRADES + - label: NO_MINOR_OR_NODE_UPGRADES + value: NO_MINOR_OR_NODE_UPGRADES master_auth: name: master_auth title: Master Auth master_authorized_networks_config: name: master_authorized_networks_config title: Master Authorized Networks Config + altDefaults: + - type: ALTERNATE_TYPE_DC + value: + private_endpoint_enforcement_enabled: true mesh_certificates: name: mesh_certificates title: Mesh Certificates @@ -136,9 +269,44 @@ spec: monitoring_config: name: monitoring_config title: Monitoring Config + properties: + enable_components: + name: enable_components + title: Enable Components + enumValueLabels: + - label: SYSTEM_COMPONENTS + value: SYSTEM_COMPONENTS + - label: APISERVER + value: APISERVER + - label: SCHEDULER + value: SCHEDULER + - label: CONTROLLER_MANAGER + value: CONTROLLER_MANAGER + - label: STORAGE + value: STORAGE + - label: HPA + value: HPA + - label: POD + value: POD + - label: DAEMONSET + value: DAEMONSET + - label: DEPLOYMENT + value: DEPLOYMENT + - label: STATEFULSET + value: STATEFULSET + - label: KUBELET + value: KUBELET + - label: CADVISOR + value: CADVISOR + - label: DCGM + value: DCGM + - label: JOBSET + value: JOBSET name: name: name title: Name + regexValidation: ^[a-z][a-z0-9-]{0,38}[a-z0-9]$ + validation: The cluster name must start with a lowercase letter and can contain up to 40 characters. It can include lowercase letters, numbers, and hyphens, but it cannot end with a hyphen. The name must be unique within its project and location. network: name: network title: Network @@ -148,12 +316,57 @@ spec: node_pool_auto_config: name: node_pool_auto_config title: Node Pool Auto Config + properties: + linux_node_config: + name: linux_node_config + title: Linux Node Config + properties: + cgroup_mode: + name: cgroup_mode + title: Cgroup Mode + enumValueLabels: + - label: CGROUP_MODE_UNSPECIFIED + value: CGROUP_MODE_UNSPECIFIED + - label: CGROUP_MODE_V1 + value: CGROUP_MODE_V1 + - label: CGROUP_MODE_V2 + value: CGROUP_MODE_V2 notification_config: name: notification_config title: Notification Config + properties: + pubsub: + name: pubsub + title: Pubsub + properties: + filter: + name: filter + title: Filter + properties: + event_type: + name: event_type + title: Event Type + enumValueLabels: + - label: UPGRADE_AVAILABLE_EVENT + value: UPGRADE_AVAILABLE_EVENT + - label: UPGRADE_EVENT + value: UPGRADE_EVENT + - label: SECURITY_BULLETIN_EVENT + value: SECURITY_BULLETIN_EVENT + - label: UPGRADE_INFO_EVENT + value: UPGRADE_INFO_EVENT pod_autoscaling: name: pod_autoscaling title: Pod Autoscaling + properties: + hpa_profile: + name: hpa_profile + title: Hpa Profile + enumValueLabels: + - label: NONE + value: NONE + - label: PERFORMANCE + value: PERFORMANCE pod_security_policy_config: name: pod_security_policy_config title: Pod Security Policy Config @@ -163,15 +376,51 @@ spec: private_ipv6_google_access: name: private_ipv6_google_access title: Private Ipv6 Google Access - project: - name: project - title: Project + altDefaults: + - type: ALTERNATE_TYPE_DC + value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED + enumValueLabels: + - label: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED + value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED + - label: PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED + value: PRIVATE_IPV6_GOOGLE_ACCESS_DISABLED + - label: PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE + value: PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE + - label: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL + value: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL + project_id: + name: project_id + title: Project Id protect_config: name: protect_config title: Protect Config + properties: + workload_vulnerability_mode: + name: workload_vulnerability_mode + title: Workload Vulnerability Mode + enumValueLabels: + - label: DISABLED + value: DISABLED + - label: BASIC + value: BASIC release_channel: name: release_channel title: Release Channel + properties: + channel: + name: channel + title: Channel + enumValueLabels: + - label: UNSPECIFIED + value: UNSPECIFIED + - label: RAPID + value: RAPID + - label: REGULAR + value: REGULAR + - label: STABLE + value: STABLE + - label: EXTENDED + value: EXTENDED resource_labels: name: resource_labels title: Resource Labels @@ -184,6 +433,27 @@ spec: security_posture_config: name: security_posture_config title: Security Posture Config + properties: + mode: + name: mode + title: Mode + enumValueLabels: + - label: DISABLED + value: DISABLED + - label: BASIC + value: BASIC + - label: ENTERPRISE + value: ENTERPRISE + vulnerability_mode: + name: vulnerability_mode + title: Vulnerability Mode + enumValueLabels: + - label: VULNERABILITY_DISABLED + value: VULNERABILITY_DISABLED + - label: VULNERABILITY_BASIC + value: VULNERABILITY_BASIC + - label: VULNERABILITY_ENTERPRISE + value: VULNERABILITY_ENTERPRISE service_external_ips_config: name: service_external_ips_config title: Service External Ips Config @@ -202,3 +472,7 @@ spec: workload_identity_config: name: workload_identity_config title: Workload Identity Config + runtime: + outputs: + cluster_id: + visibility: VISIBILITY_ROOT diff --git a/modules/gke-autopilot-cluster/metadata.yaml b/modules/gke-autopilot-cluster/metadata.yaml index 9a9ddf02ed..063bf4ca4e 100644 --- a/modules/gke-autopilot-cluster/metadata.yaml +++ b/modules/gke-autopilot-cluster/metadata.yaml @@ -134,7 +134,7 @@ spec: description: Description of the cluster. varType: string defaultValue: "" - - name: project + - name: project_id description: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. varType: string required: true @@ -569,9 +569,9 @@ spec: roles: - level: Project roles: - - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin + - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/gke-autopilot-cluster/variables.tf b/modules/gke-autopilot-cluster/variables.tf index 8d790118a9..59031318ad 100644 --- a/modules/gke-autopilot-cluster/variables.tf +++ b/modules/gke-autopilot-cluster/variables.tf @@ -26,7 +26,7 @@ variable "description" { default = "" } -variable "project" { +variable "project_id" { description = "The ID of the project in which the resource belongs. If it is not provided, the provider project is used." type = string } From 9b33d000e21d64079b0d4c7d85606f31c0eb2e54 Mon Sep 17 00:00:00 2001 From: Daisy Date: Wed, 10 Sep 2025 16:52:38 +0000 Subject: [PATCH 08/12] testing changes --- .../metadata.display.yaml | 30 ++-- modules/gke-node-pool/README.md | 10 +- modules/gke-node-pool/metadata.display.yaml | 1 + modules/gke-node-pool/metadata.yaml | 6 +- modules/gke-node-pool/variables.tf | 167 +----------------- modules/gke-standard-cluster/metadata.yaml | 1 - 6 files changed, 29 insertions(+), 186 deletions(-) diff --git a/modules/gke-autopilot-cluster/metadata.display.yaml b/modules/gke-autopilot-cluster/metadata.display.yaml index 56b2dcb6b1..a4e2b0f3bb 100644 --- a/modules/gke-autopilot-cluster/metadata.display.yaml +++ b/modules/gke-autopilot-cluster/metadata.display.yaml @@ -99,14 +99,14 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider - altDefaults: - - type: ALTERNATE_TYPE_DC - value: LEGACY_DATAPATH enumValueLabels: - label: LEGACY_DATAPATH value: LEGACY_DATAPATH - label: ADVANCED_DATAPATH value: ADVANCED_DATAPATH + altDefaults: + - type: ALTERNATE_TYPE_DC + value: LEGACY_DATAPATH default_snat_status: name: default_snat_status title: Default Snat Status @@ -223,15 +223,6 @@ spec: name: maintenance_policy title: Maintenance Policy properties: - recurring_window: - name: recurring_window - title: Recurring Window - properties: - recurrence: - name: recurrence - title: Recurrence - regexValidation: "^(FREQ|BYDAY|BYMONTHDAY|BYMONTH|BYYEARDAY|INTERVAL|COUNT|UNTIL|WKST|BYSETPOS|BYWEEKNO|BYHOUR|BYMINUTE|BYSECOND|RRULE|DTSTART|TZID|RDATE|EXDATE|EXRULE|ACTION|ATTENDEE|CALSCALE|CATEGORIES|CLASS|COMMENT|CONTACT|CREATED|DESCRIPTION|GEO|LAST-MODIFIED|LOCATION|ORGANIZER|PRIORITY|SEQUENCE|STATUS|SUMMARY|TRANSP|URL|UID|VERSION|PRODID|X-PUBLISHED-TTL|X-WR-CALNAME|X-WR-CALDESC|X-WR-TIMEZONE|X-WR-RECURID)$" - validation: The recurrence field should be a valid RFC 5545 recurrence rule. maintenance_exclusion: name: maintenance_exclusion title: Maintenance Exclusion @@ -250,6 +241,15 @@ spec: value: NO_MINOR_UPGRADES - label: NO_MINOR_OR_NODE_UPGRADES value: NO_MINOR_OR_NODE_UPGRADES + recurring_window: + name: recurring_window + title: Recurring Window + properties: + recurrence: + name: recurrence + title: Recurrence + regexValidation: ^(FREQ|BYDAY|BYMONTHDAY|BYMONTH|BYYEARDAY|INTERVAL|COUNT|UNTIL|WKST|BYSETPOS|BYWEEKNO|BYHOUR|BYMINUTE|BYSECOND|RRULE|DTSTART|TZID|RDATE|EXDATE|EXRULE|ACTION|ATTENDEE|CALSCALE|CATEGORIES|CLASS|COMMENT|CONTACT|CREATED|DESCRIPTION|GEO|LAST-MODIFIED|LOCATION|ORGANIZER|PRIORITY|SEQUENCE|STATUS|SUMMARY|TRANSP|URL|UID|VERSION|PRODID|X-PUBLISHED-TTL|X-WR-CALNAME|X-WR-CALDESC|X-WR-TIMEZONE|X-WR-RECURID)$ + validation: The recurrence field should be a valid RFC 5545 recurrence rule. master_auth: name: master_auth title: Master Auth @@ -376,9 +376,6 @@ spec: private_ipv6_google_access: name: private_ipv6_google_access title: Private Ipv6 Google Access - altDefaults: - - type: ALTERNATE_TYPE_DC - value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED enumValueLabels: - label: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED @@ -388,6 +385,9 @@ spec: value: PRIVATE_IPV6_GOOGLE_ACCESS_TO_GOOGLE - label: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL value: PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL + altDefaults: + - type: ALTERNATE_TYPE_DC + value: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED project_id: name: project_id title: Project Id diff --git a/modules/gke-node-pool/README.md b/modules/gke-node-pool/README.md index 08f32de5c3..0a6fd327f2 100644 --- a/modules/gke-node-pool/README.md +++ b/modules/gke-node-pool/README.md @@ -6,24 +6,24 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.
- min\_node\_count: Minimum number of nodes per zone in the NodePool. Must be >=0 and <= max\_node\_count. Cannot be used with total limits.
- max\_node\_count: Maximum number of nodes per zone in the NodePool. Must be >= min\_node\_count. Cannot be used with total limits.
- total\_min\_node\_count: Total minimum number of nodes in the NodePool. Must be >=0 and <= total\_max\_node\_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters.
- total\_max\_node\_count: Total maximum number of nodes in the NodePool. Must be >= total\_min\_node\_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters.
- location\_policy: Location policy specifies the algorithm used when scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters.
- "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones.
- "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduce preemption risk for Spot VMs. | 
object({
    min_node_count       = optional(number)
    max_node_count       = optional(number)
    total_min_node_count = optional(number)
    total_max_node_count = optional(number)
    location_policy      = optional(string)
  })
| 
{
  "max_node_count": 100,
  "min_node_count": 1
}
| no | +| autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage. | 
object({
    min_node_count       = optional(number)
    max_node_count       = optional(number)
    total_min_node_count = optional(number)
    total_max_node_count = optional(number)
    location_policy      = optional(string)
  })
| 
{
  "max_node_count": 100,
  "min_node_count": 1
}
| no | | cluster | The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project\_id}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster. | `string` | n/a | yes | -| initial\_node\_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. WARNING: Resizing your node pool manually may change this value in your existing cluster, which will trigger destruction and recreation on the next Terraform run (to rectify the discrepancy). If you don't need this value, don't set it. | `number` | `null` | no | +| initial\_node\_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. | `number` | `null` | no | | kubernetes\_version | The Kubernetes version for the nodes in this pool. Note that if this field and auto\_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google\_container\_engine\_versions data source's version\_prefix field to approximate fuzzy versions in a Terraform-compatible way. | `string` | `null` | no | | location | The location (region or zone) of the cluster. | `string` | `null` | no | | management | Node management configuration, wherein auto-repair and auto-upgrade is configured.
- auto\_repair: Whether the nodes will be automatically repaired. Enabled by default.
- auto\_upgrade : Whether the nodes will be automatically upgraded. Enabled by default. | 
object({
    auto_repair  = optional(bool)
    auto_upgrade = optional(bool)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true
}
| no | | max\_pods\_per\_node | The maximum number of pods per node in this node pool. Note that this does not work on node pools which are 'route-based' - that is, node pools belonging to clusters that do not have IP Aliasing enabled. See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr) for more information. | `number` | `null` | no | | name | The name of the node pool. If left blank, Terraform will auto-generate a unique name. | `string` | `null` | no | | name\_prefix | Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name. | `string` | `null` | no | -| network\_config | The network configuration of the pool. Such as configuration for Adding Pod IP address ranges to the node pool. Or enabling private nodes.
- create\_pod\_range: Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod\_range and pod\_ipv4\_cidr\_block if they are not specified.
- enable\_private\_nodes: Whether nodes have internal IP addresses only.
- pod\_ipv4\_cidr\_block: The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.
- pod\_range - The ID of the secondary range for pod IPs. If create\_pod\_range is true, this ID is used for the new range. If create\_pod\_range is false, uses an existing secondary range with this ID.
- additional\_node\_network\_configs - We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface.
- network - Name of the VPC where the additional interface belongs.
- subnetwork - Name of the subnetwork where the additional interface belongs
- additional\_pod\_network\_configs - We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node.
- subnetwork - Name of the subnetwork where the additional pod network belongs.
- secondary\_pod\_range - The name of the secondary range on the subnet which provides IP address for this pod range.
- max\_pods\_per\_node - The maximum number of pods per node which use this pod network.
- pod\_cidr\_overprovision\_config - Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited.
- disabled - Whether pod cidr overprovision is disabled.
- network\_performance\_config - Network bandwidth tier configuration.
- total\_egress\_bandwidth\_tier - Specifies the total network bandwidth tier for the NodePool. Valid values include: "TIER\_1" and "TIER\_UNSPECIFIED". | 
object({
    create_pod_range     = optional(bool)
    enable_private_nodes = optional(bool)
    pod_ipv4_cidr_block  = optional(string)
    pod_range            = optional(string)
    additional_node_network_configs = optional(object({
      network    = string
      subnetwork = string
    }))
    additional_pod_network_configs = optional(object({
      subnetwork          = string
      secondary_pod_range = string
      max_pods_per_node   = number
    }))
    pod_cidr_overprovision_config = optional(object({
      disabled = bool
    }))
    network_performance_config = optional(object({
      total_egress_bandwidth_tier = string
    }))
  })
| `null` | no | -| node\_config | Parameters used in creating the node pool.
- confidential\_nodes - (Optional) Configuration for Confidential Nodes feature.
- enabled (Required) - Enable Confidential GKE Nodes for this node pool, to enforce encryption of data in-use.
- disk\_size\_gb - (Optional) Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
- disk\_type - (Optional) Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). If unspecified, the default disk type is 'pd-balanced'
- enable\_confidential\_storage - (Optional) Enabling Confidential Storage will create boot disk with confidential mode. It is disabled by default.
- local\_ssd\_encryption\_mode - (Optional) Possible Local SSD encryption modes: Accepted values are:
- STANDARD\_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.
- EPHEMERAL\_KEY\_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- ephemeral\_storage\_config - (Optional, Beta) Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.
- local\_ssd\_count
- ephemeral\_storage\_local\_ssd\_config - (Optional) Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.
- local\_ssd\_count
- data\_cache\_count
- fast\_socket - (Optional) Parameters for the NCCL Fast Socket feature. If unspecified, NCCL Fast Socket will not be enabled on the node pool. Node Pool must enable gvnic. GKE version 1.25.2-gke.1700 or later.
- enabled - Whether or not the NCCL Fast Socket is enabled
- local\_nvme\_ssd\_block\_config - (Optional) Parameters for the local NVMe SSDs.
- local\_ssd\_count (Required) - Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node. -> Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later.
- logging\_variant (Optional) Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX\_THROUGHPUT. See [Increasing logging agent throughput](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#throughput) for more information.
- secondary\_boot\_disks - (Optional) Parameters for secondary boot disks to preload container images and data on new nodes. gcfs\_config must be enabled=true for this feature to work. min\_master\_version must also be set to use GKE 1.28.3-gke.106700 or later versions.
- disk\_image (Required) - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK\_IMAGE\_NAME.
- mode (Optional) - Mode for how the secondary boot disk is used. An example mode is CONTAINER\_IMAGE\_CACHE.
- gcfs\_config - (Optional) Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image\_type = "COS\_CONTAINERD" and node\_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node\_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine\_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming.
- enabled (Required) - Whether or not the Google Container Filesystem (GCFS) is enabled.
- gvnic - (Optional) Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later.
- enabled (Required) - Whether or not the Google Virtual NIC (gVNIC) is enabled
- guest\_accelerator - (Optional) List of the type and count of accelerator cards attached to the instance. Note: As of 6.0.0, argument syntax is no longer supported for this field in favor of block syntax. To dynamically set a list of guest accelerators, use dynamic blocks. To set an empty list, use a single guest\_accelerator block with count = 0.
- type (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.
- count (Required) - The number of the guest accelerator cards exposed to this instance.
- gpu\_driver\_installation\_config (Optional) - Configuration for auto installation of GPU driver.
- gpu\_driver\_version (Required) - Mode for how the GPU driver is installed. Accepted values are:
- "GPU\_DRIVER\_VERSION\_UNSPECIFIED": Default value is to install the "Default" GPU driver. Before GKE 1.30.1-gke.1156000, the default value is to not install any GPU driver.
- "INSTALLATION\_DISABLED": Disable GPU driver auto installation and needs manual installation.
- "DEFAULT": "Default" GPU driver in COS and Ubuntu.
- "LATEST": "Latest" GPU driver in COS.
- gpu\_partition\_size (Optional) - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide.
- gpu\_sharing\_config (Optional) - Configuration for GPU sharing.
- gpu\_sharing\_strategy (Required) - The type of GPU sharing strategy to enable on the GPU node. Accepted values are:
- "TIME\_SHARING": Allow multiple containers to have time-shared access to a single GPU device.
- "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS
- max\_shared\_clients\_per\_gpu (Required) - The maximum number of containers that can share a GPU.
- image\_type - (Optional) The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool.
- labels - (Optional) The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified.
- resource\_labels - (Optional) The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes.
- max\_run\_duration - (Optional) The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s".
- flex\_start - (Optional) Enables Flex Start provisioning model for the node pool.
- local\_ssd\_count - (Optional) The amount of local SSD disks that will be attached to each cluster node. Defaults to 0.
- machine\_type - (Optional) The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here.
- metadata - (Optional) The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, Terraform will attempt to unset the value. To avoid this, set the value in your config.
- min\_cpu\_platform - (Optional) Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information.
- oauth\_scopes - (Optional) The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service\_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes) for information on migrating off of legacy access scopes.
- preemptible - (Optional) A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false.
- reservation\_affinity (Optional) The configuration of the desired reservation which instances could take capacity from.
- consume\_reservation\_type (Required) The type of reservation consumption Accepted values are:
- "UNSPECIFIED": Default value. This should not be used.
- "NO\_RESERVATION": Do not consume from any reserved capacity.
- "ANY\_RESERVATION": Consume any reservation available.
- "SPECIFIC\_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations.
- key (Optional) The label key of a reservation resource. To target a SPECIFIC\_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value.
- values (Optional) The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name"
- spot - (Optional) A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false.
- sandbox\_config - (Optional, Beta) GKE Sandbox configuration. When enabling this feature you must specify image\_type = "COS\_CONTAINERD" and node\_version = "1.12.7-gke.17" or later to use it.
- sandbox\_type (Required) Which sandbox to use for pods in the node pool. Accepted values are:
- "gvisor": Pods run within a gVisor sandbox.
- boot\_disk\_kms\_key - (Optional) The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption.
- service\_account - (Optional) The service account to be used by the Node VMs. If not specified, the "default" service account is used.
- shielded\_instance\_config - (Optional) Shielded Instance options.
- enable\_secure\_boot (Optional) - Defines if the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false.
- enable\_integrity\_monitoring (Optional) - Defines if the instance has integrity monitoring enabled.
- storage\_pools - (Optional) The list of Storage Pools where boot disks are provisioned.
- tags - (Optional) The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls.
- resource\_manager\_tags - (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag\_key\_id}=tagValues/{tag\_value\_id} 2. {org\_id}/{tag\_key\_name}={tag\_value\_name} 3. {project\_id}/{tag\_key\_name}={tag\_value\_name}.
- taint - (Optional) A list of Kubernetes taints to apply to nodes. This field will only report drift on taint keys that are already managed with Terraform, use effective\_taints to view the list of GKE-managed taints on the node pool from all sources. Importing this resource will not record any taints as being Terraform-managed, and will cause drift with any configured taints.
- key (Required) Key for taint.
- value (Required) Value for taint.
- effect (Required) Effect for taint. Accepted values are NO\_SCHEDULE, PREFER\_NO\_SCHEDULE, and NO\_EXECUTE.
- workload\_metadata\_config - (Optional) Metadata configuration to expose to workloads on the node pool.
- mode (Required) How to expose the node metadata to the workload running on the node. Accepted values are:
- MODE\_UNSPECIFIED: Not Set
- GCE\_METADATA: Expose all Compute Engine metadata to pods.
- GKE\_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level.
- kubelet\_config - (Optional) Kubelet configuration, currently supported attributes can be found [here](https://cloud.google.com/sdk/gcloud/reference/beta/container/node-pools/create#--system-config-from-file).
- cpu\_manager\_policy - The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field.
- cpu\_cfs\_quota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits.
- cpu\_cfs\_quota\_period - The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration.
- insecure\_kubelet\_readonly\_port\_enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.
- pod\_pids\_limit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.
- container\_log\_max\_size - Defines the maximum size of the container log file before it is rotated. Specified as a positive number and a unit suffix, such as "100Ki", "10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between "10Mi" and "500Mi", inclusive. And the total container log size (container\_log\_max\_size * container\_log\_max\_files) cannot exceed 1% of the total storage of the node.
- container\_log\_max\_files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive.
- image\_gc\_low\_threshold\_percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive.
- image\_gc\_high\_threshold\_percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive.
- image\_minimum\_gc\_age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300s", "1.5m". The value cannot be greater than "2m".
- allowed\_unsafe\_sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, and net.*.
- linux\_node\_config - (Optional) Parameters that can be configured on Linux nodes.
- sysctls - (Optional) The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem\_max, to a string value. Currently supported attributes can be found [here](https://cloud.google.com/sdk/gcloud/reference/beta/container/node-pools/create#--system-config-from-file). Note that validations happen all server side. All attributes are optional.
- cgroup\_mode - (Optional) Possible cgroup modes that can be used. Accepted values are:
- CGROUP\_MODE\_UNSPECIFIED: CGROUP\_MODE\_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.
- CGROUP\_MODE\_V1: CGROUP\_MODE\_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.
- CGROUP\_MODE\_V2: CGROUP\_MODE\_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.
- hugepages\_config - (Optional) Amounts for 2M and 1G hugepages.
- hugepage\_size\_2m - (Optional) Amount of 2M hugepages.
- hugepage\_size\_1g - (Optional) Amount of 1G hugepages.
- windows\_node\_config - (Optional) Windows node configuration, currently supporting OSVersion attribute. The value must be one of [OS\_VERSION\_UNSPECIFIED, OS\_VERSION\_LTSC2019, OS\_VERSION\_LTSC2022].
- containerd\_config - (Optional) Parameters to customize containerd runtime.
- private\_registry\_access\_config (Optional) - Configuration for private container registries. There are two fields in this config:
- enabled (Required) - Enables private registry config. If set to false, all other fields in this object must not be set.
- certificate\_authority\_domain\_config (Optional) - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail.
- fqdns - List of Fully Qualified Domain Names.
- gcp\_secret\_manager\_certificate\_config
- secret\_uri - URI for the Google Cloud Secret that stores the certificate. Format is 'projects/PROJECT\_NUMBER/secrets/SECRET\_NAME/versions/VERSION'.
- node\_group - (Optional) Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.
- sole\_tenant\_config (Optional) Allows specifying multiple node affinities useful for running workloads on sole tenant nodes.
- node\_affinity
- key (Required) - The default or custom node affinity label key name.
- operator (Required) - Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT\_IN"
- values (Required) - List of node affinity label values as strings. | 
object({
    confidential_nodes = optional(object({
      enabled = bool
    }))
    disk_size_gb                = optional(number)
    disk_type                   = optional(string)
    enable_confidential_storage = optional(bool)
    local_ssd_encryption_mode   = optional(string)
    ephemeral_storage_config = optional(object({
      local_ssd_count = number
    }))
    ephemeral_storage_local_ssd_config = optional(object({
      local_ssd_count  = number
      data_cache_count = optional(number)
    }))
    fast_socket = optional(object({
      enabled = bool
    }))
    local_nvme_ssd_block_config = optional(object({
      local_ssd_count = number
    }))
    logging_variant = optional(string)
    secondary_boot_disks = optional(object({
      disk_image = string
      mode       = optional(string)
    }))
    gcfs_config = optional(object({
      enabled = bool
    }))
    gvnic = optional(object({
      enabled = bool
    }))
    guest_accelerator = optional(object({
      type  = string
      count = number
      gpu_driver_installation_config = optional(object({
        gpu_driver_version = string
      }))
      gpu_partition_size = optional(string)
      gpu_sharing_config = optional(object({
        gpu_sharing_strategy       = string
        max_shared_clients_per_gpu = number
      }))
    }))
    image_type       = optional(string)
    labels           = optional(map(string))
    resource_labels  = optional(map(string))
    max_run_duration = optional(string)
    flex_start       = optional(bool)
    local_ssd_count  = optional(number)
    machine_type     = optional(string)
    metadata         = optional(map(string))
    min_cpu_platform = optional(string)
    oauth_scopes     = optional(list(string))
    preemptible      = optional(bool)
    reservation_affinity = optional(object({
      consume_reservation_type = string
      key                      = optional(string)
      values                   = optional(list(string))
    }))
    spot = optional(bool)
    sandbox_config = optional(object({
      sandbox_type = string
    }))
    boot_disk_kms_key = optional(string)
    service_account   = optional(string)
    shielded_instance_config = optional(object({
      enable_secure_boot          = optional(bool)
      enable_integrity_monitoring = optional(bool)
    }))
    storage_pools         = optional(list(string))
    tags                  = optional(list(string))
    resource_manager_tags = optional(map(string))
    taint = optional(list(object({
      key    = string
      value  = string
      effect = string
    })))
    workload_metadata_config = optional(object({
      mode = optional(string)
    }))
    kubelet_config = optional(object({
      cpu_manager_policy                     = optional(string)
      cpu_cfs_quota                          = optional(bool)
      cpu_cfs_quota_period                   = optional(string)
      insecure_kubelet_readonly_port_enabled = optional(bool)
      pod_pids_limit                         = optional(number)
      container_log_max_size                 = optional(string)
      container_log_max_files                = optional(number)
      image_gc_low_threshold_percent         = optional(number)
      image_gc_high_threshold_percent        = optional(number)
      image_minimum_gc_age                   = optional(string)
      allowed_unsafe_sysctls                 = optional(list(string))
    }))
    linux_node_config = optional(object({
      sysctls     = optional(map(string))
      cgroup_mode = optional(string)
      hugepages_config = optional(object({
        hugepage_size_2m = optional(number)
        hugepage_size_1g = optional(number)
      }))
    }))
    windows_node_config = optional(object({
      osversion = string
    }))
    containerd_config = optional(object({
      private_registry_access_config = optional(object({
        enabled = bool
        certificate_authority_domain_config = optional(object({
          fqdns = list(string)
          gcp_secret_manager_certificate_config = object({
            secret_uri = string
          })
        }))
      }))
    }))
    node_group = optional(string)
    sole_tenant_config = optional(object({
      node_affinity = optional(object({
        key      = string
        operator = string
        values   = list(string)
      }))
    }))
  })
| 
{
  "disk_size_gb": 100,
  "disk_type": "pd-standard",
  "image_type": "COS_CONTAINERD",
  "kubelet_config": {
    "insecure_kubelet_readonly_port_enabled": false
  },
  "machine_type": "e2-medium",
  "workload_metadata_config": {
    "mode": "GKE_METADATA"
  }
}
| no | +| network\_config | The network configuration of the pool. | 
object({
    create_pod_range     = optional(bool)
    enable_private_nodes = optional(bool)
    pod_ipv4_cidr_block  = optional(string)
    pod_range            = optional(string)
    additional_node_network_configs = optional(object({
      network    = string
      subnetwork = string
    }))
    additional_pod_network_configs = optional(object({
      subnetwork          = string
      secondary_pod_range = string
      max_pods_per_node   = number
    }))
    pod_cidr_overprovision_config = optional(object({
      disabled = bool
    }))
    network_performance_config = optional(object({
      total_egress_bandwidth_tier = string
    }))
  })
| `null` | no | +| node\_config | Parameters used in creating the node pool. | 
object({
    confidential_nodes = optional(object({
      enabled = bool
    }))
    disk_size_gb                = optional(number)
    disk_type                   = optional(string)
    enable_confidential_storage = optional(bool)
    local_ssd_encryption_mode   = optional(string)
    ephemeral_storage_config = optional(object({
      local_ssd_count = number
    }))
    ephemeral_storage_local_ssd_config = optional(object({
      local_ssd_count  = number
      data_cache_count = optional(number)
    }))
    fast_socket = optional(object({
      enabled = bool
    }))
    local_nvme_ssd_block_config = optional(object({
      local_ssd_count = number
    }))
    logging_variant = optional(string)
    secondary_boot_disks = optional(object({
      disk_image = string
      mode       = optional(string)
    }))
    gcfs_config = optional(object({
      enabled = bool
    }))
    gvnic = optional(object({
      enabled = bool
    }))
    guest_accelerator = optional(object({
      type  = string
      count = number
      gpu_driver_installation_config = optional(object({
        gpu_driver_version = string
      }))
      gpu_partition_size = optional(string)
      gpu_sharing_config = optional(object({
        gpu_sharing_strategy       = string
        max_shared_clients_per_gpu = number
      }))
    }))
    image_type       = optional(string)
    labels           = optional(map(string))
    resource_labels  = optional(map(string))
    max_run_duration = optional(string)
    flex_start       = optional(bool)
    local_ssd_count  = optional(number)
    machine_type     = optional(string)
    metadata         = optional(map(string))
    min_cpu_platform = optional(string)
    oauth_scopes     = optional(list(string))
    preemptible      = optional(bool)
    reservation_affinity = optional(object({
      consume_reservation_type = string
      key                      = optional(string)
      values                   = optional(list(string))
    }))
    spot = optional(bool)
    sandbox_config = optional(object({
      sandbox_type = string
    }))
    boot_disk_kms_key = optional(string)
    service_account   = optional(string)
    shielded_instance_config = optional(object({
      enable_secure_boot          = optional(bool)
      enable_integrity_monitoring = optional(bool)
    }))
    storage_pools         = optional(list(string))
    tags                  = optional(list(string))
    resource_manager_tags = optional(map(string))
    taint = optional(list(object({
      key    = string
      value  = string
      effect = string
    })))
    workload_metadata_config = optional(object({
      mode = optional(string)
    }))
    kubelet_config = optional(object({
      cpu_manager_policy                     = optional(string)
      cpu_cfs_quota                          = optional(bool)
      cpu_cfs_quota_period                   = optional(string)
      insecure_kubelet_readonly_port_enabled = optional(bool)
      pod_pids_limit                         = optional(number)
      container_log_max_size                 = optional(string)
      container_log_max_files                = optional(number)
      image_gc_low_threshold_percent         = optional(number)
      image_gc_high_threshold_percent        = optional(number)
      image_minimum_gc_age                   = optional(string)
      allowed_unsafe_sysctls                 = optional(list(string))
    }))
    linux_node_config = optional(object({
      sysctls     = optional(map(string))
      cgroup_mode = optional(string)
      hugepages_config = optional(object({
        hugepage_size_2m = optional(number)
        hugepage_size_1g = optional(number)
      }))
    }))
    windows_node_config = optional(object({
      osversion = string
    }))
    containerd_config = optional(object({
      private_registry_access_config = optional(object({
        enabled = bool
        certificate_authority_domain_config = optional(object({
          fqdns = list(string)
          gcp_secret_manager_certificate_config = object({
            secret_uri = string
          })
        }))
      }))
    }))
    node_group = optional(string)
    sole_tenant_config = optional(object({
      node_affinity = optional(object({
        key      = string
        operator = string
        values   = list(string)
      }))
    }))
  })
| 
{
  "disk_size_gb": 100,
  "disk_type": "pd-standard",
  "image_type": "COS_CONTAINERD",
  "kubelet_config": {
    "insecure_kubelet_readonly_port_enabled": false
  },
  "machine_type": "e2-medium",
  "workload_metadata_config": {
    "mode": "GKE_METADATA"
  }
}
| no | | node\_count | The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling. | `number` | `1` | no | | node\_locations | The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node\_locations will be used. Note: node\_locations will not revert to the cluster's default set of zones upon being unset. You must manually reconcile the list of zones with your cluster. | `list(string)` | `null` | no | | placement\_policy | Specifies a custom placement policy for the nodes.
- type: The type of the policy. Supports a single value: COMPACT. Specifying COMPACT placement policy type places node pool's nodes in a closer physical proximity in order to reduce network latency between nodes.
- policy\_name: If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.
- tpu\_topology: The TPU topology like "2x4" or "2x2x2". | 
object({
    type         = string
    policy_name  = optional(string)
    tpu_topology = optional(string)
  })
| `null` | no | | project\_id | The ID of the project in which to create the node pool. | `string` | n/a | yes | | queued\_provisioning | Specifies node pool-level settings of queued provisioning.
- enabled (Required) - Makes nodes obtainable through the ProvisioningRequest API exclusively. | 
object({
    enabled = bool
  })
| `null` | no | | timeouts | Timeout for cluster operations. | 
object({
    create = optional(string)
    update = optional(string)
    delete = optional(string)
  })
| 
{
  "create": "45m",
  "delete": "45m",
  "update": "45m"
}
| no | -| upgrade\_settings | Specify node upgrade settings to change how GKE upgrades nodes. The maximum number of nodes upgraded simultaneously is limited to 20.
- max\_surge:he number of additional nodes that can be added to the node pool during an upgrade. Increasing max\_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.
- max\_unavailable - (Optional) The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max\_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.
- strategy - (Default SURGE) The upgrade strategy to be used for upgrading the nodes.
- blue\_green\_settings: The settings to adjust blue green upgrades.
- standard\_rollout\_policy: Specifies the standard policy settings for blue-green upgrades.
- batch\_percentage: Percentage of the blue pool nodes to drain in a batch.
- batch\_node\_count:Number of blue nodes to drain in a batch.
- batch\_soak\_duration: Soak time after each batch gets drained.
- local\_ssd\_encryption\_mode: Possible Local SSD encryption modes: Accepted values are:
- STANDARD\_ENCRYPTION: The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.
- EPHEMERAL\_KEY\_ENCRYPTION: The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.
- node\_pool\_soak\_duration: Time needed after draining the entire blue pool. After this period, the blue pool will be cleaned up. | 
object({
    max_surge       = optional(number)
    max_unavailable = optional(number)
    strategy        = optional(string)
    blue_green_settings = optional(object({
      standard_rollout_policy = object({
        batch_percentage    = optional(number)
        batch_node_count    = optional(number)
        batch_soak_duration = optional(string)
      })
      node_pool_soak_duration = optional(string)
    }))
  })
| 
{
  "max_surge": 1,
  "max_unavailable": 0,
  "strategy": "SURGE"
}
| no | +| upgrade\_settings | Specify node upgrade settings to change how GKE upgrades nodes. | 
object({
    max_surge       = optional(number)
    max_unavailable = optional(number)
    strategy        = optional(string)
    blue_green_settings = optional(object({
      standard_rollout_policy = object({
        batch_percentage    = optional(number)
        batch_node_count    = optional(number)
        batch_soak_duration = optional(string)
      })
      node_pool_soak_duration = optional(string)
    }))
  })
| 
{
  "max_surge": 1,
  "max_unavailable": 0,
  "strategy": "SURGE"
}
| no | ## Outputs diff --git a/modules/gke-node-pool/metadata.display.yaml b/modules/gke-node-pool/metadata.display.yaml index 093b4c11af..47d131ccdb 100644 --- a/modules/gke-node-pool/metadata.display.yaml +++ b/modules/gke-node-pool/metadata.display.yaml @@ -261,6 +261,7 @@ spec: project_id: name: project_id title: Project Id + level: 1 queued_provisioning: name: queued_provisioning title: Queued Provisioning diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index c393a66157..2862b64ef2 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -157,7 +157,7 @@ spec: max_node_count: 100 min_node_count: 1 - name: initial_node_count - description: Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage. + description: The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. varType: number - name: management description: | @@ -320,7 +320,7 @@ spec: insecure_kubelet_readonly_port_enabled: false machine_type: e2-medium workload_metadata_config: - mode: MODE_UNSPECIFIED + mode: GKE_METADATA - name: network_config description: The network configuration of the pool. varType: |- @@ -409,9 +409,9 @@ spec: roles: - level: Project roles: - - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin + - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/gke-node-pool/variables.tf b/modules/gke-node-pool/variables.tf index 4dca72365a..a825a614bc 100644 --- a/modules/gke-node-pool/variables.tf +++ b/modules/gke-node-pool/variables.tf @@ -31,16 +31,7 @@ variable "location" { } variable "autoscaling" { - description = <=0 and <= max_node_count. Cannot be used with total limits. - - max_node_count: Maximum number of nodes per zone in the NodePool. Must be >= min_node_count. Cannot be used with total limits. - - total_min_node_count: Total minimum number of nodes in the NodePool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters. - - total_max_node_count: Total maximum number of nodes in the NodePool. Must be >= total_min_node_count. Cannot be used with per zone limits. Total size limits are supported only in 1.24.1+ clusters. - - location_policy: Location policy specifies the algorithm used when scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters. - - "BALANCED" - Is a best effort policy that aims to balance the sizes of available zones. - - "ANY" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduce preemption risk for Spot VMs. -EOT + description = "Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage." type = object({ min_node_count = optional(number) max_node_count = optional(number) @@ -55,7 +46,7 @@ EOT } variable "initial_node_count" { - description = "The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. WARNING: Resizing your node pool manually may change this value in your existing cluster, which will trigger destruction and recreation on the next Terraform run (to rectify the discrepancy). If you don't need this value, don't set it." + description = "The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone." type = number default = null } @@ -101,124 +92,7 @@ variable "name_prefix" { } variable "node_config" { - description = < Note: Local NVMe SSD storage available in GKE versions v1.25.3-gke.1800 and later. - - logging_variant (Optional) Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See [Increasing logging agent throughput](https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs#throughput) for more information. - - secondary_boot_disks - (Optional) Parameters for secondary boot disks to preload container images and data on new nodes. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions. - - disk_image (Required) - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. - - mode (Optional) - Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE. - - gcfs_config - (Optional) Parameters for the Google Container Filesystem (GCFS). If unspecified, GCFS will not be enabled on the node pool. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version from GKE versions 1.19 or later to use it. For GKE versions 1.19, 1.20, and 1.21, the recommended minimum node_version would be 1.19.15-gke.1300, 1.20.11-gke.1300, and 1.21.5-gke.1300 respectively. A machine_type that has more than 16 GiB of memory is also recommended. GCFS must be enabled in order to use image streaming. - - enabled (Required) - Whether or not the Google Container Filesystem (GCFS) is enabled. - - gvnic - (Optional) Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. gVNIC is an alternative to the virtIO-based ethernet driver. GKE nodes must use a Container-Optimized OS node image. GKE node version 1.15.11-gke.15 or later. - - enabled (Required) - Whether or not the Google Virtual NIC (gVNIC) is enabled - - guest_accelerator - (Optional) List of the type and count of accelerator cards attached to the instance. Note: As of 6.0.0, argument syntax is no longer supported for this field in favor of block syntax. To dynamically set a list of guest accelerators, use dynamic blocks. To set an empty list, use a single guest_accelerator block with count = 0. - - type (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. - - count (Required) - The number of the guest accelerator cards exposed to this instance. - - gpu_driver_installation_config (Optional) - Configuration for auto installation of GPU driver. - - gpu_driver_version (Required) - Mode for how the GPU driver is installed. Accepted values are: - - "GPU_DRIVER_VERSION_UNSPECIFIED": Default value is to install the "Default" GPU driver. Before GKE 1.30.1-gke.1156000, the default value is to not install any GPU driver. - - "INSTALLATION_DISABLED": Disable GPU driver auto installation and needs manual installation. - - "DEFAULT": "Default" GPU driver in COS and Ubuntu. - - "LATEST": "Latest" GPU driver in COS. - - gpu_partition_size (Optional) - Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide. - - gpu_sharing_config (Optional) - Configuration for GPU sharing. - - gpu_sharing_strategy (Required) - The type of GPU sharing strategy to enable on the GPU node. Accepted values are: - - "TIME_SHARING": Allow multiple containers to have time-shared access to a single GPU device. - - "MPS": Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS - - max_shared_clients_per_gpu (Required) - The maximum number of containers that can share a GPU. - - image_type - (Optional) The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool. - - labels - (Optional) The Kubernetes labels (key/value pairs) to be applied to each node. The kubernetes.io/ and k8s.io/ prefixes are reserved by Kubernetes Core components and cannot be specified. - - resource_labels - (Optional) The GCP labels (key/value pairs) to be applied to each node. Refer here for how these labels are applied to clusters, node pools and nodes. - - max_run_duration - (Optional) The runtime of each node in the node pool in seconds, terminated by 's'. Example: "3600s". - - flex_start - (Optional) Enables Flex Start provisioning model for the node pool. - - local_ssd_count - (Optional) The amount of local SSD disks that will be attached to each cluster node. Defaults to 0. - - machine_type - (Optional) The name of a Google Compute Engine machine type. Defaults to e2-medium. To create a custom machine type, value should be set as specified here. - - metadata - (Optional) The metadata key/value pairs assigned to instances in the cluster. From GKE 1.12 onwards, disable-legacy-endpoints is set to true by the API; if metadata is set but that default value is not included, Terraform will attempt to unset the value. To avoid this, set the value in your config. - - min_cpu_platform - (Optional) Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell. See the official documentation for more information. - - oauth_scopes - (Optional) The set of Google API scopes to be made available on all of the node VMs under the "default" service account. Use the "https://www.googleapis.com/auth/cloud-platform" scope to grant access to all APIs. It is recommended that you set service_account to a non-default service account and grant IAM roles to that service account for only the resources that it needs.See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes) for information on migrating off of legacy access scopes. - - preemptible - (Optional) A boolean that represents whether or not the underlying node VMs are preemptible. See the official documentation for more information. Defaults to false. - - reservation_affinity (Optional) The configuration of the desired reservation which instances could take capacity from. - - consume_reservation_type (Required) The type of reservation consumption Accepted values are: - - "UNSPECIFIED": Default value. This should not be used. - - "NO_RESERVATION": Do not consume from any reserved capacity. - - "ANY_RESERVATION": Consume any reservation available. - - "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. - - key (Optional) The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. - - values (Optional) The list of label values of reservation resources. For example: the name of the specific reservation when using a key of "compute.googleapis.com/reservation-name" - - spot - (Optional) A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false. - - sandbox_config - (Optional, Beta) GKE Sandbox configuration. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version = "1.12.7-gke.17" or later to use it. - - sandbox_type (Required) Which sandbox to use for pods in the node pool. Accepted values are: - - "gvisor": Pods run within a gVisor sandbox. - - boot_disk_kms_key - (Optional) The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption. - - service_account - (Optional) The service account to be used by the Node VMs. If not specified, the "default" service account is used. - - shielded_instance_config - (Optional) Shielded Instance options. - - enable_secure_boot (Optional) - Defines if the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. Defaults to false. - - enable_integrity_monitoring (Optional) - Defines if the instance has integrity monitoring enabled. - - storage_pools - (Optional) The list of Storage Pools where boot disks are provisioned. - - tags - (Optional) The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls. - - resource_manager_tags - (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. - - taint - (Optional) A list of Kubernetes taints to apply to nodes. This field will only report drift on taint keys that are already managed with Terraform, use effective_taints to view the list of GKE-managed taints on the node pool from all sources. Importing this resource will not record any taints as being Terraform-managed, and will cause drift with any configured taints. - - key (Required) Key for taint. - - value (Required) Value for taint. - - effect (Required) Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. - - workload_metadata_config - (Optional) Metadata configuration to expose to workloads on the node pool. - - mode (Required) How to expose the node metadata to the workload running on the node. Accepted values are: - - MODE_UNSPECIFIED: Not Set - - GCE_METADATA: Expose all Compute Engine metadata to pods. - - GKE_METADATA: Run the GKE Metadata Server on this node. The GKE Metadata Server exposes a metadata API to workloads that is compatible with the V1 Compute Metadata APIs exposed by the Compute Engine and App Engine Metadata Servers. This feature can only be enabled if workload identity is enabled at the cluster level. - - kubelet_config - (Optional) Kubelet configuration, currently supported attributes can be found [here](https://cloud.google.com/sdk/gcloud/reference/beta/container/node-pools/create#--system-config-from-file). - - cpu_manager_policy - The CPU management policy on the node. See K8S CPU Management Policies. One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". Prior to the 6.4.0 this field was marked as required. The workaround for the required field is setting the empty string "", which will function identically to not setting this field. - - cpu_cfs_quota - If true, enables CPU CFS quota enforcement for containers that specify CPU limits. - - cpu_cfs_quota_period - The CPU CFS quota period value. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. - - insecure_kubelet_readonly_port_enabled - Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. - - pod_pids_limit - Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. - - container_log_max_size - Defines the maximum size of the container log file before it is rotated. Specified as a positive number and a unit suffix, such as "100Ki", "10Mi". Valid units are "Ki", "Mi", "Gi". The value must be between "10Mi" and "500Mi", inclusive. And the total container log size (container_log_max_size * container_log_max_files) cannot exceed 1% of the total storage of the node. - - container_log_max_files - Defines the maximum number of container log files that can be present for a container. The integer must be between 2 and 10, inclusive. - - image_gc_low_threshold_percent - Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The integer must be between 10 and 85, inclusive. - - image_gc_high_threshold_percent - Defines the percent of disk usage after which image garbage collection is always run. The integer must be between 10 and 85, inclusive. - - image_minimum_gc_age - Defines the minimum age for an unused image before it is garbage collected. Specified as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300s", "1.5m". The value cannot be greater than "2m". - - allowed_unsafe_sysctls - Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. The allowed sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, and net.*. - - linux_node_config - (Optional) Parameters that can be configured on Linux nodes. - - sysctls - (Optional) The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as net.core.wmem_max, to a string value. Currently supported attributes can be found [here](https://cloud.google.com/sdk/gcloud/reference/beta/container/node-pools/create#--system-config-from-file). Note that validations happen all server side. All attributes are optional. - - cgroup_mode - (Optional) Possible cgroup modes that can be used. Accepted values are: - - CGROUP_MODE_UNSPECIFIED: CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used. - - CGROUP_MODE_V1: CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image. - - CGROUP_MODE_V2: CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image. - - hugepages_config - (Optional) Amounts for 2M and 1G hugepages. - - hugepage_size_2m - (Optional) Amount of 2M hugepages. - - hugepage_size_1g - (Optional) Amount of 1G hugepages. - - windows_node_config - (Optional) Windows node configuration, currently supporting OSVersion attribute. The value must be one of [OS_VERSION_UNSPECIFIED, OS_VERSION_LTSC2019, OS_VERSION_LTSC2022]. - - containerd_config - (Optional) Parameters to customize containerd runtime. - - private_registry_access_config (Optional) - Configuration for private container registries. There are two fields in this config: - - enabled (Required) - Enables private registry config. If set to false, all other fields in this object must not be set. - - certificate_authority_domain_config (Optional) - List of configuration objects for CA and domains. Each object identifies a certificate and its assigned domains. See [how to configure for private container registries](https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates) for more detail. - - fqdns - List of Fully Qualified Domain Names. - - gcp_secret_manager_certificate_config - - secret_uri - URI for the Google Cloud Secret that stores the certificate. Format is 'projects/PROJECT_NUMBER/secrets/SECRET_NAME/versions/VERSION'. - - node_group - (Optional) Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes. - - sole_tenant_config (Optional) Allows specifying multiple node affinities useful for running workloads on sole tenant nodes. - - node_affinity - - key (Required) - The default or custom node affinity label key name. - - operator (Required) - Specifies affinity or anti-affinity. Accepted values are "IN" or "NOT_IN" - - values (Required) - List of node affinity label values as strings. - EOT + description = "Parameters used in creating the node pool." type = object({ confidential_nodes = optional(object({ enabled = bool @@ -359,24 +233,7 @@ variable "node_config" { } variable "network_config" { - description = < Date: Wed, 10 Sep 2025 18:14:41 +0000 Subject: [PATCH 09/12] changes to gke components for making adc compatible --- modules/gke-node-pool/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index 77e9397c7c..031f135890 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -132,7 +132,7 @@ spec: required: true connections: - source: - source: github.com/Daisyprakash/terraform-google-kubernetes-engine//modules/gke-standard-cluster + source: github.com/terraform-google-modules/terraform-google-kubernetes-engine//modules/gke-standard-cluster version: ">=38.0.1" spec: outputExpr: cluster_id From f93a086a9ac9bc570a8c04f2634077ab22e8c001 Mon Sep 17 00:00:00 2001 From: Daisy Date: Wed, 10 Sep 2025 18:18:15 +0000 Subject: [PATCH 10/12] Merge branch 'main' into gke-adc-changes From 122e9f44e978ef093ae7e82b25a7e349ade19507 Mon Sep 17 00:00:00 2001 From: Daisy Date: Thu, 11 Sep 2025 18:10:04 +0000 Subject: [PATCH 11/12] updated the examples with project_id --- examples/gke_autopilot_cluster/main.tf | 2 +- examples/gke_standard_cluster/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/gke_autopilot_cluster/main.tf b/examples/gke_autopilot_cluster/main.tf index f8dbd7a282..61f32bc8fa 100644 --- a/examples/gke_autopilot_cluster/main.tf +++ b/examples/gke_autopilot_cluster/main.tf @@ -36,7 +36,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster" version = "~> 38.0" - project = var.project_id + project_id = var.project_id name = "${local.cluster_type}-cluster" location = var.region network = module.gcp-network.network_self_link diff --git a/examples/gke_standard_cluster/main.tf b/examples/gke_standard_cluster/main.tf index a7c827cfea..31ec041c08 100644 --- a/examples/gke_standard_cluster/main.tf +++ b/examples/gke_standard_cluster/main.tf @@ -37,7 +37,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-standard-cluster" version = "~> 38.0" - project = var.project_id + project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" location = var.region network = var.network From 652e0ed25eef8ac9c03aa82dfa9bd814f92f181e Mon Sep 17 00:00:00 2001 From: Daisy Date: Thu, 11 Sep 2025 18:25:25 +0000 Subject: [PATCH 12/12] updated the examples with project_id --- examples/gke_standard_cluster/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/gke_standard_cluster/main.tf b/examples/gke_standard_cluster/main.tf index 31ec041c08..d3927472e6 100644 --- a/examples/gke_standard_cluster/main.tf +++ b/examples/gke_standard_cluster/main.tf @@ -87,7 +87,7 @@ module "node_pool" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-node-pool" version = "~> 38.0" - project = var.project_id + project_id = var.project_id location = var.region cluster = module.gke.cluster_name node_config = {