From d683e56c727edef88abe87e9f940616faa2072e2 Mon Sep 17 00:00:00 2001 From: abhikaddy <47179661+abhikaddy@users.noreply.github.com> Date: Sun, 1 Oct 2023 18:03:58 +0530 Subject: [PATCH] Fixes #1386: Support confidential nodepools --- autogen/main/cluster.tf.tmpl | 7 +++++++ cluster.tf | 12 ++++++++++++ .../beta-private-cluster-update-variant/cluster.tf | 13 +++++++++++++ modules/beta-private-cluster/cluster.tf | 12 ++++++++++++ .../beta-public-cluster-update-variant/cluster.tf | 13 +++++++++++++ modules/beta-public-cluster/cluster.tf | 12 ++++++++++++ modules/private-cluster-update-variant/cluster.tf | 13 +++++++++++++ modules/private-cluster/cluster.tf | 12 ++++++++++++ 8 files changed, 94 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 714b90fb8e..e55c51598f 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -582,6 +582,7 @@ locals { "enable_gcfs", "enable_gvnic", "enable_secure_boot", + "confidential_nodes" ] } @@ -775,6 +776,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/cluster.tf b/cluster.tf index 7c8b05cdaa..0b0dc7383f 100644 --- a/cluster.tf +++ b/cluster.tf @@ -465,6 +465,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -653,6 +659,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 29770ab8f6..f98661736d 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -497,6 +497,7 @@ locals { "enable_gcfs", "enable_gvnic", "enable_secure_boot", + "confidential_nodes" ] } @@ -665,6 +666,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -893,6 +900,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 1ddb1a76e8..43701c84d7 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -571,6 +571,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -798,6 +804,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index d35a15d495..8fd78abe6e 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -478,6 +478,7 @@ locals { "enable_gcfs", "enable_gvnic", "enable_secure_boot", + "confidential_nodes" ] } @@ -646,6 +647,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -874,6 +881,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 4857f57520..d3b47348e3 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -552,6 +552,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -779,6 +785,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 191c99ec50..77535a776a 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -424,6 +424,7 @@ locals { "enable_gcfs", "enable_gvnic", "enable_secure_boot", + "confidential_nodes" ] } @@ -578,6 +579,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -767,6 +774,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index c2fa9906dc..ded37c7359 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -484,6 +484,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, @@ -672,6 +678,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "confidential_nodes" { + for_each = lookup(each.value, "enable_confidential_nodes", false) ? [true] : [] + content { + enabled = confidential_nodes.value + } + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {},