diff --git a/README.md b/README.md index d03c0a3540..cbafbe9a75 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -235,6 +236,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/autogen/main/README.md b/autogen/main/README.md index d9d74c6d27..a41e0b6006 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -108,6 +108,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -194,6 +195,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 60831abc97..6abd539edf 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -295,6 +295,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -576,6 +579,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/cluster.tf b/cluster.tf index a06712b2d1..2e6cc659db 100644 --- a/cluster.tf +++ b/cluster.tf @@ -146,6 +146,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -266,6 +269,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index c51e71be19..58552c3206 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -91,6 +91,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -311,6 +312,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 8bb01a865c..ea8c36adea 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -252,6 +252,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -501,6 +504,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 98379fe5a1..12fceb7438 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -69,6 +69,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -289,6 +290,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index fe874b7622..60ce1a2c4e 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -252,6 +252,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -415,6 +418,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 8801d7ccde..d0475292cb 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -85,6 +85,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -298,6 +299,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 762955d34b..a81dbe457f 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -252,6 +252,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -482,6 +485,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 7d9d2577c5..3fd495ceeb 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -63,6 +63,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -276,6 +277,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index a6d20774d3..a079ed7827 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -252,6 +252,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -396,6 +399,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index f03158538a..f82124de2c 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -86,6 +86,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -269,6 +270,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index b5e4df2dcb..87a45f9c21 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -146,6 +146,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -364,6 +367,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {}, diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 8aabf2e332..35af609e56 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -64,6 +64,7 @@ module "gke" { disk_size_gb = 100 disk_type = "pd-standard" image_type = "COS_CONTAINERD" + enable_gcfs = false auto_repair = true auto_upgrade = true service_account = "project-service-account@.iam.gserviceaccount.com" @@ -247,6 +248,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | | enable_secure_boot | Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails. | false | Optional | | gpu_partition_size | Size of partitions to create on the GPU | null | Optional | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ffa8c1a385..a6823c9383 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -146,6 +146,9 @@ resource "google_container_cluster" "primary" { image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(var.node_pools[0], "enable_gcfs", false) + } service_account = lookup(var.node_pools[0], "service_account", local.service_account) @@ -279,6 +282,9 @@ resource "google_container_node_pool" "pools" { image_type = lookup(each.value, "image_type", "COS_CONTAINERD") machine_type = lookup(each.value, "machine_type", "e2-medium") min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + gcfs_config { + enabled = lookup(each.value, "enable_gcfs", false) + } labels = merge( lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {}, lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = each.value["name"] } : {},