From 41a9a482e14816024ae69e8a70140bf73d04f465 Mon Sep 17 00:00:00 2001
From: Andrew Peabody <andrewpeabody@google.com>
Date: Thu, 17 Oct 2024 22:41:26 +0000
Subject: [PATCH] fix: add kubelet_config to default-node-pool

---
 autogen/main/cluster.tf.tmpl                      | 15 +++++++++++++++
 cluster.tf                                        | 15 +++++++++++++++
 .../cluster.tf                                    | 15 +++++++++++++++
 modules/beta-private-cluster/cluster.tf           | 15 +++++++++++++++
 .../beta-public-cluster-update-variant/cluster.tf | 15 +++++++++++++++
 modules/beta-public-cluster/cluster.tf            | 15 +++++++++++++++
 modules/private-cluster-update-variant/cluster.tf | 15 +++++++++++++++
 modules/private-cluster/cluster.tf                | 15 +++++++++++++++
 8 files changed, 120 insertions(+)

diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 2827aebf12..c223f5373f 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -530,6 +530,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/cluster.tf b/cluster.tf
index 70bdfb412e..78c8c00539 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -407,6 +407,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 38f75b84b6..d1ea2f2cfc 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 6600ac2675..b7b97c3ce5 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index e43fa5a5a1..cbe4da399e 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 0c1c6f518a..00084478d4 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -453,6 +453,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index ae4b58deb2..d78bbc5940 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -407,6 +407,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index 5037e10bd8..d3ef889c47 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -407,6 +407,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "kubelet_config" {
+        for_each = length(setintersection(
+          keys(each.value),
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        )) != 0 ? [1] : []
+
+        content {
+          cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(