From c719dd47e035cb84620e51a15aa82b6f284547ed Mon Sep 17 00:00:00 2001 From: Jordan Stout Date: Wed, 11 Dec 2024 14:59:55 -0800 Subject: [PATCH] feat: add cgroup & sysctls --- autogen/safer-cluster/main.tf.tmpl | 4 +++- autogen/safer-cluster/variables.tf.tmpl | 19 +++++++++++++++++++ .../safer-cluster-update-variant/README.md | 2 ++ modules/safer-cluster-update-variant/main.tf | 4 +++- .../safer-cluster-update-variant/variables.tf | 19 +++++++++++++++++++ modules/safer-cluster/README.md | 2 ++ modules/safer-cluster/main.tf | 4 +++- modules/safer-cluster/variables.tf | 19 +++++++++++++++++++ 8 files changed, 70 insertions(+), 3 deletions(-) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 3a06a87e3f..13ed26c9b6 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -97,7 +97,9 @@ module "gke" { node_pools_taints = var.node_pools_taints node_pools_tags = var.node_pools_tags - node_pools_oauth_scopes = var.node_pools_oauth_scopes + node_pools_oauth_scopes = var.node_pools_oauth_scopes + node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls + node_pools_cgroup_mode = var.node_pools_cgroup_mode cluster_autoscaling = var.cluster_autoscaling diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 678eaa2a3a..e18a47a852 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -224,6 +224,25 @@ variable "node_pools_oauth_scopes" { } } +variable "node_pools_linux_node_configs_sysctls" { + type = map(map(string)) + description = "Map of maps containing linux node config sysctls by node-pool name" + + default = { + all = {} + default-node-pool = {} + } +} +variable "node_pools_cgroup_mode" { + type = map(string) + description = "Map of strings containing cgroup node config by node-pool name" + + default = { + all = "" + default-node-pool = "" + } +} + variable "cluster_autoscaling" { type = object({ enabled = bool diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index ee0e3c39e8..4a832f4616 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -257,7 +257,9 @@ For simplicity, we suggest using `roles/container.admin` and | network | The VPC network to host the cluster in | `string` | n/a | yes | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_pools | List of maps containing node pools | `list(map(string))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | +| node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | | node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | +| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | 
{
  "all": [
    "https://www.googleapis.com/auth/cloud-platform"
  ],
  "default-node-pool": []
}
| no | | node\_pools\_resource\_labels | Map of maps containing resource labels by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index a13fafe5fe..7af46dc1d1 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -93,7 +93,9 @@ module "gke" { node_pools_taints = var.node_pools_taints node_pools_tags = var.node_pools_tags - node_pools_oauth_scopes = var.node_pools_oauth_scopes + node_pools_oauth_scopes = var.node_pools_oauth_scopes + node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls + node_pools_cgroup_mode = var.node_pools_cgroup_mode cluster_autoscaling = var.cluster_autoscaling diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 02d6f8e526..c481cd926c 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -224,6 +224,25 @@ variable "node_pools_oauth_scopes" { } } +variable "node_pools_linux_node_configs_sysctls" { + type = map(map(string)) + description = "Map of maps containing linux node config sysctls by node-pool name" + + default = { + all = {} + default-node-pool = {} + } +} +variable "node_pools_cgroup_mode" { + type = map(string) + description = "Map of strings containing cgroup node config by node-pool name" + + default = { + all = "" + default-node-pool = "" + } +} + variable "cluster_autoscaling" { type = object({ enabled = bool diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index ee0e3c39e8..4a832f4616 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -257,7 +257,9 @@ For simplicity, we suggest using `roles/container.admin` and | network | The VPC network to host the cluster in | `string` | n/a | yes | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_pools | List of maps containing node pools | `list(map(string))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | +| node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | | node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | +| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | 
{
  "all": [
    "https://www.googleapis.com/auth/cloud-platform"
  ],
  "default-node-pool": []
}
| no | | node\_pools\_resource\_labels | Map of maps containing resource labels by node-pool name | `map(map(string))` | 
{
  "all": {},
  "default-node-pool": {}
}
| no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index e113c09a6a..ea8042fe28 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -93,7 +93,9 @@ module "gke" { node_pools_taints = var.node_pools_taints node_pools_tags = var.node_pools_tags - node_pools_oauth_scopes = var.node_pools_oauth_scopes + node_pools_oauth_scopes = var.node_pools_oauth_scopes + node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls + node_pools_cgroup_mode = var.node_pools_cgroup_mode cluster_autoscaling = var.cluster_autoscaling diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 02d6f8e526..c481cd926c 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -224,6 +224,25 @@ variable "node_pools_oauth_scopes" { } } +variable "node_pools_linux_node_configs_sysctls" { + type = map(map(string)) + description = "Map of maps containing linux node config sysctls by node-pool name" + + default = { + all = {} + default-node-pool = {} + } +} +variable "node_pools_cgroup_mode" { + type = map(string) + description = "Map of strings containing cgroup node config by node-pool name" + + default = { + all = "" + default-node-pool = "" + } +} + variable "cluster_autoscaling" { type = object({ enabled = bool