diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 3fac2124f7..af992f2429 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -36,8 +36,9 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection - {% if autopilot_cluster != true %} + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null + dynamic "network_policy" { for_each = local.cluster_network_policy @@ -579,121 +580,124 @@ resource "google_container_cluster" "primary" { delete = lookup(var.timeouts, "delete", "45m") } {% if autopilot_cluster != true %} - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value - } + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - {% if beta_cluster %} - dynamic "sandbox_config" { - for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] - content { - sandbox_type = sandbox_config.value + {% if beta_cluster %} + dynamic "sandbox_config" { + for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] + content { + sandbox_type = sandbox_config.value + } } - } - {% endif %} - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + {% endif %} + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } {% endif %} diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ce3268200c..7c3dfb0c27 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -203,8 +203,8 @@ locals { {% if autopilot_cluster != true %} // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) {% else %} // cluster ID is in the form project/location/name cluster_name_computed = element(split("/", local.cluster_id), length(split("/", local.cluster_id)) - 1) diff --git a/cluster.tf b/cluster.tf index eb9ca74a5b..0943973bd9 100644 --- a/cluster.tf +++ b/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -439,112 +440,115 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value - } + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/main.tf b/main.tf index acd49578db..4b062f291f 100644 --- a/main.tf +++ b/main.tf @@ -145,8 +145,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 2c41d52604..b5ae1e6714 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -33,7 +33,6 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection - dynamic "release_channel" { for_each = local.release_channel diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 13bb1a7665..4bff282ffa 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -33,7 +33,6 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection - dynamic "release_channel" { for_each = local.release_channel diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index c3cfd5a8b4..b908cda13f 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -476,119 +477,122 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) + } + + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - dynamic "sandbox_config" { - for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] - content { - sandbox_type = sandbox_config.value + dynamic "sandbox_config" { + for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] + content { + sandbox_type = sandbox_config.value + } } - } - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 7e82e41d1e..fec32022f2 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -169,8 +169,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 603d388abe..f6a4eefaf7 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -476,119 +477,122 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) + } + + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - dynamic "sandbox_config" { - for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] - content { - sandbox_type = sandbox_config.value + dynamic "sandbox_config" { + for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] + content { + sandbox_type = sandbox_config.value + } } - } - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 7e82e41d1e..fec32022f2 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -169,8 +169,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index d521ca8ce1..918c9ee19e 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -476,119 +477,122 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) + } + + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - dynamic "sandbox_config" { - for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] - content { - sandbox_type = sandbox_config.value + dynamic "sandbox_config" { + for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] + content { + sandbox_type = sandbox_config.value + } } - } - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 015c44702c..ea2e238d49 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -162,8 +162,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0379a3f001..842676033d 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -476,119 +477,122 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) + } + + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - dynamic "sandbox_config" { - for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] - content { - sandbox_type = sandbox_config.value + dynamic "sandbox_config" { + for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : [] + content { + sandbox_type = sandbox_config.value + } } - } - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 015c44702c..ea2e238d49 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -162,8 +162,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 14bff26bd5..f6a69b501c 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -439,112 +440,115 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) + } + + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index b311f148c0..4df5aa8805 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -152,8 +152,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index bfc3b1b0b5..39eb424d9c 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -32,6 +32,7 @@ resource "google_container_cluster" "primary" { cluster_ipv4_cidr = var.cluster_ipv4_cidr network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + initial_node_count = length(var.node_pools) == 0 ? var.initial_node_count : null dynamic "network_policy" { for_each = local.cluster_network_policy @@ -439,112 +440,115 @@ resource "google_container_cluster" "primary" { update = lookup(var.timeouts, "update", "45m") delete = lookup(var.timeouts, "delete", "45m") } - node_pool { - name = "default-pool" - initial_node_count = var.initial_node_count - - management { - auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) - auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) - } - - node_config { - image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") - machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") - min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") - enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) - disk_type = lookup(var.node_pools[0], "disk_type", null) - dynamic "gcfs_config" { - for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] - content { - enabled = gcfs_config.value + dynamic "node_pool" { + for_each = length(var.node_pools) == 0 ? [] : [1] + content { + name = "default-pool" + initial_node_count = var.initial_node_count + + management { + auto_repair = lookup(var.cluster_autoscaling, "auto_repair", true) + auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) + } + + node_config { + image_type = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD") + machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") + enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false) + disk_type = lookup(var.node_pools[0], "disk_type", null) + dynamic "gcfs_config" { + for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : [] + content { + enabled = gcfs_config.value + } } - } - dynamic "gvnic" { - for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] - content { - enabled = gvnic.value + dynamic "gvnic" { + for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : [] + content { + enabled = gvnic.value + } } - } - dynamic "fast_socket" { - for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] - content { - enabled = fast_socket.value + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } } - } - dynamic "kubelet_config" { - for_each = length(setintersection( - keys(var.node_pools[0]), - ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] - )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] + dynamic "kubelet_config" { + for_each = length(setintersection( + keys(var.node_pools[0]), + ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"] + )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] - content { - cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") - cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) - cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) - insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null - pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) - container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) - container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) - image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) - image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) - image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) - image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) - allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + content { + cpu_manager_policy = lookup(var.node_pools[0], "cpu_manager_policy", "static") + cpu_cfs_quota = lookup(var.node_pools[0], "cpu_cfs_quota", null) + cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null) + insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null + pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null) + container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null) + container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null) + image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null) + image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null) + image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null) + image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null) + allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)] + } } - } - dynamic "sole_tenant_config" { - # node_affinity is currently the only member of sole_tenant_config - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] - content { - dynamic "node_affinity" { - for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] - content { - key = lookup(jsondecode(node_affinity.value), "key", null) - operator = lookup(jsondecode(node_affinity.value), "operator", null) - values = lookup(jsondecode(node_affinity.value), "values", []) + dynamic "sole_tenant_config" { + # node_affinity is currently the only member of sole_tenant_config + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : [] + content { + dynamic "node_affinity" { + for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : [] + content { + key = lookup(jsondecode(node_affinity.value), "key", null) + operator = lookup(jsondecode(node_affinity.value), "operator", null) + values = lookup(jsondecode(node_affinity.value), "values", []) + } } } } - } - service_account = lookup(var.node_pools[0], "service_account", local.service_account) + service_account = lookup(var.node_pools[0], "service_account", local.service_account) - tags = concat( - lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], - lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], - lookup(local.node_pools_tags, "all", []), - lookup(local.node_pools_tags, var.node_pools[0].name, []), - ) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) - logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") + logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT") - dynamic "workload_metadata_config" { - for_each = local.cluster_node_metadata_config + dynamic "workload_metadata_config" { + for_each = local.cluster_node_metadata_config - content { - mode = workload_metadata_config.value.mode + content { + mode = workload_metadata_config.value.mode + } } - } - metadata = local.node_pools_metadata["all"] + metadata = local.node_pools_metadata["all"] - boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) + boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key) - storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] + storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : [] - shielded_instance_config { - enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) - enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) - } + shielded_instance_config { + enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false) + enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true) + } - local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) - max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) - flex_start = lookup(var.node_pools[0], "flex_start", null) + local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null) + max_run_duration = lookup(var.node_pools[0], "max_run_duration", null) + flex_start = lookup(var.node_pools[0], "flex_start", null) + } } } diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index b311f148c0..4df5aa8805 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -152,8 +152,8 @@ locals { cluster_zones = sort(local.cluster_output_zones) // node pool ID is in the form projects//locations//clusters//nodePools/ - cluster_name_parts_from_nodepool = split("/", element(values(google_container_node_pool.pools)[*].id, 0)) - cluster_name_computed = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) + cluster_name_parts_from_nodepool = length(var.node_pools) == 0 ? [] : split("/", element(values(google_container_node_pool.pools)[*].id, 0)) + cluster_name_computed = length(var.node_pools) == 0 ? var.name : element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3) cluster_network_tag = "gke-${var.name}" cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version