Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(cgroup): add support for configuring Linux cgroup mode in autopilot clusters #2282

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat(cgroup): add support for configuring Linux cgroup mode in autopilot clusters #2282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4167797
feat(cgroup): add support for configuring Linux cgroup mode in autopi…
Ameausoone Feb 7, 2025
b0e4363
chore: rename variable to node_pools_cgroup_mode
Ameausoone Feb 13, 2025
be28848
refactor: reformat cgroup mode validation for improved readability
Ameausoone Feb 13, 2025
4305a5a
`refactor: replace conditional operator with coalesce in variables.tf`
Ameausoone Feb 13, 2025
efe18f2
Revert "`refactor: replace conditional operator with coalesce in vari…
Ameausoone Feb 14, 2025
c5ed90a
Merge branch 'main' into feat/2264/cgroupv2
Ameausoone Feb 15, 2025
54116c1
Merge branch 'main' into feat/2264/cgroupv2
apeabody Feb 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion autogen/main/cluster.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@ resource "google_container_cluster" "primary" {
}
{% if autopilot_cluster %}
dynamic "node_pool_auto_config" {
for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []
for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : []
content {
network_tags {
tags = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules ? concat(var.network_tags, [local.cluster_network_tag]) : length(var.network_tags) > 0 ? var.network_tags : null
Expand All @@ -291,6 +291,12 @@ resource "google_container_cluster" "primary" {
insecure_kubelet_readonly_port_enabled = upper(tostring(var.insecure_kubelet_readonly_port_enabled))
}
}
dynamic "linux_node_config" {
for_each = var.node_pools_cgroup_mode != null ? [1] : []
content {
cgroup_mode = var.node_pools_cgroup_mode
}
}
}
}
{% endif %}
Expand Down
17 changes: 17 additions & 0 deletions autogen/main/variables.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,23 @@ variable "insecure_kubelet_readonly_port_enabled" {
default = null
}

{% if autopilot_cluster %}
variable "node_pools_cgroup_mode" {
type = string
description = "Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management."
validation {
condition = var.node_pools_cgroup_mode == null || contains([
"",
"CGROUP_MODE_UNSPECIFIED",
"CGROUP_MODE_V1",
"CGROUP_MODE_V2"
], var.node_pools_cgroup_mode != null ? var.node_pools_cgroup_mode : "")
error_message = "The node_pools_cgroup_mode must be one of CGROUP_MODE_UNSPECIFIED, CGROUP_MODE_V1, or CGROUP_MODE_V2."
}
default = null
}

{% endif %}
{% if autopilot_cluster != true %}
variable "datapath_provider" {
type = string
Expand Down
1 change: 1 addition & 0 deletions modules/beta-autopilot-private-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ Then perform the following commands on the root folder:
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | <pre>[<br> "10.0.0.0/8",<br> "172.16.0.0/12",<br> "192.168.0.0/16"<br>]</pre> | no |
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
Expand Down
8 changes: 7 additions & 1 deletion modules/beta-autopilot-private-cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ resource "google_container_cluster" "primary" {
}
}
dynamic "node_pool_auto_config" {
for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []
for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : []
content {
network_tags {
tags = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules ? concat(var.network_tags, [local.cluster_network_tag]) : length(var.network_tags) > 0 ? var.network_tags : null
Expand All @@ -147,6 +147,12 @@ resource "google_container_cluster" "primary" {
insecure_kubelet_readonly_port_enabled = upper(tostring(var.insecure_kubelet_readonly_port_enabled))
}
}
dynamic "linux_node_config" {
for_each = var.node_pools_cgroup_mode != null ? [1] : []
content {
cgroup_mode = var.node_pools_cgroup_mode
}
}
}
}

Expand Down
15 changes: 15 additions & 0 deletions modules/beta-autopilot-private-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,21 @@ variable "insecure_kubelet_readonly_port_enabled" {
default = null
}

variable "node_pools_cgroup_mode" {
type = string
description = "Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management."
validation {
condition = var.node_pools_cgroup_mode == null || contains([
"",
"CGROUP_MODE_UNSPECIFIED",
"CGROUP_MODE_V1",
"CGROUP_MODE_V2"
], var.node_pools_cgroup_mode != null ? var.node_pools_cgroup_mode : "")
error_message = "The node_pools_cgroup_mode must be one of CGROUP_MODE_UNSPECIFIED, CGROUP_MODE_V1, or CGROUP_MODE_V2."
}
default = null
}

variable "maintenance_start_time" {
type = string
description = "Time window specified for daily or recurring maintenance operations in RFC3339 format"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-autopilot-public-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ Then perform the following commands on the root folder:
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | <pre>[<br> "10.0.0.0/8",<br> "172.16.0.0/12",<br> "192.168.0.0/16"<br>]</pre> | no |
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
Expand Down
8 changes: 7 additions & 1 deletion modules/beta-autopilot-public-cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ resource "google_container_cluster" "primary" {
}
}
dynamic "node_pool_auto_config" {
for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []
for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : []
content {
network_tags {
tags = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules ? concat(var.network_tags, [local.cluster_network_tag]) : length(var.network_tags) > 0 ? var.network_tags : null
Expand All @@ -147,6 +147,12 @@ resource "google_container_cluster" "primary" {
insecure_kubelet_readonly_port_enabled = upper(tostring(var.insecure_kubelet_readonly_port_enabled))
}
}
dynamic "linux_node_config" {
for_each = var.node_pools_cgroup_mode != null ? [1] : []
content {
cgroup_mode = var.node_pools_cgroup_mode
}
}
}
}

Expand Down
15 changes: 15 additions & 0 deletions modules/beta-autopilot-public-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,21 @@ variable "insecure_kubelet_readonly_port_enabled" {
default = null
}

variable "node_pools_cgroup_mode" {
type = string
description = "Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management."
validation {
condition = var.node_pools_cgroup_mode == null || contains([
"",
"CGROUP_MODE_UNSPECIFIED",
"CGROUP_MODE_V1",
"CGROUP_MODE_V2"
], var.node_pools_cgroup_mode != null ? var.node_pools_cgroup_mode : "")
error_message = "The node_pools_cgroup_mode must be one of CGROUP_MODE_UNSPECIFIED, CGROUP_MODE_V1, or CGROUP_MODE_V2."
}
default = null
}

variable "maintenance_start_time" {
type = string
description = "Time window specified for daily or recurring maintenance operations in RFC3339 format"
Expand Down