add support for pod_cidr_overprovision_config

Signed-off-by: drfaust92 <[email protected]>

Author: DrFaust92

README.md

@@ -252,6 +252,7 @@ Then perform the following commands on the root folder:
 | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
 | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
 | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | <pre>{<br>  "disabled": null<br>}</pre> | no |
 | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
 | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | <pre>object({<br>    enabled            = bool<br>    logging_enabled    = optional(bool, false)<br>    monitoring_enabled = optional(bool, false)<br>  })</pre> | <pre>{<br>  "enabled": false,<br>  "logging_enabled": false,<br>  "monitoring_enabled": false<br>}</pre> | no |
 | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | <pre>object({<br>    enable_insecure_binding_system_unauthenticated = optional(bool, null)<br>    enable_insecure_binding_system_authenticated   = optional(bool, null)<br>  })</pre> | <pre>{<br>  "enable_insecure_binding_system_authenticated": null,<br>  "enable_insecure_binding_system_unauthenticated": null<br>}</pre> | no |
@@ -402,6 +403,7 @@ The node_pools variable takes the following parameters:
 | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
 | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
 | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config |  Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. |  | Optional |
 | total_egress_bandwidth_tier |  Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". |  | Optional |
 | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
 | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |

autogen/main/README.md

@@ -280,6 +280,7 @@ The node_pools variable takes the following parameters:
 | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
 | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
 | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config |  Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. |  | Optional |
 | total_egress_bandwidth_tier |  Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". |  | Optional |
 | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
 | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |

autogen/main/cluster.tf.tmpl

@@ -549,6 +549,12 @@ resource "google_container_cluster" "primary" {
       }
     }
     stack_type                    = var.stack_type
+    dynamic "pod_cidr_overprovision_config" {
+      for_each = var.pod_cidr_overprovision_config
+      content {
+        disabled = var.pod_cidr_overprovision_config.disabled
+      }
+    }
   }
 
   maintenance_policy {
@@ -1034,6 +1040,13 @@ resource "google_container_node_pool" "windows_pools" {
       enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
       {% endif %}
 
+      dynamic "pod_cidr_overprovision_config" {
+        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+        content {
+          disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+        }
+      }
+
       dynamic "network_performance_config" {
         for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
         content {

autogen/main/variables.tf.tmpl

@@ -180,6 +180,12 @@ variable "additional_pod_ranges_config" {
   default = []
 }
 
+variable "pod_cidr_overprovision_config" {
+  type        = object({ disabled = bool })
+  description = "Configuration for cluster level pod cidr overprovision."
+  default = { disabled = null }
+}
+
 variable "ip_range_services" {
   type        = string
   description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."

cluster.tf

@@ -419,6 +419,12 @@ resource "google_container_cluster" "primary" {
       }
     }
     stack_type = var.stack_type
+    dynamic "pod_cidr_overprovision_config" {
+      for_each = var.pod_cidr_overprovision_config
+      content {
+        disabled = var.pod_cidr_overprovision_config.disabled
+      }
+    }
   }
 
   maintenance_policy {
@@ -737,6 +743,13 @@ resource "google_container_node_pool" "pools" {
       pod_range            = lookup(network_config.value, "pod_range", null)
       enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
 
+      dynamic "pod_cidr_overprovision_config" {
+        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+        content {
+          disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+        }
+      }
+
       dynamic "network_performance_config" {
         for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
         content {
@@ -1103,6 +1116,13 @@ resource "google_container_node_pool" "windows_pools" {
       pod_range            = lookup(network_config.value, "pod_range", null)
       enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
 
+      dynamic "pod_cidr_overprovision_config" {
+        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+        content {
+          disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+        }
+      }
+
       dynamic "network_performance_config" {
         for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
         content {

examples/gke_autopilot_cluster/main.tf

@@ -36,7 +36,7 @@ module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster"
   version = "~> 38.0"
 
-  project_id    = var.project_id
+  project_id = var.project_id
   name       = "${local.cluster_type}-cluster"
   location   = var.region
   network    = module.gcp-network.network_self_link

examples/gke_standard_cluster/main.tf

@@ -37,7 +37,7 @@ module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/gke-standard-cluster"
   version = "~> 38.0"
 
-  project_id    = var.project_id
+  project_id = var.project_id
   name       = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
   location   = var.region
   network    = var.network
@@ -87,9 +87,9 @@ module "node_pool" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/gke-node-pool"
   version = "~> 38.0"
 
-  project_id  = var.project_id
-  location = var.region
-  cluster  = module.gke.cluster_name
+  project_id = var.project_id
+  location   = var.region
+  cluster    = module.gke.cluster_name
   node_config = {
     disk_size_gb    = 100
     disk_type       = "pd-standard"

examples/node_pool/main.tf

@@ -163,7 +163,7 @@ module "gke" {
   }
 
   node_pools_cgroup_mode = {
-    all = "CGROUP_MODE_V2"
+    all     = "CGROUP_MODE_V2"
     pool-01 = "CGROUP_MODE_V1"
   }
 

metadata.display.yaml

@@ -363,6 +363,9 @@ spec:
         parallelstore_csi_driver:
           name: parallelstore_csi_driver
           title: Parallelstore Csi Driver
+        pod_cidr_overprovision_config:
+          name: pod_cidr_overprovision_config
+          title: Pod Cidr Overprovision Config
         project_id:
           name: project_id
           title: Project Id

metadata.yaml

@@ -263,6 +263,11 @@ spec:
         description: the configuration for individual additional subnetworks attached to the cluster
         varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
         defaultValue: []
+      - name: pod_cidr_overprovision_config
+        description: Configuration for cluster level pod cidr overprovision.
+        varType: object({ disabled = bool })
+        defaultValue:
+          disabled: null
       - name: ip_range_services
         description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
         varType: string