From cb3c136fd187a456b96e0f33af0e09703c9c02b8 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Wed, 17 Sep 2025 12:11:08 -0400 Subject: [PATCH 1/4] add support for pod_cidr_overprovision_config Signed-off-by: drfaust92 --- README.md | 2 ++ autogen/main/README.md | 1 + autogen/main/cluster.tf.tmpl | 13 ++++++++++++ autogen/main/variables.tf.tmpl | 6 ++++++ cluster.tf | 20 +++++++++++++++++++ metadata.display.yaml | 3 +++ metadata.yaml | 5 +++++ .../beta-autopilot-private-cluster/README.md | 1 + .../beta-autopilot-private-cluster/cluster.tf | 6 ++++++ .../metadata.display.yaml | 3 +++ .../metadata.yaml | 5 +++++ .../variables.tf | 6 ++++++ .../beta-autopilot-public-cluster/README.md | 1 + .../beta-autopilot-public-cluster/cluster.tf | 6 ++++++ .../metadata.display.yaml | 3 +++ .../metadata.yaml | 5 +++++ .../variables.tf | 6 ++++++ .../README.md | 2 ++ .../cluster.tf | 20 +++++++++++++++++++ .../metadata.display.yaml | 3 +++ .../metadata.yaml | 5 +++++ .../variables.tf | 6 ++++++ modules/beta-private-cluster/README.md | 2 ++ modules/beta-private-cluster/cluster.tf | 20 +++++++++++++++++++ .../metadata.display.yaml | 3 +++ modules/beta-private-cluster/metadata.yaml | 5 +++++ modules/beta-private-cluster/variables.tf | 6 ++++++ .../README.md | 2 ++ .../cluster.tf | 20 +++++++++++++++++++ .../metadata.display.yaml | 3 +++ .../metadata.yaml | 5 +++++ .../variables.tf | 6 ++++++ modules/beta-public-cluster/README.md | 2 ++ modules/beta-public-cluster/cluster.tf | 20 +++++++++++++++++++ .../beta-public-cluster/metadata.display.yaml | 3 +++ modules/beta-public-cluster/metadata.yaml | 5 +++++ modules/beta-public-cluster/variables.tf | 6 ++++++ .../private-cluster-update-variant/README.md | 2 ++ .../private-cluster-update-variant/cluster.tf | 20 +++++++++++++++++++ .../metadata.display.yaml | 3 +++ .../metadata.yaml | 5 +++++ .../variables.tf | 6 ++++++ modules/private-cluster/README.md | 2 ++ modules/private-cluster/cluster.tf | 20 +++++++++++++++++++ modules/private-cluster/metadata.display.yaml | 3 +++ modules/private-cluster/metadata.yaml | 5 +++++ modules/private-cluster/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 48 files changed, 314 insertions(+) diff --git a/README.md b/README.md index fdadb47def..3301a79b73 100644 --- a/README.md +++ b/README.md @@ -252,6 +252,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | @@ -403,6 +404,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/autogen/main/README.md b/autogen/main/README.md index d8559f66a1..397635776f 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -280,6 +280,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index d27c0a7a2a..89ac1ddd5b 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -553,6 +553,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -1038,6 +1044,13 @@ resource "google_container_node_pool" "windows_pools" { enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) {% endif %} + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index eeb5c8b6e1..b4979057a5 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -180,6 +180,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/cluster.tf b/cluster.tf index f549971bdd..6086b26c34 100644 --- a/cluster.tf +++ b/cluster.tf @@ -421,6 +421,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -739,6 +745,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1105,6 +1118,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/metadata.display.yaml b/metadata.display.yaml index 350ef83430..046f3e2cdb 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -366,6 +366,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config project_id: name: project_id title: Project Id diff --git a/metadata.yaml b/metadata.yaml index 62c64a002e..aaa8ccc44d 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -263,6 +263,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index ad3e8badae..377628cd62 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -148,6 +148,7 @@ Then perform the following commands on the root folder: | node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index d8610fc519..ff26739bac 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -322,6 +322,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 1dfa239d94..4a45032701 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -268,6 +268,9 @@ spec: notification_filter_event_type: name: notification_filter_event_type title: Notification Filter Event Type + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config private_endpoint_subnetwork: name: private_endpoint_subnetwork title: Private Endpoint Subnetwork diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 39188bca1c..121541bf6f 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -222,6 +222,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index afc035f7a3..df9b84e12b 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -170,6 +170,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index f7fd25064e..c34fdf6f47 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -137,6 +137,7 @@ Then perform the following commands on the root folder: | node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 3fca7ac4d0..adc87b2ef9 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -322,6 +322,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index 1cd82e2660..2b65e45ad7 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -253,6 +253,9 @@ spec: notification_filter_event_type: name: notification_filter_event_type title: Notification Filter Event Type + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config project_id: name: project_id title: Project Id diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 8d341bd936..95f5645df7 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -222,6 +222,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index b1bf6469df..68eb4c0574 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -170,6 +170,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 76d30e639e..09e17156a8 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -296,6 +296,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | @@ -457,6 +458,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 3649b01359..7aa520b5cb 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -458,6 +458,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -892,6 +898,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1272,6 +1285,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 6836f934d8..e3a8dc6909 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -406,6 +406,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config private_endpoint_subnetwork: name: private_endpoint_subnetwork title: Private Endpoint Subnetwork diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 25204b4288..202ca8185b 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -223,6 +223,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index dd14be9ae1..5996d7d68b 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 7c575d9c16..1619bd85f6 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -274,6 +274,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | @@ -435,6 +436,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 630e7fb1e6..deb18c3e97 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -458,6 +458,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -806,6 +812,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1185,6 +1198,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 0ce6f8bed2..4d89a278ee 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -406,6 +406,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config private_endpoint_subnetwork: name: private_endpoint_subnetwork title: Private Endpoint Subnetwork diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index aa3bcdd46c..708f56af0d 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -223,6 +223,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index dd14be9ae1..5996d7d68b 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 286a4dc80f..fe38db6d6e 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -285,6 +285,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | @@ -444,6 +445,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index dc56b65035..ac7af9ee19 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -458,6 +458,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -870,6 +876,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1250,6 +1263,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 39ad9972ac..f48137f56a 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -391,6 +391,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config project_id: name: project_id title: Project Id diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 8f1c30d45f..9b7aafe568 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -223,6 +223,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 299b269568..5bc3218f13 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 81f2686793..03104cd521 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -263,6 +263,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | @@ -422,6 +423,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index f5f5011763..28fcced63a 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -458,6 +458,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -784,6 +790,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1163,6 +1176,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index 117dfb553b..bb33429c09 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -391,6 +391,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config project_id: name: project_id title: Project Id diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index db9c168acd..d4e8c06da4 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -223,6 +223,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 299b269568..5bc3218f13 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 4c33b602ea..44e836427e 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -285,6 +285,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | @@ -438,6 +439,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index aaf42cdcae..6aa1c08c95 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -421,6 +421,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -846,6 +852,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1213,6 +1226,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 0b9d444270..9d9562a2e9 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -382,6 +382,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config private_endpoint_subnetwork: name: private_endpoint_subnetwork title: Private Endpoint Subnetwork diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index ca27acd298..649d31bb0a 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -223,6 +223,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index ee0ccbafff..ca9ce9a7bc 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 5ba1519c08..07cb59faf3 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -263,6 +263,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | @@ -416,6 +417,7 @@ The node_pools variable takes the following parameters: | queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional | | gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional | | max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional | +| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional | | total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional | | consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional | | reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 12cfa96e87..63dec7fca1 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -421,6 +421,12 @@ resource "google_container_cluster" "primary" { } } stack_type = var.stack_type + dynamic "pod_cidr_overprovision_config" { + for_each = var.pod_cidr_overprovision_config + content { + disabled = var.pod_cidr_overprovision_config.disabled + } + } } maintenance_policy { @@ -761,6 +767,13 @@ resource "google_container_node_pool" "pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { @@ -1127,6 +1140,13 @@ resource "google_container_node_pool" "windows_pools" { pod_range = lookup(network_config.value, "pod_range", null) enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes) + dynamic "pod_cidr_overprovision_config" { + for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : [] + content { + disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null) + } + } + dynamic "network_performance_config" { for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : [] content { diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 1abd280ecf..9411c61598 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -382,6 +382,9 @@ spec: parallelstore_csi_driver: name: parallelstore_csi_driver title: Parallelstore Csi Driver + pod_cidr_overprovision_config: + name: pod_cidr_overprovision_config + title: Pod Cidr Overprovision Config private_endpoint_subnetwork: name: private_endpoint_subnetwork title: Private Endpoint Subnetwork diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 9135a0da66..0f3fe1eba8 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -223,6 +223,11 @@ spec: description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] + - name: pod_cidr_overprovision_config + description: Configuration for cluster level pod cidr overprovision. + varType: object({ disabled = bool }) + defaultValue: + disabled: null - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index ee0ccbafff..ca9ce9a7bc 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/variables.tf b/variables.tf index e06c1b5d18..4a5c958bfb 100644 --- a/variables.tf +++ b/variables.tf @@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" { default = [] } +variable "pod_cidr_overprovision_config" { + type = object({ disabled = bool }) + description = "Configuration for cluster level pod cidr overprovision." + default = { disabled = null } +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." From df239977393a747ab62ca27fd0287df8c35f19cd Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sun, 21 Sep 2025 11:41:44 -0400 Subject: [PATCH 2/4] check Signed-off-by: drfaust92 --- README.md | 2 +- autogen/main/variables.tf.tmpl | 2 +- metadata.yaml | 2 +- modules/beta-autopilot-private-cluster/README.md | 2 +- modules/beta-autopilot-private-cluster/metadata.yaml | 2 +- modules/beta-autopilot-private-cluster/variables.tf | 2 +- modules/beta-autopilot-public-cluster/README.md | 2 +- modules/beta-autopilot-public-cluster/metadata.yaml | 2 +- modules/beta-autopilot-public-cluster/variables.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster-update-variant/metadata.yaml | 2 +- modules/beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/README.md | 3 +++ modules/beta-private-cluster/metadata.yaml | 2 +- modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster-update-variant/metadata.yaml | 2 +- modules/beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/metadata.yaml | 2 +- modules/beta-public-cluster/variables.tf | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster-update-variant/metadata.yaml | 2 +- modules/private-cluster-update-variant/variables.tf | 2 +- modules/private-cluster/README.md | 2 +- modules/private-cluster/metadata.yaml | 2 +- modules/private-cluster/variables.tf | 2 +- variables.tf | 2 +- 28 files changed, 30 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 3301a79b73..18a75049bc 100644 --- a/README.md +++ b/README.md @@ -252,7 +252,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index b4979057a5..d259e0188b 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -183,7 +183,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/metadata.yaml b/metadata.yaml index aaa8ccc44d..e85a0ad1e1 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -267,7 +267,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 377628cd62..517f667b70 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -148,7 +148,7 @@ Then perform the following commands on the root folder: | node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 121541bf6f..a1ae19c1c9 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -226,7 +226,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index df9b84e12b..f1576ca484 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -173,7 +173,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index c34fdf6f47..398d96fa62 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -137,7 +137,7 @@ Then perform the following commands on the root folder: | node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 95f5645df7..4cbcfdb02e 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -226,7 +226,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 68eb4c0574..ba58c83bf3 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -173,7 +173,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 09e17156a8..d991446d0d 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -296,7 +296,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 202ca8185b..f4ad76dd06 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -227,7 +227,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 5996d7d68b..9f047f40f4 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 1619bd85f6..aa3a8c820e 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -145,6 +145,7 @@ Then perform the following commands on the root folder: - `terraform destroy` to destroy the built infrastructure +<<<<<<< HEAD ## Inputs | Name | Description | Type | Default | Required | @@ -348,6 +349,8 @@ Then perform the following commands on the root folder: | vertical\_pod\_autoscaling\_enabled | Whether vertical pod autoscaling enabled | | zones | List of zones in which the cluster resides | +======= +>>>>>>> 631605dbecd (check) ## node_pools variable diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 708f56af0d..dc986b3a67 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -227,7 +227,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 5996d7d68b..9f047f40f4 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index fe38db6d6e..bce2af8ec5 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -285,7 +285,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 9b7aafe568..7395d88d55 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -227,7 +227,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 5bc3218f13..794dc4492f 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 03104cd521..e737f514fd 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -263,7 +263,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | | rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | 
object({
    enable_insecure_binding_system_unauthenticated = optional(bool, null)
    enable_insecure_binding_system_authenticated   = optional(bool, null)
  })
| 
{
  "enable_insecure_binding_system_authenticated": null,
  "enable_insecure_binding_system_unauthenticated": null
}
| no | diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index d4e8c06da4..83747fe210 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -227,7 +227,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 5bc3218f13..794dc4492f 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 44e836427e..2856299031 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -285,7 +285,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 649d31bb0a..3c30d8ee2f 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -227,7 +227,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index ca9ce9a7bc..86773d0e2a 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 07cb59faf3..4239e79da3 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -263,7 +263,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 0f3fe1eba8..ef6f31938b 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -227,7 +227,7 @@ spec: description: Configuration for cluster level pod cidr overprovision. varType: object({ disabled = bool }) defaultValue: - disabled: null + disabled: false - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index ca9ce9a7bc..86773d0e2a 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { diff --git a/variables.tf b/variables.tf index 4a5c958bfb..6acf825585 100644 --- a/variables.tf +++ b/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_ranges_config" { variable "pod_cidr_overprovision_config" { type = object({ disabled = bool }) description = "Configuration for cluster level pod cidr overprovision." - default = { disabled = null } + default = { disabled = false } } variable "ip_range_services" { From ba22224e761870de09959e059823c1ddedd0285c Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sun, 21 Sep 2025 11:54:11 -0400 Subject: [PATCH 3/4] check Signed-off-by: drfaust92 --- autogen/main/cluster.tf.tmpl | 1 + .../cluster.tf | 1 + modules/beta-private-cluster/README.md | 17 +++++++++++++++++ .../cluster.tf | 1 + .../private-cluster-update-variant/cluster.tf | 1 + 5 files changed, 21 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 89ac1ddd5b..4d54aa721e 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -915,6 +915,7 @@ locals { "flex_start", "local_ssd_ephemeral_storage_count", "ephemeral_storage_local_ssd_data_cache_count", + "pod_cidr_overprovision_config", ] } diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 7aa520b5cb..d39118a120 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -792,6 +792,7 @@ locals { "flex_start", "local_ssd_ephemeral_storage_count", "ephemeral_storage_local_ssd_data_cache_count", + "pod_cidr_overprovision_config", ] } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index aa3a8c820e..fbb928fd1c 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -146,6 +146,9 @@ Then perform the following commands on the root folder: <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> ead51c5c986 (check) ## Inputs | Name | Description | Type | Default | Required | @@ -257,7 +260,11 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | +<<<<<<< HEAD | network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | +======= +| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +>>>>>>> ead51c5c986 (check) | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -275,7 +282,11 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | +<<<<<<< HEAD | pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | +======= +| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | +>>>>>>> ead51c5c986 (check) | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | @@ -285,7 +296,10 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +<<<<<<< HEAD | resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | +======= +>>>>>>> ead51c5c986 (check) | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | @@ -349,8 +363,11 @@ Then perform the following commands on the root folder: | vertical\_pod\_autoscaling\_enabled | Whether vertical pod autoscaling enabled | | zones | List of zones in which the cluster resides | +<<<<<<< HEAD ======= >>>>>>> 631605dbecd (check) +======= +>>>>>>> ead51c5c986 (check) ## node_pools variable diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index ac7af9ee19..4b43360b2b 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -770,6 +770,7 @@ locals { "flex_start", "local_ssd_ephemeral_storage_count", "ephemeral_storage_local_ssd_data_cache_count", + "pod_cidr_overprovision_config", ] } diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 6aa1c08c95..9ed7821522 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -746,6 +746,7 @@ locals { "flex_start", "local_ssd_ephemeral_storage_count", "ephemeral_storage_local_ssd_data_cache_count", + "pod_cidr_overprovision_config", ] } From 1460744e92b6ba9356c2b9b1baec2dbdfbe90c23 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sat, 27 Sep 2025 21:46:00 -0400 Subject: [PATCH 4/4] rebase Signed-off-by: drfaust92 --- modules/beta-private-cluster/README.md | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index fbb928fd1c..7ef4b93d39 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -145,10 +145,6 @@ Then perform the following commands on the root folder: - `terraform destroy` to destroy the built infrastructure -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> ead51c5c986 (check) ## Inputs | Name | Description | Type | Default | Required | @@ -260,11 +256,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -<<<<<<< HEAD | network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | -======= -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | ->>>>>>> ead51c5c986 (check) | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -282,11 +274,7 @@ Then perform the following commands on the root folder: | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no | -<<<<<<< HEAD -| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": null
}
| no | -======= | pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | 
{
  "disabled": false
}
| no | ->>>>>>> ead51c5c986 (check) | private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | 
object({
    enabled            = bool
    logging_enabled    = optional(bool, false)
    monitoring_enabled = optional(bool, false)
  })
| 
{
  "enabled": false,
  "logging_enabled": false,
  "monitoring_enabled": false
}
| no | @@ -296,10 +284,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -<<<<<<< HEAD | resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | -======= ->>>>>>> ead51c5c986 (check) | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | @@ -363,11 +348,6 @@ Then perform the following commands on the root folder: | vertical\_pod\_autoscaling\_enabled | Whether vertical pod autoscaling enabled | | zones | List of zones in which the cluster resides | -<<<<<<< HEAD -======= ->>>>>>> 631605dbecd (check) -======= ->>>>>>> ead51c5c986 (check) ## node_pools variable