Skip to content

Commit 2faae5f

Browse files
wyardleywyardley
committed
fix(TPG>=5.44)!: add support for insecureKubeletReadonlyPortEnabled
Fixes terraform-google-modules#2013
1 parent 23eab7c commit 2faae5f

File tree

22 files changed

+123
-99
lines changed

22 files changed

+123
-99
lines changed

README.md

+1
Original file line numberDiff line numberDiff line change
@@ -318,6 +318,7 @@ The node_pools variable takes the following parameters:
318318
| gpu_partition_size | Size of partitions to create on the GPU | null | Optional |
319319
| image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS_CONTAINERD | Optional |
320320
| initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
321+
| insecure_kubelet_readonly_port_enabled | Whether or not to enable the insecure Kubelet readonly port. It's strongly recommended to set this to "FALSE". One of "TRUE", "FALSE". | null | Optional |
321322
| key | The key required for the taint | | Required |
322323
| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
323324
| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |

autogen/main/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,7 @@ The node_pools variable takes the following parameters:
213213
| gpu_partition_size | Size of partitions to create on the GPU | null | Optional |
214214
| image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS_CONTAINERD | Optional |
215215
| initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
216+
| insecure_kubelet_readonly_port_enabled | Whether or not to enable the insecure Kubelet readonly port. It's strongly recommended to set this to "FALSE". One of "TRUE", "FALSE". | null | Optional |
216217
| key | The key required for the taint | | Required |
217218
| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
218219
| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |

autogen/main/cluster.tf.tmpl

+6-5
Original file line numberDiff line numberDiff line change
@@ -1040,14 +1040,15 @@ resource "google_container_node_pool" "windows_pools" {
10401040
dynamic "kubelet_config" {
10411041
for_each = length(setintersection(
10421042
keys(each.value),
1043-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
1043+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
10441044
)) != 0 ? [1] : []
10451045

10461046
content {
1047-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1048-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1049-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1050-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
1047+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1048+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1049+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1050+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
1051+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
10511052
}
10521053
}
10531054
{% if beta_cluster %}

autogen/main/versions.tf.tmpl

+2-2
Original file line numberDiff line numberDiff line change
@@ -24,11 +24,11 @@ terraform {
2424
required_providers {
2525
google = {
2626
source = "hashicorp/google"
27-
version = ">= 5.40.0, < 7"
27+
version = ">= 5.44.0, < 7, !=6.0.0, !=6.0.1, !=6.1.0"
2828
}
2929
google-beta = {
3030
source = "hashicorp/google-beta"
31-
version = ">= 5.40.0, < 7"
31+
version = ">= 5.44.0, < 7, !=6.0.0, !=6.0.1, !=6.1.0"
3232
}
3333
kubernetes = {
3434
source = "hashicorp/kubernetes"

cluster.tf

+12-10
Original file line numberDiff line numberDiff line change
@@ -738,14 +738,15 @@ resource "google_container_node_pool" "pools" {
738738
dynamic "kubelet_config" {
739739
for_each = length(setintersection(
740740
keys(each.value),
741-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
741+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
742742
)) != 0 ? [1] : []
743743

744744
content {
745-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
746-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
747-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
748-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
745+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
746+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
747+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
748+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
749+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
749750
}
750751
}
751752

@@ -1020,14 +1021,15 @@ resource "google_container_node_pool" "windows_pools" {
10201021
dynamic "kubelet_config" {
10211022
for_each = length(setintersection(
10221023
keys(each.value),
1023-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
1024+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
10241025
)) != 0 ? [1] : []
10251026

10261027
content {
1027-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1028-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1029-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1030-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
1028+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1029+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1030+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1031+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
1032+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
10311033
}
10321034
}
10331035

examples/node_pool/main.tf

+15-14
Original file line numberDiff line numberDiff line change
@@ -66,20 +66,21 @@ module "gke" {
6666
service_account = var.compute_engine_service_account
6767
},
6868
{
69-
name = "pool-03"
70-
machine_type = "n1-standard-2"
71-
node_locations = "${var.region}-b,${var.region}-c"
72-
autoscaling = false
73-
node_count = 2
74-
disk_type = "pd-standard"
75-
auto_upgrade = true
76-
service_account = var.compute_engine_service_account
77-
pod_range = "test"
78-
sandbox_enabled = true
79-
cpu_manager_policy = "static"
80-
cpu_cfs_quota = true
81-
local_ssd_ephemeral_count = 2
82-
pod_pids_limit = 4096
69+
name = "pool-03"
70+
machine_type = "n1-standard-2"
71+
node_locations = "${var.region}-b,${var.region}-c"
72+
autoscaling = false
73+
node_count = 2
74+
disk_type = "pd-standard"
75+
auto_upgrade = true
76+
service_account = var.compute_engine_service_account
77+
pod_range = "test"
78+
sandbox_enabled = true
79+
cpu_manager_policy = "static"
80+
cpu_cfs_quota = true
81+
insecure_kubelet_readonly_port_enabled = "TRUE"
82+
local_ssd_ephemeral_count = 2
83+
pod_pids_limit = 4096
8384
},
8485
{
8586
name = "pool-04"

modules/beta-private-cluster-update-variant/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -376,6 +376,7 @@ The node_pools variable takes the following parameters:
376376
| gpu_partition_size | Size of partitions to create on the GPU | null | Optional |
377377
| image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS_CONTAINERD | Optional |
378378
| initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
379+
| insecure_kubelet_readonly_port_enabled | Whether or not to enable the insecure Kubelet readonly port. It's strongly recommended to set this to "FALSE". One of "TRUE", "FALSE". | null | Optional |
379380
| key | The key required for the taint | | Required |
380381
| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
381382
| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |

modules/beta-private-cluster-update-variant/cluster.tf

+12-10
Original file line numberDiff line numberDiff line change
@@ -911,14 +911,15 @@ resource "google_container_node_pool" "pools" {
911911
dynamic "kubelet_config" {
912912
for_each = length(setintersection(
913913
keys(each.value),
914-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
914+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
915915
)) != 0 ? [1] : []
916916

917917
content {
918-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
919-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
920-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
921-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
918+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
919+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
920+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
921+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
922+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
922923
}
923924
}
924925

@@ -1207,14 +1208,15 @@ resource "google_container_node_pool" "windows_pools" {
12071208
dynamic "kubelet_config" {
12081209
for_each = length(setintersection(
12091210
keys(each.value),
1210-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
1211+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
12111212
)) != 0 ? [1] : []
12121213

12131214
content {
1214-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1215-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1216-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1217-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
1215+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1216+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1217+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1218+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
1219+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
12181220
}
12191221
}
12201222

modules/beta-private-cluster-update-variant/versions.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,11 @@ terraform {
2121
required_providers {
2222
google = {
2323
source = "hashicorp/google"
24-
version = ">= 5.40.0, < 7"
24+
version = ">= 5.44.0, < 7, !=6.0.0, !=6.0.1, !=6.1.0"
2525
}
2626
google-beta = {
2727
source = "hashicorp/google-beta"
28-
version = ">= 5.40.0, < 7"
28+
version = ">= 5.44.0, < 7, !=6.0.0, !=6.0.1, !=6.1.0"
2929
}
3030
kubernetes = {
3131
source = "hashicorp/kubernetes"

modules/beta-private-cluster/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -354,6 +354,7 @@ The node_pools variable takes the following parameters:
354354
| gpu_partition_size | Size of partitions to create on the GPU | null | Optional |
355355
| image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS_CONTAINERD | Optional |
356356
| initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
357+
| insecure_kubelet_readonly_port_enabled | Whether or not to enable the insecure Kubelet readonly port. It's strongly recommended to set this to "FALSE". One of "TRUE", "FALSE". | null | Optional |
357358
| key | The key required for the taint | | Required |
358359
| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
359360
| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |

modules/beta-private-cluster/cluster.tf

+12-10
Original file line numberDiff line numberDiff line change
@@ -829,14 +829,15 @@ resource "google_container_node_pool" "pools" {
829829
dynamic "kubelet_config" {
830830
for_each = length(setintersection(
831831
keys(each.value),
832-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
832+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
833833
)) != 0 ? [1] : []
834834

835835
content {
836-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
837-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
838-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
839-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
836+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
837+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
838+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
839+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
840+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
840841
}
841842
}
842843

@@ -1124,14 +1125,15 @@ resource "google_container_node_pool" "windows_pools" {
11241125
dynamic "kubelet_config" {
11251126
for_each = length(setintersection(
11261127
keys(each.value),
1127-
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "pod_pids_limit"]
1128+
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
11281129
)) != 0 ? [1] : []
11291130

11301131
content {
1131-
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1132-
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1133-
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1134-
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
1132+
cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")
1133+
cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)
1134+
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
1135+
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null)
1136+
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
11351137
}
11361138
}
11371139

modules/beta-private-cluster/versions.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,11 @@ terraform {
2121
required_providers {
2222
google = {
2323
source = "hashicorp/google"
24-
version = ">= 5.40.0, < 7"
24+
version = ">= 5.44.0, < 7, !=6.0.0, !=6.0.1, !=6.1.0"
2525
}
2626
google-beta = {
2727
source = "hashicorp/google-beta"
28-
version = ">= 5.40.0, < 7"
28+
version = ">= 5.44.0, < 7, !=6.0.0, !=6.0.1, !=6.1.0"
2929
}
3030
kubernetes = {
3131
source = "hashicorp/kubernetes"

modules/beta-public-cluster-update-variant/README.md

+1
Original file line numberDiff line numberDiff line change
@@ -362,6 +362,7 @@ The node_pools variable takes the following parameters:
362362
| gpu_partition_size | Size of partitions to create on the GPU | null | Optional |
363363
| image_type | The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool | COS_CONTAINERD | Optional |
364364
| initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
365+
| insecure_kubelet_readonly_port_enabled | Whether or not to enable the insecure Kubelet readonly port. It's strongly recommended to set this to "FALSE". One of "TRUE", "FALSE". | null | Optional |
365366
| key | The key required for the taint | | Required |
366367
| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
367368
| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |

0 commit comments

Comments
 (0)