fix: add insecureKubeletReadonlyPortEnabled to node_config

wyardley · apeabody · wyardley · commit bd221b245e88 · 2024-10-17T15:21:06.000-07:00
Add `insecureKubeletReadonlyPortEnabled` to `node_config.kubelet_config` for the default node-pool and for additional pools. It may also be necessary to define the top level `node_config` more broadly for the case where `remove_default_node_pool` is set to false, which should probably be handled separately. Also, the upstream provider (intentionally) uses an enum of `"TRUE"` / `"FALSE"` vs. a boolean. Update the code to follow this, and add a test case that covers the cluster level setting vs node pool one. Fixes terraform-google-modules#2013 Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -530,6 +530,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -679,7 +689,7 @@ resource "google_container_cluster" "primary" {
         enabled = var.enable_gcfs
       }
       {% endif %}
-      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null
+      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
       {% endif %}
     }
   }
@@ -1054,7 +1064,7 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
diff --git a/cluster.tf b/cluster.tf
@@ -407,6 +407,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -503,7 +513,7 @@ resource "google_container_cluster" "primary" {
 
   node_pool_defaults {
     node_config_defaults {
-      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null
+      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
     }
   }
 
@@ -753,7 +763,7 @@ resource "google_container_node_pool" "pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
@@ -1044,7 +1054,7 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf
@@ -79,7 +79,7 @@ module "gke" {
       sandbox_enabled                        = true
       cpu_manager_policy                     = "static"
       cpu_cfs_quota                          = true
-      insecure_kubelet_readonly_port_enabled = "FALSE"
+      insecure_kubelet_readonly_port_enabled = false
       local_ssd_ephemeral_count              = 2
       pod_pids_limit                         = 4096
     },
diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf
@@ -66,7 +66,7 @@ module "gke" {
       max_count                              = 2
       service_account                        = var.compute_engine_service_account
       auto_upgrade                           = true
-      insecure_kubelet_readonly_port_enabled = "FALSE"
+      insecure_kubelet_readonly_port_enabled = false
     },
     {
       name              = "pool-02"
diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf
@@ -79,6 +79,8 @@ module "gke" {
   master_ipv4_cidr_block  = "172.16.0.0/28"
   deletion_protection     = false
 
+  insecure_kubelet_readonly_port_enabled = false
+
   master_authorized_networks = [
     {
       cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -581,7 +591,7 @@ resource "google_container_cluster" "primary" {
       gcfs_config {
         enabled = var.enable_gcfs
       }
-      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null
+      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
     }
   }
 
@@ -923,7 +933,7 @@ resource "google_container_node_pool" "pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
@@ -1228,7 +1238,7 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -581,7 +591,7 @@ resource "google_container_cluster" "primary" {
       gcfs_config {
         enabled = var.enable_gcfs
       }
-      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null
+      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
     }
   }
 
@@ -838,7 +848,7 @@ resource "google_container_node_pool" "pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
@@ -1142,7 +1152,7 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -560,7 +570,7 @@ resource "google_container_cluster" "primary" {
       gcfs_config {
         enabled = var.enable_gcfs
       }
-      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null
+      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
     }
   }
 
@@ -902,7 +912,7 @@ resource "google_container_node_pool" "pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
@@ -1207,7 +1217,7 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -560,7 +570,7 @@ resource "google_container_cluster" "primary" {
       gcfs_config {
         enabled = var.enable_gcfs
       }
-      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null
+      insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
     }
   }
 
@@ -817,7 +827,7 @@ resource "google_container_node_pool" "pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
@@ -1121,7 +1131,7 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_manager_policy                     = lookup(each.value, "cpu_manager_policy", "static")
         cpu_cfs_quota                          = lookup(each.value, "cpu_cfs_quota", null)
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
-        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)
+        insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
diff --git a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json

Original file line number	Diff line number	Diff line change
`@@ -530,6 +530,16 @@ resource "google_container_cluster" "primary" {`
`530`	`530`	`}`
`531`	`531`	`}`
`532`	`532`
	`533`	`+ # In the case of the default pool use the module level variable as a`
	`534`	`+ # fallback if it's not set explicitly for this pool.`
	`535`	`+ dynamic "kubelet_config" {`
	`536`	`+ for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []`
	`537`	`+`
	`538`	`+ content {`
	`539`	`+ insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))`
	`540`	`+ }`
	`541`	`+ }`
	`542`	`+`
`533`	`543`	`service_account = lookup(var.node_pools[0], "service_account", local.service_account)`
`534`	`544`
`535`	`545`	`tags = concat(`
`@@ -679,7 +689,7 @@ resource "google_container_cluster" "primary" {`
`679`	`689`	`enabled = var.enable_gcfs`
`680`	`690`	`}`
`681`	`691`	`{% endif %}`
`682`		`- insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null`
	`692`	`+ insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null`
`683`	`693`	`{% endif %}`
`684`	`694`	`}`
`685`	`695`	`}`
`@@ -1054,7 +1064,7 @@ resource "google_container_node_pool" "windows_pools" {`
`1054`	`1064`	`cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")`
`1055`	`1065`	`cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)`
`1056`	`1066`	`cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)`
`1057`		`- insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)`
	`1067`	`+ insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null`
`1058`	`1068`	`pod_pids_limit = lookup(each.value, "pod_pids_limit", null)`
`1059`	`1069`	`}`
`1060`	`1070`	`}`
Original file line number	Diff line number	Diff line change
`@@ -407,6 +407,16 @@ resource "google_container_cluster" "primary" {`
`407`	`407`	`}`
`408`	`408`	`}`
`409`	`409`
	`410`	`+ # In the case of the default pool use the module level variable as a`
	`411`	`+ # fallback if it's not set explicitly for this pool.`
	`412`	`+ dynamic "kubelet_config" {`
	`413`	`+ for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []`
	`414`	`+`
	`415`	`+ content {`
	`416`	`+ insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))`
	`417`	`+ }`
	`418`	`+ }`
	`419`	`+`
`410`	`420`	`service_account = lookup(var.node_pools[0], "service_account", local.service_account)`
`411`	`421`
`412`	`422`	`tags = concat(`
`@@ -503,7 +513,7 @@ resource "google_container_cluster" "primary" {`
`503`	`513`
`504`	`514`	`node_pool_defaults {`
`505`	`515`	`node_config_defaults {`
`506`		`- insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null`
	`516`	`+ insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null`
`507`	`517`	`}`
`508`	`518`	`}`
`509`	`519`
`@@ -753,7 +763,7 @@ resource "google_container_node_pool" "pools" {`
`753`	`763`	`cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")`
`754`	`764`	`cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)`
`755`	`765`	`cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)`
`756`		`- insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)`
	`766`	`+ insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null`
`757`	`767`	`pod_pids_limit = lookup(each.value, "pod_pids_limit", null)`
`758`	`768`	`}`
`759`	`769`	`}`
`@@ -1044,7 +1054,7 @@ resource "google_container_node_pool" "windows_pools" {`
`1044`	`1054`	`cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")`
`1045`	`1055`	`cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)`
`1046`	`1056`	`cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)`
`1047`		`- insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)`
	`1057`	`+ insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null`
`1048`	`1058`	`pod_pids_limit = lookup(each.value, "pod_pids_limit", null)`
`1049`	`1059`	`}`
`1050`	`1060`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ module "gke" {`
`66`	`66`	`max_count = 2`
`67`	`67`	`service_account = var.compute_engine_service_account`
`68`	`68`	`auto_upgrade = true`
`69`		`- insecure_kubelet_readonly_port_enabled = "FALSE"`
	`69`	`+ insecure_kubelet_readonly_port_enabled = false`
`70`	`70`	`},`
`71`	`71`	`{`
`72`	`72`	`name = "pool-02"`
Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,8 @@ module "gke" {`
`79`	`79`	`master_ipv4_cidr_block = "172.16.0.0/28"`
`80`	`80`	`deletion_protection = false`
`81`	`81`
	`82`	`+ insecure_kubelet_readonly_port_enabled = false`
	`83`	`+`
`82`	`84`	`master_authorized_networks = [`
`83`	`85`	`{`
`84`	`86`	`cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
Original file line number	Diff line number	Diff line change
`@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {`
`453`	`453`	`}`
`454`	`454`	`}`
`455`	`455`
	`456`	`+ # In the case of the default pool use the module level variable as a`
	`457`	`+ # fallback if it's not set explicitly for this pool.`
	`458`	`+ dynamic "kubelet_config" {`
	`459`	`+ for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []`
	`460`	`+`
	`461`	`+ content {`
	`462`	`+ insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))`
	`463`	`+ }`
	`464`	`+ }`
	`465`	`+`
`456`	`466`	`service_account = lookup(var.node_pools[0], "service_account", local.service_account)`
`457`	`467`
`458`	`468`	`tags = concat(`
`@@ -581,7 +591,7 @@ resource "google_container_cluster" "primary" {`
`581`	`591`	`gcfs_config {`
`582`	`592`	`enabled = var.enable_gcfs`
`583`	`593`	`}`
`584`		`- insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null`
	`594`	`+ insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null`
`585`	`595`	`}`
`586`	`596`	`}`
`587`	`597`
`@@ -923,7 +933,7 @@ resource "google_container_node_pool" "pools" {`
`923`	`933`	`cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")`
`924`	`934`	`cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)`
`925`	`935`	`cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)`
`926`		`- insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)`
	`936`	`+ insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null`
`927`	`937`	`pod_pids_limit = lookup(each.value, "pod_pids_limit", null)`
`928`	`938`	`}`
`929`	`939`	`}`
`@@ -1228,7 +1238,7 @@ resource "google_container_node_pool" "windows_pools" {`
`1228`	`1238`	`cpu_manager_policy = lookup(each.value, "cpu_manager_policy", "static")`
`1229`	`1239`	`cpu_cfs_quota = lookup(each.value, "cpu_cfs_quota", null)`
`1230`	`1240`	`cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)`
`1231`		`- insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled != null ? var.insecure_kubelet_readonly_port_enabled : null)`
	`1241`	`+ insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null`
`1232`	`1242`	`pod_pids_limit = lookup(each.value, "pod_pids_limit", null)`
`1233`	`1243`	`}`
`1234`	`1244`	`}`