feat: add node_affinity (#2295)

Author: apeabody

README.md

@@ -356,6 +356,7 @@ The node_pools variable takes the following parameters:
 | placement_policy | Placement type to set for nodes in a node pool. Can be set as [COMPACT](https://cloud.google.com/kubernetes-engine/docs/how-to/compact-placement#overview) if desired |  | Optional |
 | pod_range |  The name of the secondary range for pod IPs. |  | Optional |
 | enable_private_nodes |  Whether nodes have internal IP addresses only. |  | Optional |
+| node_affinity | The node affinty in the format `"{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"node-group-name\"]}"`. |  | Optional |
 | node_count | The number of nodes in the nodepool when autoscaling is false. Otherwise defaults to 1. Only valid for non-autoscaling clusters |  | Required |
 | node_locations | The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. Defaults to cluster level node locations if nothing is specified | " " | Optional |
 | node_metadata | Options to expose the node metadata to the workload running on the node | | Optional |

autogen/main/README.md

@@ -245,6 +245,7 @@ The node_pools variable takes the following parameters:
 {% if not private_cluster %}
 | enable_private_nodes |  Whether nodes have internal IP addresses only. |  | Optional |
 {% endif %}
+| node_affinity | The node affinty in the format `"{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"node-group-name\"]}"`. |  | Optional |
 | node_count | The number of nodes in the nodepool when autoscaling is false. Otherwise defaults to 1. Only valid for non-autoscaling clusters |  | Required |
 | node_locations | The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. Defaults to cluster level node locations if nothing is specified | " " | Optional |
 | node_metadata | Options to expose the node metadata to the workload running on the node | | Optional |

autogen/main/cluster.tf.tmpl

@@ -565,6 +565,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "sole_tenant_config" {
+        # node_affinity is currently the only member of sole_tenant_config
+        for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : []
+        content {
+          dynamic "node_affinity" {
+            for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : []
+            content {
+              key = lookup(jsondecode(node_affinity.value), "key", null)
+              operator = lookup(jsondecode(node_affinity.value), "operator", null)
+              values = lookup(jsondecode(node_affinity.value), "values", [])
+            }
+          }
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -1094,6 +1109,21 @@ resource "google_container_node_pool" "windows_pools" {
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
       }
     }
+
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
     {% if beta_cluster %}
 
     dynamic "sandbox_config" {

cluster.tf

@@ -441,6 +441,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "sole_tenant_config" {
+        # node_affinity is currently the only member of sole_tenant_config
+        for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : []
+        content {
+          dynamic "node_affinity" {
+            for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : []
+            content {
+              key      = lookup(jsondecode(node_affinity.value), "key", null)
+              operator = lookup(jsondecode(node_affinity.value), "operator", null)
+              values   = lookup(jsondecode(node_affinity.value), "values", [])
+            }
+          }
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -802,6 +817,21 @@ resource "google_container_node_pool" "pools" {
       }
     }
 
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key      = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values   = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
+
     dynamic "linux_node_config" {
       for_each = length(merge(
         local.node_pools_linux_node_configs_sysctls["all"],
@@ -1103,6 +1133,21 @@ resource "google_container_node_pool" "windows_pools" {
       }
     }
 
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key      = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values   = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
+
 
     boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "")
 

examples/node_pool/main.tf

@@ -98,6 +98,12 @@ module "gke" {
       node_count                   = 1
       enable_nested_virtualization = true
     },
+    {
+      name          = "pool-06"
+      node_count    = 1
+      machine_type  = "n1-highmem-96"
+      node_affinity = "{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"${google_compute_node_group.soletenant-nodes.name}\"]}"
+    },
   ]
 
   node_pools_metadata = {
@@ -158,3 +164,18 @@ module "gke" {
     pool-01 = "CGROUP_MODE_V2"
   }
 }
+
+resource "google_compute_node_template" "soletenant-tmpl" {
+  name   = "soletenant-tmpl-${var.cluster_name_suffix}"
+  region = var.region
+
+  node_type = "n1-node-96-624"
+}
+
+resource "google_compute_node_group" "soletenant-nodes" {
+  name = "soletenant-node-group-${var.cluster_name_suffix}"
+  zone = var.zones[0]
+
+  initial_size  = 1
+  node_template = google_compute_node_template.soletenant-tmpl.id
+}

modules/beta-private-cluster-update-variant/README.md

@@ -408,6 +408,7 @@ The node_pools variable takes the following parameters:
 | name | The name of the node pool |  | Required |
 | placement_policy | Placement type to set for nodes in a node pool. Can be set as [COMPACT](https://cloud.google.com/kubernetes-engine/docs/how-to/compact-placement#overview) if desired |  | Optional |
 | pod_range |  The name of the secondary range for pod IPs. |  | Optional |
+| node_affinity | The node affinty in the format `"{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"node-group-name\"]}"`. |  | Optional |
 | node_count | The number of nodes in the nodepool when autoscaling is false. Otherwise defaults to 1. Only valid for non-autoscaling clusters |  | Required |
 | node_locations | The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. Defaults to cluster level node locations if nothing is specified | " " | Optional |
 | node_metadata | Options to expose the node metadata to the workload running on the node | | Optional |

modules/beta-private-cluster-update-variant/cluster.tf

@@ -478,6 +478,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "sole_tenant_config" {
+        # node_affinity is currently the only member of sole_tenant_config
+        for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : []
+        content {
+          dynamic "node_affinity" {
+            for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : []
+            content {
+              key      = lookup(jsondecode(node_affinity.value), "key", null)
+              operator = lookup(jsondecode(node_affinity.value), "operator", null)
+              values   = lookup(jsondecode(node_affinity.value), "values", [])
+            }
+          }
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -965,6 +980,21 @@ resource "google_container_node_pool" "pools" {
       }
     }
 
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key      = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values   = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
+
     dynamic "sandbox_config" {
       for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
       content {
@@ -1280,6 +1310,21 @@ resource "google_container_node_pool" "windows_pools" {
       }
     }
 
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key      = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values   = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
+
     dynamic "sandbox_config" {
       for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
       content {

modules/beta-private-cluster/README.md

@@ -386,6 +386,7 @@ The node_pools variable takes the following parameters:
 | name | The name of the node pool |  | Required |
 | placement_policy | Placement type to set for nodes in a node pool. Can be set as [COMPACT](https://cloud.google.com/kubernetes-engine/docs/how-to/compact-placement#overview) if desired |  | Optional |
 | pod_range |  The name of the secondary range for pod IPs. |  | Optional |
+| node_affinity | The node affinty in the format `"{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"node-group-name\"]}"`. |  | Optional |
 | node_count | The number of nodes in the nodepool when autoscaling is false. Otherwise defaults to 1. Only valid for non-autoscaling clusters |  | Required |
 | node_locations | The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. Defaults to cluster level node locations if nothing is specified | " " | Optional |
 | node_metadata | Options to expose the node metadata to the workload running on the node | | Optional |

modules/beta-private-cluster/cluster.tf

@@ -478,6 +478,21 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      dynamic "sole_tenant_config" {
+        # node_affinity is currently the only member of sole_tenant_config
+        for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : []
+        content {
+          dynamic "node_affinity" {
+            for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : []
+            content {
+              key      = lookup(jsondecode(node_affinity.value), "key", null)
+              operator = lookup(jsondecode(node_affinity.value), "operator", null)
+              values   = lookup(jsondecode(node_affinity.value), "values", [])
+            }
+          }
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -884,6 +899,21 @@ resource "google_container_node_pool" "pools" {
       }
     }
 
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key      = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values   = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
+
     dynamic "sandbox_config" {
       for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
       content {
@@ -1198,6 +1228,21 @@ resource "google_container_node_pool" "windows_pools" {
       }
     }
 
+    dynamic "sole_tenant_config" {
+      # node_affinity is currently the only member of sole_tenant_config
+      for_each = lookup(each.value, "node_affinity", null) != null ? [true] : []
+      content {
+        dynamic "node_affinity" {
+          for_each = lookup(each.value, "node_affinity", null) != null ? [lookup(each.value, "node_affinity", null)] : []
+          content {
+            key      = lookup(jsondecode(node_affinity.value), "key", null)
+            operator = lookup(jsondecode(node_affinity.value), "operator", null)
+            values   = lookup(jsondecode(node_affinity.value), "values", [])
+          }
+        }
+      }
+    }
+
     dynamic "sandbox_config" {
       for_each = tobool((lookup(each.value, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
       content {

modules/beta-public-cluster-update-variant/README.md

@@ -396,6 +396,7 @@ The node_pools variable takes the following parameters:
 | placement_policy | Placement type to set for nodes in a node pool. Can be set as [COMPACT](https://cloud.google.com/kubernetes-engine/docs/how-to/compact-placement#overview) if desired |  | Optional |
 | pod_range |  The name of the secondary range for pod IPs. |  | Optional |
 | enable_private_nodes |  Whether nodes have internal IP addresses only. |  | Optional |
+| node_affinity | The node affinty in the format `"{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"node-group-name\"]}"`. |  | Optional |
 | node_count | The number of nodes in the nodepool when autoscaling is false. Otherwise defaults to 1. Only valid for non-autoscaling clusters |  | Required |
 | node_locations | The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. Defaults to cluster level node locations if nothing is specified | " " | Optional |
 | node_metadata | Options to expose the node metadata to the workload running on the node | | Optional |