feat(safer-cluster): add some missing variables

bergemalm · bergemalm · commit 15e7a64cfa76 · 2025-08-29T08:52:34.000+02:00
- node_pools_resource_manager_tags
- node_pools_linux_node_configs_sysctls
- node_pools_cgroup_mode
- node_pools_hugepage_size_2m
- node_pools_hugepage_size_1g
- enable_secret_manager_addon
diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl
@@ -89,13 +89,18 @@ module "gke" {
   // If removing the default node pool, initial_node_count should be at least 1.
   initial_node_count = (var.initial_node_count == 0) ? 1 : var.initial_node_count
 
-  node_pools                 = var.node_pools
-  windows_node_pools         = var.windows_node_pools
-  node_pools_labels          = var.node_pools_labels
-  node_pools_resource_labels = var.node_pools_resource_labels
-  node_pools_metadata        = var.node_pools_metadata
-  node_pools_taints          = var.node_pools_taints
-  node_pools_tags            = var.node_pools_tags
+  node_pools                            = var.node_pools
+  windows_node_pools                    = var.windows_node_pools
+  node_pools_labels                     = var.node_pools_labels
+  node_pools_resource_labels            = var.node_pools_resource_labels
+  node_pools_resource_manager_tags      = var.node_pools_resource_manager_tags
+  node_pools_metadata                   = var.node_pools_metadata
+  node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls
+  node_pools_cgroup_mode                = var.node_pools_cgroup_mode
+  node_pools_hugepage_size_2m           = var.node_pools_hugepage_size_2m
+  node_pools_hugepage_size_1g           = var.node_pools_hugepage_size_1g
+  node_pools_taints                     = var.node_pools_taints
+  node_pools_tags                       = var.node_pools_tags
 
   node_pools_oauth_scopes = var.node_pools_oauth_scopes
 
@@ -216,6 +221,8 @@ module "gke" {
 
   enable_gcfs = var.enable_gcfs
 
+  enable_secret_manager_addon = var.enable_secret_manager_addon
+
   // Enabling vulnerability and audit for workloads
   workload_vulnerability_mode = var.workload_vulnerability_mode
   workload_config_audit_mode  = var.workload_config_audit_mode
diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl
@@ -185,6 +185,16 @@ variable "node_pools_resource_labels" {
   }
 }
 
+variable "node_pools_resource_manager_tags" {
+  type        = map(map(string))
+  description = "Map of maps containing resource manager tags by node-pool name"
+
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+
 variable "node_pools_metadata" {
   type        = map(map(string))
   description = "Map of maps containing node metadata by node-pool name"
@@ -195,6 +205,50 @@ variable "node_pools_metadata" {
   }
 }
 
+variable "node_pools_linux_node_configs_sysctls" {
+  type        = map(map(string))
+  description = "Map of maps containing linux node config sysctls by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+
+variable "node_pools_cgroup_mode" {
+  type        = map(string)
+  description = "Map of strings containing cgroup node config by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
+variable "node_pools_hugepage_size_2m" {
+  type        = map(string)
+  description = "Map of strings containing hugepage size 2m node config by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
+variable "node_pools_hugepage_size_1g" {
+  type        = map(string)
+  description = "Map of strings containing hugepage size 1g config by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
 variable "node_pools_taints" {
   type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"
@@ -540,6 +594,12 @@ variable "enable_gcfs" {
   default     = false
 }
 
+variable "enable_secret_manager_addon" {
+  description = "Enable the Secret Manager add-on for this cluster"
+  type        = bool
+  default     = false
+}
+
 variable "enable_mesh_certificates" {
   type = bool
   default = false
