terraform-google-modules
diff --git a/‎README.md
Lines changed: 7 additions & 0 deletions b/‎README.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎autogen/main/README.md
Lines changed: 7 additions & 0 deletions b/‎autogen/main/README.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎autogen/main/cluster.tf.tmpl
Lines changed: 16 additions & 2 deletions b/‎autogen/main/cluster.tf.tmpl
Lines changed: 16 additions & 2 deletions
diff --git a/‎cluster.tf
Lines changed: 24 additions & 3 deletions b/‎cluster.tf
Lines changed: 24 additions & 3 deletions
diff --git a/‎modules/beta-private-cluster-update-variant/README.md
Lines changed: 7 additions & 0 deletions b/‎modules/beta-private-cluster-update-variant/README.md
Lines changed: 7 additions & 0 deletions
@@ -321,6 +321,13 @@ The node_pools variable takes the following parameters:
 | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional |
 | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional |
 | pod_pids_limit | Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. | null | Optional |
+| container_log_max_size | Defines the maximum size of the container log file before it is rotated. | null | Optional |
+| container_log_max_files | Defines the maximum number of container log files that can be present for a container. | null | Optional |
+| image_gc_low_threshold_percent | Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. | null | Optional |
+| image_gc_high_threshold_percent | Defines the percent of disk usage after which image garbage collection is always run. | null | Optional |
+| image_minimum_gc_age | Defines the minimum age for an unused image before it is garbage collected. | null | Optional |
+| image_maximum_gc_age | Defines the maximum age an image can be unused before it is garbage collected. | null | Optional |
+| allowed_unsafe_sysctls | Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. This should be passed as comma separated string. | null | Optional |
 | enable_confidential_nodes | An optional flag to enable confidential node config. | false | Optional |
 | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional |
 | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional |
 
@@ -203,6 +203,13 @@ The node_pools variable takes the following parameters:
 | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional |
 | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional |
 | pod_pids_limit | Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. | null | Optional |
+| container_log_max_size | Defines the maximum size of the container log file before it is rotated. | null | Optional |
+| container_log_max_files | Defines the maximum number of container log files that can be present for a container. | null | Optional |
+| image_gc_low_threshold_percent | Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. | null | Optional |
+| image_gc_high_threshold_percent | Defines the percent of disk usage after which image garbage collection is always run. | null | Optional |
+| image_minimum_gc_age | Defines the minimum age for an unused image before it is garbage collected. | null | Optional |
+| image_maximum_gc_age | Defines the maximum age an image can be unused before it is garbage collected. | null | Optional |
+| allowed_unsafe_sysctls | Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. This should be passed as comma separated string. | null | Optional |
 | enable_confidential_nodes | An optional flag to enable confidential node config. | false | Optional |
 | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional |
 | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional |
 
@@ -589,7 +589,7 @@ resource "google_container_cluster" "primary" {
       dynamic "kubelet_config" {
         for_each = length(setintersection(
           keys(var.node_pools[0]),
-          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
         )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []
 
         content {
@@ -598,6 +598,13 @@ resource "google_container_cluster" "primary" {
           cpu_cfs_quota_period                   = lookup(var.node_pools[0], "cpu_cfs_quota_period", null)
           insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
           pod_pids_limit                         = lookup(var.node_pools[0], "pod_pids_limit", null)
+          container_log_max_size                 = lookup(var.node_pools[0], "container_log_max_size", null)
+          container_log_max_files                = lookup(var.node_pools[0], "container_log_max_files", null)
+          image_gc_low_threshold_percent         = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null)
+          image_gc_high_threshold_percent        = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null)
+          image_minimum_gc_age                   = lookup(var.node_pools[0], "image_minimum_gc_age", null)
+          image_maximum_gc_age                   = lookup(var.node_pools[0], "image_maximum_gc_age", null)
+          allowed_unsafe_sysctls                 = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)]
         }
       }
 
@@ -1144,7 +1151,7 @@ resource "google_container_node_pool" "windows_pools" {
     dynamic "kubelet_config" {
       for_each = length(setintersection(
         keys(each.value),
-        ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
       )) != 0 ? [1] : []
 
       content {
@@ -1153,6 +1160,13 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
         insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        container_log_max_size                 = lookup(each.value, "container_log_max_size", null)
+        container_log_max_files                = lookup(each.value, "container_log_max_files", null)
+        image_gc_low_threshold_percent         = lookup(each.value, "image_gc_low_threshold_percent", null)
+        image_gc_high_threshold_percent        = lookup(each.value, "image_gc_high_threshold_percent", null)
+        image_minimum_gc_age                   = lookup(each.value, "image_minimum_gc_age", null)
+        image_maximum_gc_age                   = lookup(each.value, "image_maximum_gc_age", null)
+        allowed_unsafe_sysctls                 = lookup(each.value, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(each.value, "allowed_unsafe_sysctls", null)) : trimspace(s)]
       }
     }
 
 
@@ -446,7 +446,7 @@ resource "google_container_cluster" "primary" {
       dynamic "kubelet_config" {
         for_each = length(setintersection(
           keys(var.node_pools[0]),
-          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+          ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
         )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []
 
         content {
@@ -455,6 +455,13 @@ resource "google_container_cluster" "primary" {
           cpu_cfs_quota_period                   = lookup(var.node_pools[0], "cpu_cfs_quota_period", null)
           insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
           pod_pids_limit                         = lookup(var.node_pools[0], "pod_pids_limit", null)
+          container_log_max_size                 = lookup(var.node_pools[0], "container_log_max_size", null)
+          container_log_max_files                = lookup(var.node_pools[0], "container_log_max_files", null)
+          image_gc_low_threshold_percent         = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null)
+          image_gc_high_threshold_percent        = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null)
+          image_minimum_gc_age                   = lookup(var.node_pools[0], "image_minimum_gc_age", null)
+          image_maximum_gc_age                   = lookup(var.node_pools[0], "image_maximum_gc_age", null)
+          allowed_unsafe_sysctls                 = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)]
         }
       }
 
@@ -839,7 +846,7 @@ resource "google_container_node_pool" "pools" {
     dynamic "kubelet_config" {
       for_each = length(setintersection(
         keys(each.value),
-        ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
       )) != 0 ? [1] : []
 
       content {
@@ -848,6 +855,13 @@ resource "google_container_node_pool" "pools" {
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
         insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        container_log_max_size                 = lookup(each.value, "container_log_max_size", null)
+        container_log_max_files                = lookup(each.value, "container_log_max_files", null)
+        image_gc_low_threshold_percent         = lookup(each.value, "image_gc_low_threshold_percent", null)
+        image_gc_high_threshold_percent        = lookup(each.value, "image_gc_high_threshold_percent", null)
+        image_minimum_gc_age                   = lookup(each.value, "image_minimum_gc_age", null)
+        image_maximum_gc_age                   = lookup(each.value, "image_maximum_gc_age", null)
+        allowed_unsafe_sysctls                 = lookup(each.value, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(each.value, "allowed_unsafe_sysctls", null)) : trimspace(s)]
       }
     }
 
@@ -1163,7 +1177,7 @@ resource "google_container_node_pool" "windows_pools" {
     dynamic "kubelet_config" {
       for_each = length(setintersection(
         keys(each.value),
-        ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
+        ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
       )) != 0 ? [1] : []
 
       content {
@@ -1172,6 +1186,13 @@ resource "google_container_node_pool" "windows_pools" {
         cpu_cfs_quota_period                   = lookup(each.value, "cpu_cfs_quota_period", null)
         insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
         pod_pids_limit                         = lookup(each.value, "pod_pids_limit", null)
+        container_log_max_size                 = lookup(each.value, "container_log_max_size", null)
+        container_log_max_files                = lookup(each.value, "container_log_max_files", null)
+        image_gc_low_threshold_percent         = lookup(each.value, "image_gc_low_threshold_percent", null)
+        image_gc_high_threshold_percent        = lookup(each.value, "image_gc_high_threshold_percent", null)
+        image_minimum_gc_age                   = lookup(each.value, "image_minimum_gc_age", null)
+        image_maximum_gc_age                   = lookup(each.value, "image_maximum_gc_age", null)
+        allowed_unsafe_sysctls                 = lookup(each.value, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(each.value, "allowed_unsafe_sysctls", null)) : trimspace(s)]
       }
     }
 
 
@@ -375,6 +375,13 @@ The node_pools variable takes the following parameters:
 | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional |
 | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional |
 | pod_pids_limit | Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. | null | Optional |
+| container_log_max_size | Defines the maximum size of the container log file before it is rotated. | null | Optional |
+| container_log_max_files | Defines the maximum number of container log files that can be present for a container. | null | Optional |
+| image_gc_low_threshold_percent | Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. | null | Optional |
+| image_gc_high_threshold_percent | Defines the percent of disk usage after which image garbage collection is always run. | null | Optional |
+| image_minimum_gc_age | Defines the minimum age for an unused image before it is garbage collected. | null | Optional |
+| image_maximum_gc_age | Defines the maximum age an image can be unused before it is garbage collected. | null | Optional |
+| allowed_unsafe_sysctls | Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. This should be passed as comma separated string. | null | Optional |
 | enable_confidential_nodes | An optional flag to enable confidential node config. | false | Optional |
 | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional |
 | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional |