Skip to content

Commit 2664ab3

Browse files
arthurlapertosaarthurlapertosa
committed
fix: do not set confidential_instance_type for autopilot clusters
1 parent 881ccb2 commit 2664ab3

File tree

6 files changed

+12
-6
lines changed

6 files changed

+12
-6
lines changed

autogen/main/cluster.tf.tmpl

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,9 @@ resource "google_container_cluster" "primary" {
8383
for_each = local.confidential_node_config
8484
content {
8585
enabled = confidential_nodes.value.enabled
86-
confidential_instance_type = lookup(var.node_pools[0], "confidential_instance_type", null)
86+
{% if autopilot_cluster != true %}
87+
confidential_instance_type = lookup(var.node_pools[0], "confidential_instance_type", null)
88+
{% endif %}
8789
}
8890
}
8991

modules/beta-autopilot-private-cluster/cluster.tf

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,7 @@ resource "google_container_cluster" "primary" {
6868
dynamic "confidential_nodes" {
6969
for_each = local.confidential_node_config
7070
content {
71-
enabled = confidential_nodes.value.enabled
72-
confidential_instance_type = lookup(var.node_pools[0], "confidential_instance_type", null)
71+
enabled = confidential_nodes.value.enabled
7372
}
7473
}
7574

modules/beta-autopilot-public-cluster/cluster.tf

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,7 @@ resource "google_container_cluster" "primary" {
6868
dynamic "confidential_nodes" {
6969
for_each = local.confidential_node_config
7070
content {
71-
enabled = confidential_nodes.value.enabled
72-
confidential_instance_type = lookup(var.node_pools[0], "confidential_instance_type", null)
71+
enabled = confidential_nodes.value.enabled
7372
}
7473
}
7574

modules/gke-autopilot-cluster/metadata.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ spec:
3636
location: examples/autopilot_private_firewalls
3737
- name: confidential_autopilot_private
3838
location: examples/confidential_autopilot_private
39+
- name: confidential_gpu_public
40+
location: examples/confidential_gpu_public
3941
- name: confidential_safer_cluster
4042
location: examples/confidential_safer_cluster
4143
- name: deploy_service

modules/gke-node-pool/metadata.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ spec:
3636
location: examples/autopilot_private_firewalls
3737
- name: confidential_autopilot_private
3838
location: examples/confidential_autopilot_private
39+
- name: confidential_gpu_public
40+
location: examples/confidential_gpu_public
3941
- name: confidential_safer_cluster
4042
location: examples/confidential_safer_cluster
4143
- name: deploy_service

modules/gke-standard-cluster/metadata.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ spec:
3636
location: examples/autopilot_private_firewalls
3737
- name: confidential_autopilot_private
3838
location: examples/confidential_autopilot_private
39+
- name: confidential_gpu_public
40+
location: examples/confidential_gpu_public
3941
- name: confidential_safer_cluster
4042
location: examples/confidential_safer_cluster
4143
- name: deploy_service
@@ -1008,9 +1010,9 @@ spec:
10081010
roles:
10091011
- level: Project
10101012
roles:
1013+
- roles/iam.serviceAccountUser
10111014
- roles/compute.admin
10121015
- roles/container.admin
1013-
- roles/iam.serviceAccountUser
10141016
services:
10151017
- compute.googleapis.com
10161018
- container.googleapis.com

0 commit comments

Comments
 (0)