add to node_config in 2 places as well

Author: wyardley

autogen/main/cluster.tf.tmpl

@@ -530,6 +530,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -905,6 +915,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

cluster.tf

@@ -407,6 +407,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -612,6 +622,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -903,6 +921,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

modules/beta-private-cluster-update-variant/cluster.tf

@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -776,6 +786,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -1081,6 +1099,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

modules/beta-private-cluster/cluster.tf

@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -691,6 +701,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -995,6 +1013,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

modules/beta-public-cluster-update-variant/cluster.tf

@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -755,6 +765,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -1060,6 +1078,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

modules/beta-public-cluster/cluster.tf

@@ -453,6 +453,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -670,6 +680,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -974,6 +992,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

modules/private-cluster-update-variant/cluster.tf

@@ -407,6 +407,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -717,6 +727,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -1009,6 +1027,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

modules/private-cluster/cluster.tf

@@ -407,6 +407,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
+      # In the case of the default pool use the module level variable as a
+      # fallback if it's not set explicitly for this pool.
+      dynamic "kubelet_config" {
+        for_each = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? [lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled)] : []
+
+        content {
+          insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+        }
+      }
+
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
       tags = concat(
@@ -633,6 +643,14 @@ resource "google_container_node_pool" "pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {
@@ -924,6 +942,14 @@ resource "google_container_node_pool" "windows_pools" {
         enabled = gvnic.value
       }
     }
+    # In this case, only try to override if it's set explicitly for this pool.
+    dynamic "kubelet_config" {
+      for_each = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? [each.value.insecure_kubelet_readonly_port_enabled] : []
+
+      content {
+        insecure_kubelet_readonly_port_enabled = upper(tostring(kubelet_config.value))
+      }
+    }
     dynamic "reservation_affinity" {
       for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : []
       content {

test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json

@@ -107,6 +107,9 @@
     "diskSizeGb": 100,
     "diskType": "pd-balanced",
     "imageType": "COS_CONTAINERD",
+    "kubeletConfig": {
+      "insecureKubeletReadonlyPortEnabled": false
+    },
     "loggingConfig": {
       "variantConfig": {
         "variant": "DEFAULT"