feat: add cgroup & sysctls

j · j · commit c719dd47e035 · 2024-12-16T14:53:08.000-08:00
diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl
@@ -97,7 +97,9 @@ module "gke" {
   node_pools_taints          = var.node_pools_taints
   node_pools_tags            = var.node_pools_tags
 
-  node_pools_oauth_scopes = var.node_pools_oauth_scopes
+  node_pools_oauth_scopes               = var.node_pools_oauth_scopes
+  node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls
+  node_pools_cgroup_mode                = var.node_pools_cgroup_mode
 
   cluster_autoscaling = var.cluster_autoscaling
 
diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl
@@ -224,6 +224,25 @@ variable "node_pools_oauth_scopes" {
   }
 }
 
+variable "node_pools_linux_node_configs_sysctls" {
+  type        = map(map(string))
+  description = "Map of maps containing linux node config sysctls by node-pool name"
+
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+variable "node_pools_cgroup_mode" {
+  type        = map(string)
+  description = "Map of strings containing cgroup node config by node-pool name"
+
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
 variable "cluster_autoscaling" {
   type = object({
     enabled             = bool
diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md
@@ -257,7 +257,9 @@ For simplicity, we suggest using `roles/container.admin` and
 | network | The VPC network to host the cluster in | `string` | n/a | yes |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
 | node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br>  {<br>    "name": "default-node-pool"<br>  }<br>]</pre> | no |
+| node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | <pre>{<br>  "all": "",<br>  "default-node-pool": ""<br>}</pre> | no |
 | node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
+| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
 | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | <pre>{<br>  "all": [<br>    "https://www.googleapis.com/auth/cloud-platform"<br>  ],<br>  "default-node-pool": []<br>}</pre> | no |
 | node\_pools\_resource\_labels | Map of maps containing resource labels by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
@@ -93,7 +93,9 @@ module "gke" {
   node_pools_taints          = var.node_pools_taints
   node_pools_tags            = var.node_pools_tags
 
-  node_pools_oauth_scopes = var.node_pools_oauth_scopes
+  node_pools_oauth_scopes               = var.node_pools_oauth_scopes
+  node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls
+  node_pools_cgroup_mode                = var.node_pools_cgroup_mode
 
   cluster_autoscaling = var.cluster_autoscaling
 
diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
@@ -224,6 +224,25 @@ variable "node_pools_oauth_scopes" {
   }
 }
 
+variable "node_pools_linux_node_configs_sysctls" {
+  type        = map(map(string))
+  description = "Map of maps containing linux node config sysctls by node-pool name"
+
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+variable "node_pools_cgroup_mode" {
+  type        = map(string)
+  description = "Map of strings containing cgroup node config by node-pool name"
+
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
 variable "cluster_autoscaling" {
   type = object({
     enabled             = bool
diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md
@@ -257,7 +257,9 @@ For simplicity, we suggest using `roles/container.admin` and
 | network | The VPC network to host the cluster in | `string` | n/a | yes |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
 | node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br>  {<br>    "name": "default-node-pool"<br>  }<br>]</pre> | no |
+| node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | <pre>{<br>  "all": "",<br>  "default-node-pool": ""<br>}</pre> | no |
 | node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
+| node\_pools\_linux\_node\_configs\_sysctls | Map of maps containing linux node config sysctls by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
 | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | <pre>{<br>  "all": [<br>    "https://www.googleapis.com/auth/cloud-platform"<br>  ],<br>  "default-node-pool": []<br>}</pre> | no |
 | node\_pools\_resource\_labels | Map of maps containing resource labels by node-pool name | `map(map(string))` | <pre>{<br>  "all": {},<br>  "default-node-pool": {}<br>}</pre> | no |
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
@@ -93,7 +93,9 @@ module "gke" {
   node_pools_taints          = var.node_pools_taints
   node_pools_tags            = var.node_pools_tags
 
-  node_pools_oauth_scopes = var.node_pools_oauth_scopes
+  node_pools_oauth_scopes               = var.node_pools_oauth_scopes
+  node_pools_linux_node_configs_sysctls = var.node_pools_linux_node_configs_sysctls
+  node_pools_cgroup_mode                = var.node_pools_cgroup_mode
 
   cluster_autoscaling = var.cluster_autoscaling
 
diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
@@ -224,6 +224,25 @@ variable "node_pools_oauth_scopes" {
   }
 }
 
+variable "node_pools_linux_node_configs_sysctls" {
+  type        = map(map(string))
+  description = "Map of maps containing linux node config sysctls by node-pool name"
+
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+variable "node_pools_cgroup_mode" {
+  type        = map(string)
+  description = "Map of strings containing cgroup node config by node-pool name"
+
+  default = {
+    all               = ""
+    default-node-pool = ""
+  }
+}
+
 variable "cluster_autoscaling" {
   type = object({
     enabled             = bool
