feat: add example for GKE confidential nodes with GPU

[arthurlapertosa]

No description provided.

[arthurlapertosa]

@apeabody could you please run the build for this PR?

[apeabody]

/gcbrun

[arthurlapertosa]

@apeabody I don't have access to the GCP cloud build project. Could you please send me the error?

[apeabody]

@apeabody I don't have access to the GCP cloud build project. Could you please send me the error?

Error: Reference to undeclared input variable

  on ../../modules/beta-autopilot-private-cluster/cluster.tf line 72, in resource "google_container_cluster" "primary":
  72:       confidential_instance_type = lookup(var.node_pools[0], "confidential_instance_type", null)

An input variable with the name "node_pools" has not been declared. This
variable can be declared with a variable "node_pools" {} block.}

[arthurlapertosa]

@apeabody could you please re-run the build?

[apeabody]

/gcbrun

[arthurlapertosa]

@apeabody I think the build wasn't properly triggered, could you please take a look?

[apeabody]

/gcbrun

[apeabody]

@apeabody I think the build wasn't properly triggered, could you please take a look?

Might have been too quick after the merge, it's running now.

[apeabody]

Thanks @arthurlapertosa!

[apeabody]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new example for creating a GKE cluster with confidential nodes and GPUs. This is a valuable addition. The changes include modifications to several Terraform modules to support confidential_instance_type and guest_accelerator configurations, along with the new example files and corresponding integration tests. The implementation is mostly correct, but I've found a few issues related to version constraints, external dependencies, and a bug in the for_each logic that need to be addressed.

[gemini-code-assist]

There seems to be an issue with accessing the values from the for_each iterator. The iterator for a dynamic block is named after the block itself (confidential_nodes in this case), and you should use .value to access the current item. The correct way to access the properties of the object in the for_each list would be confidential_nodes.value.enabled and confidential_nodes.value.confidential_instance_type.

This issue is present in multiple files where this pattern is repeated, including cluster.tf and various cluster.tf files under modules/.

        enabled                    = confidential_nodes.value.enabled
        confidential_instance_type = confidential_nodes.value.confidential_instance_type

[arthurlapertosa]

The syntax is different because of the above line (for_each = lookup(each.value, "enable_confidential_nodes", null) != null ? [{ enabled = each.value.enable_confidential_nodes, confidential_instance_type = lookup(each.value, "confidential_instance_type", null) }] : []).
Once we define this object ({ enabled = each.value.enable_confidential_nodes, confidential_instance_type = lookup(each.value, "confidential_instance_type", null) }), it already gets the value: lookup(each.value, "confidential_instance_type", null).

[arthurlapertosa]

@apeabody I don't have access to the build error, could you please send it to me?

[arthurlapertosa]

@apeabody could you please rerun the build and the checks?

[apeabody]

/gcbrun

[apeabody]

@apeabody I don't have access to the build error, could you please send it to me?

It's expired, triggered a fresh test

[apeabody]

@apeabody I don't have access to the build error, could you please send it to me?

It's expired, triggered a fresh test

Thanks - This change looks pretty good, but we still need to enable the new test. Can you please add to the cloudbuild similar to https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/2458/files#diff-35f3e17c28a8a8de710f4be35fb5448d0e33c2d9b89fb2be7499b9830f890d12