diff --git a/README.md b/README.md
index 7fc4457bed..23d2163e5f 100644
--- a/README.md
+++ b/README.md
@@ -254,6 +254,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
| rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | object({
enable_insecure_binding_system_unauthenticated = optional(bool, null)
enable_insecure_binding_system_authenticated = optional(bool, null)
}) | {
"enable_insecure_binding_system_authenticated": null,
"enable_insecure_binding_system_unauthenticated": null
} | no |
@@ -405,6 +406,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/autogen/main/README.md b/autogen/main/README.md
index d8559f66a1..397635776f 100644
--- a/autogen/main/README.md
+++ b/autogen/main/README.md
@@ -280,6 +280,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 0dd5a4aec2..72d87119bf 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -562,6 +562,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -918,6 +924,7 @@ locals {
"flex_start",
"local_ssd_ephemeral_storage_count",
"ephemeral_storage_local_ssd_data_cache_count",
+ "pod_cidr_overprovision_config",
]
}
@@ -1047,6 +1054,13 @@ resource "google_container_node_pool" "windows_pools" {
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
{% endif %}
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index e0bb56bd16..e9ec7029af 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -180,6 +180,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/cluster.tf b/cluster.tf
index e9f0765be3..44fa9ffcb7 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -429,6 +429,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -747,6 +753,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1113,6 +1126,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/metadata.display.yaml b/metadata.display.yaml
index 52c2d68f03..68571dc91f 100644
--- a/metadata.display.yaml
+++ b/metadata.display.yaml
@@ -372,6 +372,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
project_id:
name: project_id
title: Project Id
diff --git a/metadata.yaml b/metadata.yaml
index a31fae14e0..5f21a9e379 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -263,6 +263,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
index 59250e83a2..55022680ee 100644
--- a/modules/beta-autopilot-private-cluster/README.md
+++ b/modules/beta-autopilot-private-cluster/README.md
@@ -150,6 +150,7 @@ Then perform the following commands on the root folder:
| node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no |
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 582d0c42d8..0d31d28542 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -330,6 +330,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml
index bc6aa6d0f3..dac45afea2 100644
--- a/modules/beta-autopilot-private-cluster/metadata.display.yaml
+++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml
@@ -274,6 +274,9 @@ spec:
notification_filter_event_type:
name: notification_filter_event_type
title: Notification Filter Event Type
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
private_endpoint_subnetwork:
name: private_endpoint_subnetwork
title: Private Endpoint Subnetwork
diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml
index 45f8cb2bd1..0ba0601f3b 100644
--- a/modules/beta-autopilot-private-cluster/metadata.yaml
+++ b/modules/beta-autopilot-private-cluster/metadata.yaml
@@ -222,6 +222,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index 8ce8cd68d4..c3928b8c22 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -170,6 +170,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
index b14e095451..89e68b4753 100644
--- a/modules/beta-autopilot-public-cluster/README.md
+++ b/modules/beta-autopilot-public-cluster/README.md
@@ -139,6 +139,7 @@ Then perform the following commands on the root folder:
| node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no |
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
| rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | object({
enable_insecure_binding_system_unauthenticated = optional(bool, null)
enable_insecure_binding_system_authenticated = optional(bool, null)
}) | {
"enable_insecure_binding_system_authenticated": null,
"enable_insecure_binding_system_unauthenticated": null
} | no |
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 4b58fa1122..b7e751ea3c 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -330,6 +330,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml
index ceb6f39fc4..9c7de7d904 100644
--- a/modules/beta-autopilot-public-cluster/metadata.display.yaml
+++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml
@@ -259,6 +259,9 @@ spec:
notification_filter_event_type:
name: notification_filter_event_type
title: Notification Filter Event Type
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
project_id:
name: project_id
title: Project Id
diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml
index f0285b3eeb..338085ee7a 100644
--- a/modules/beta-autopilot-public-cluster/metadata.yaml
+++ b/modules/beta-autopilot-public-cluster/metadata.yaml
@@ -222,6 +222,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
index 40f230127b..47f8a3af43 100644
--- a/modules/beta-autopilot-public-cluster/variables.tf
+++ b/modules/beta-autopilot-public-cluster/variables.tf
@@ -170,6 +170,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 353a3cd865..317afd12e1 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -298,6 +298,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
@@ -459,6 +460,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 010851c0cc..ea851ce742 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -466,6 +466,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -794,6 +800,7 @@ locals {
"flex_start",
"local_ssd_ephemeral_storage_count",
"ephemeral_storage_local_ssd_data_cache_count",
+ "pod_cidr_overprovision_config",
]
}
@@ -900,6 +907,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1280,6 +1294,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml
index cc12f38bae..46ce890a0d 100644
--- a/modules/beta-private-cluster-update-variant/metadata.display.yaml
+++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml
@@ -412,6 +412,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
private_endpoint_subnetwork:
name: private_endpoint_subnetwork
title: Private Endpoint Subnetwork
diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml
index 38c3c83664..5aa5efb918 100644
--- a/modules/beta-private-cluster-update-variant/metadata.yaml
+++ b/modules/beta-private-cluster-update-variant/metadata.yaml
@@ -223,6 +223,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 2e1bc5b5ac..d9c4588056 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index f305f18ec8..2881d55681 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -276,6 +276,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
@@ -437,6 +438,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 4a7c30bbbf..4d7a60277c 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -466,6 +466,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -814,6 +820,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1193,6 +1206,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml
index da59c10609..801a7689d0 100644
--- a/modules/beta-private-cluster/metadata.display.yaml
+++ b/modules/beta-private-cluster/metadata.display.yaml
@@ -412,6 +412,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
private_endpoint_subnetwork:
name: private_endpoint_subnetwork
title: Private Endpoint Subnetwork
diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml
index a0e87a1fbc..be9b93e8f4 100644
--- a/modules/beta-private-cluster/metadata.yaml
+++ b/modules/beta-private-cluster/metadata.yaml
@@ -223,6 +223,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 2e1bc5b5ac..d9c4588056 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index e671233cd7..a3d8dc519b 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -287,6 +287,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
| rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | object({
enable_insecure_binding_system_unauthenticated = optional(bool, null)
enable_insecure_binding_system_authenticated = optional(bool, null)
}) | {
"enable_insecure_binding_system_authenticated": null,
"enable_insecure_binding_system_unauthenticated": null
} | no |
@@ -446,6 +447,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 1a8912df2d..80dc18b693 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -466,6 +466,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -772,6 +778,7 @@ locals {
"flex_start",
"local_ssd_ephemeral_storage_count",
"ephemeral_storage_local_ssd_data_cache_count",
+ "pod_cidr_overprovision_config",
]
}
@@ -878,6 +885,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1258,6 +1272,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml
index 695bdcaec1..2b54d48a4b 100644
--- a/modules/beta-public-cluster-update-variant/metadata.display.yaml
+++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml
@@ -397,6 +397,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
project_id:
name: project_id
title: Project Id
diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml
index 1dd3d16e06..4a15179093 100644
--- a/modules/beta-public-cluster-update-variant/metadata.yaml
+++ b/modules/beta-public-cluster-update-variant/metadata.yaml
@@ -223,6 +223,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 690529e16e..02126fed1f 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 45d5fddb63..256a7f7f61 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -265,6 +265,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
| rbac\_binding\_config | RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created. | object({
enable_insecure_binding_system_unauthenticated = optional(bool, null)
enable_insecure_binding_system_authenticated = optional(bool, null)
}) | {
"enable_insecure_binding_system_authenticated": null,
"enable_insecure_binding_system_unauthenticated": null
} | no |
@@ -424,6 +425,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index b95f83f356..59fcd258ad 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -466,6 +466,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -792,6 +798,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1171,6 +1184,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", null)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml
index c195e7b846..08ded6dcb6 100644
--- a/modules/beta-public-cluster/metadata.display.yaml
+++ b/modules/beta-public-cluster/metadata.display.yaml
@@ -397,6 +397,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
project_id:
name: project_id
title: Project Id
diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml
index a5a812470d..f417b85600 100644
--- a/modules/beta-public-cluster/metadata.yaml
+++ b/modules/beta-public-cluster/metadata.yaml
@@ -223,6 +223,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 690529e16e..02126fed1f 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 2e164137d2..9d17bd3937 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -287,6 +287,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
@@ -440,6 +441,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 8700f849e0..9d167dcbf8 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -429,6 +429,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -748,6 +754,7 @@ locals {
"flex_start",
"local_ssd_ephemeral_storage_count",
"ephemeral_storage_local_ssd_data_cache_count",
+ "pod_cidr_overprovision_config",
]
}
@@ -854,6 +861,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1221,6 +1235,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml
index aed100d6e0..920dcb9a47 100644
--- a/modules/private-cluster-update-variant/metadata.display.yaml
+++ b/modules/private-cluster-update-variant/metadata.display.yaml
@@ -388,6 +388,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
private_endpoint_subnetwork:
name: private_endpoint_subnetwork
title: Private Endpoint Subnetwork
diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml
index 4e8239108f..28e31b431d 100644
--- a/modules/private-cluster-update-variant/metadata.yaml
+++ b/modules/private-cluster-update-variant/metadata.yaml
@@ -223,6 +223,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index 3497aed147..588fd6e412 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index c23ea693e5..771a16bd3f 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -265,6 +265,7 @@ Then perform the following commands on the root folder:
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no |
| parallelstore\_csi\_driver | Whether the Parallelstore CSI driver Addon is enabled for this cluster. | `bool` | `null` | no |
+| pod\_cidr\_overprovision\_config | Configuration for cluster level pod cidr overprovision. | `object({ disabled = bool })` | {
"disabled": false
} | no |
| private\_endpoint\_subnetwork | The subnetwork to use for the hosted master network. | `string` | `null` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| ray\_operator\_config | The Ray Operator Addon configuration for this cluster. | object({
enabled = bool
logging_enabled = optional(bool, false)
monitoring_enabled = optional(bool, false)
}) | {
"enabled": false,
"logging_enabled": false,
"monitoring_enabled": false
} | no |
@@ -418,6 +419,7 @@ The node_pools variable takes the following parameters:
| queued_provisioning | Makes nodes obtainable through the ProvisioningRequest API exclusively. | | Optional |
| gpu_sharing_strategy | The type of GPU sharing strategy to enable on the GPU node. Accepted values are: "TIME_SHARING" and "MPS". | | Optional |
| max_shared_clients_per_gpu | The maximum number of containers that can share a GPU. | | Optional |
+| pod_cidr_overprovision_config | Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited. | | Optional |
| total_egress_bandwidth_tier | Specifies the total network bandwidth tier. Valid values are: "TIER_1" and "TIER_UNSPECIFIED". | | Optional |
| consume_reservation_type | The type of reservation consumption. Accepted values are: "UNSPECIFIED": Default value (should not be specified). "NO_RESERVATION": Do not consume from any reserved capacity, "ANY_RESERVATION": Consume any reservation available, "SPECIFIC_RESERVATION": Must consume from a specific reservation. Must specify key value fields for specifying the reservations. | | Optional |
| reservation_affinity_key | The label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify "compute.googleapis.com/reservation-name" as the key and specify the name of your reservation as its value. | | Optional |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index d48a2f9836..650945c613 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -429,6 +429,12 @@ resource "google_container_cluster" "primary" {
}
}
stack_type = var.stack_type
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.pod_cidr_overprovision_config
+ content {
+ disabled = var.pod_cidr_overprovision_config.disabled
+ }
+ }
}
maintenance_policy {
@@ -769,6 +775,13 @@ resource "google_container_node_pool" "pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
@@ -1135,6 +1148,13 @@ resource "google_container_node_pool" "windows_pools" {
pod_range = lookup(network_config.value, "pod_range", null)
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
+ content {
+ disabled = lookup(network_config.value, "pod_cidr_overprovision_config", null)
+ }
+ }
+
dynamic "network_performance_config" {
for_each = lookup(network_config.value, "total_egress_bandwidth_tier", "") != "" ? [1] : []
content {
diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml
index cb477ee70a..e1ff2dde2d 100644
--- a/modules/private-cluster/metadata.display.yaml
+++ b/modules/private-cluster/metadata.display.yaml
@@ -388,6 +388,9 @@ spec:
parallelstore_csi_driver:
name: parallelstore_csi_driver
title: Parallelstore Csi Driver
+ pod_cidr_overprovision_config:
+ name: pod_cidr_overprovision_config
+ title: Pod Cidr Overprovision Config
private_endpoint_subnetwork:
name: private_endpoint_subnetwork
title: Private Endpoint Subnetwork
diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml
index 1a620c3beb..4d04cded14 100644
--- a/modules/private-cluster/metadata.yaml
+++ b/modules/private-cluster/metadata.yaml
@@ -223,6 +223,11 @@ spec:
description: the configuration for individual additional subnetworks attached to the cluster
varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
defaultValue: []
+ - name: pod_cidr_overprovision_config
+ description: Configuration for cluster level pod cidr overprovision.
+ varType: object({ disabled = bool })
+ defaultValue:
+ disabled: false
- name: ip_range_services
description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
varType: string
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index 3497aed147..588fd6e412 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
diff --git a/variables.tf b/variables.tf
index 101ad7ee59..a6b958c988 100644
--- a/variables.tf
+++ b/variables.tf
@@ -161,6 +161,12 @@ variable "additional_ip_ranges_config" {
default = []
}
+variable "pod_cidr_overprovision_config" {
+ type = object({ disabled = bool })
+ description = "Configuration for cluster level pod cidr overprovision."
+ default = { disabled = false }
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."