Skip to content

feat: add new kubelet params #2337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add new kubelet params #2337

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a564436
add new kubelet params
DrFaust92 Apr 26, 2025
8e78d1b
add new kubelet params
DrFaust92 Apr 26, 2025
2d13131
Merge branch 'main' into added-kubelet_config
apeabody Apr 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,13 @@ The node_pools variable takes the following parameters:
| cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional |
| cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional |
| pod_pids_limit | Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. | null | Optional |
| container_log_max_size | Defines the maximum size of the container log file before it is rotated. | null | Optional |
| container_log_max_files | Defines the maximum number of container log files that can be present for a container. | null | Optional |
| image_gc_low_threshold_percent | Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. | null | Optional |
| image_gc_high_threshold_percent | Defines the percent of disk usage after which image garbage collection is always run. | null | Optional |
| image_minimum_gc_age | Defines the minimum age for an unused image before it is garbage collected. | null | Optional |
| image_maximum_gc_age | Defines the maximum age an image can be unused before it is garbage collected. | null | Optional |
| allowed_unsafe_sysctls | Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. This should be passed as comma separated string. | null | Optional |
| enable_confidential_nodes | An optional flag to enable confidential node config. | false | Optional |
| disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional |
| disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional |
Expand Down
7 changes: 7 additions & 0 deletions autogen/main/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,13 @@ The node_pools variable takes the following parameters:
| cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional |
| cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional |
| pod_pids_limit | Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. | null | Optional |
| container_log_max_size | Defines the maximum size of the container log file before it is rotated. | null | Optional |
| container_log_max_files | Defines the maximum number of container log files that can be present for a container. | null | Optional |
| image_gc_low_threshold_percent | Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. | null | Optional |
| image_gc_high_threshold_percent | Defines the percent of disk usage after which image garbage collection is always run. | null | Optional |
| image_minimum_gc_age | Defines the minimum age for an unused image before it is garbage collected. | null | Optional |
| image_maximum_gc_age | Defines the maximum age an image can be unused before it is garbage collected. | null | Optional |
| allowed_unsafe_sysctls | Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. This should be passed as comma separated string. | null | Optional |
| enable_confidential_nodes | An optional flag to enable confidential node config. | false | Optional |
| disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional |
| disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional |
Expand Down
18 changes: 16 additions & 2 deletions autogen/main/cluster.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -589,7 +589,7 @@ resource "google_container_cluster" "primary" {
dynamic "kubelet_config" {
for_each = length(setintersection(
keys(var.node_pools[0]),
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
)) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []

content {
Expand All @@ -598,6 +598,13 @@ resource "google_container_cluster" "primary" {
cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null)
insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null)
container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null)
container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null)
image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null)
image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null)
image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null)
image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null)
allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)]
}
}

Expand Down Expand Up @@ -1144,7 +1151,7 @@ resource "google_container_node_pool" "windows_pools" {
dynamic "kubelet_config" {
for_each = length(setintersection(
keys(each.value),
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
)) != 0 ? [1] : []

content {
Expand All @@ -1153,6 +1160,13 @@ resource "google_container_node_pool" "windows_pools" {
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
container_log_max_size = lookup(each.value, "container_log_max_size", null)
container_log_max_files = lookup(each.value, "container_log_max_files", null)
image_gc_low_threshold_percent = lookup(each.value, "image_gc_low_threshold_percent", null)
image_gc_high_threshold_percent = lookup(each.value, "image_gc_high_threshold_percent", null)
image_minimum_gc_age = lookup(each.value, "image_minimum_gc_age", null)
image_maximum_gc_age = lookup(each.value, "image_maximum_gc_age", null)
allowed_unsafe_sysctls = lookup(each.value, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(each.value, "allowed_unsafe_sysctls", null)) : trimspace(s)]
}
}

Expand Down
27 changes: 24 additions & 3 deletions cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -446,7 +446,7 @@ resource "google_container_cluster" "primary" {
dynamic "kubelet_config" {
for_each = length(setintersection(
keys(var.node_pools[0]),
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
)) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []

content {
Expand All @@ -455,6 +455,13 @@ resource "google_container_cluster" "primary" {
cpu_cfs_quota_period = lookup(var.node_pools[0], "cpu_cfs_quota_period", null)
insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
pod_pids_limit = lookup(var.node_pools[0], "pod_pids_limit", null)
container_log_max_size = lookup(var.node_pools[0], "container_log_max_size", null)
container_log_max_files = lookup(var.node_pools[0], "container_log_max_files", null)
image_gc_low_threshold_percent = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null)
image_gc_high_threshold_percent = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null)
image_minimum_gc_age = lookup(var.node_pools[0], "image_minimum_gc_age", null)
image_maximum_gc_age = lookup(var.node_pools[0], "image_maximum_gc_age", null)
allowed_unsafe_sysctls = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)]
}
}

Expand Down Expand Up @@ -839,7 +846,7 @@ resource "google_container_node_pool" "pools" {
dynamic "kubelet_config" {
for_each = length(setintersection(
keys(each.value),
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
)) != 0 ? [1] : []

content {
Expand All @@ -848,6 +855,13 @@ resource "google_container_node_pool" "pools" {
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
container_log_max_size = lookup(each.value, "container_log_max_size", null)
container_log_max_files = lookup(each.value, "container_log_max_files", null)
image_gc_low_threshold_percent = lookup(each.value, "image_gc_low_threshold_percent", null)
image_gc_high_threshold_percent = lookup(each.value, "image_gc_high_threshold_percent", null)
image_minimum_gc_age = lookup(each.value, "image_minimum_gc_age", null)
image_maximum_gc_age = lookup(each.value, "image_maximum_gc_age", null)
allowed_unsafe_sysctls = lookup(each.value, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(each.value, "allowed_unsafe_sysctls", null)) : trimspace(s)]
}
}

Expand Down Expand Up @@ -1163,7 +1177,7 @@ resource "google_container_node_pool" "windows_pools" {
dynamic "kubelet_config" {
for_each = length(setintersection(
keys(each.value),
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit"]
["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
)) != 0 ? [1] : []

content {
Expand All @@ -1172,6 +1186,13 @@ resource "google_container_node_pool" "windows_pools" {
cpu_cfs_quota_period = lookup(each.value, "cpu_cfs_quota_period", null)
insecure_kubelet_readonly_port_enabled = lookup(each.value, "insecure_kubelet_readonly_port_enabled", null) != null ? upper(tostring(each.value.insecure_kubelet_readonly_port_enabled)) : null
pod_pids_limit = lookup(each.value, "pod_pids_limit", null)
container_log_max_size = lookup(each.value, "container_log_max_size", null)
container_log_max_files = lookup(each.value, "container_log_max_files", null)
image_gc_low_threshold_percent = lookup(each.value, "image_gc_low_threshold_percent", null)
image_gc_high_threshold_percent = lookup(each.value, "image_gc_high_threshold_percent", null)
image_minimum_gc_age = lookup(each.value, "image_minimum_gc_age", null)
image_maximum_gc_age = lookup(each.value, "image_maximum_gc_age", null)
allowed_unsafe_sysctls = lookup(each.value, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(each.value, "allowed_unsafe_sysctls", null)) : trimspace(s)]
}
}

Expand Down
7 changes: 7 additions & 0 deletions modules/beta-private-cluster-update-variant/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,13 @@ The node_pools variable takes the following parameters:
| cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional |
| cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional |
| pod_pids_limit | Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. | null | Optional |
| container_log_max_size | Defines the maximum size of the container log file before it is rotated. | null | Optional |
| container_log_max_files | Defines the maximum number of container log files that can be present for a container. | null | Optional |
| image_gc_low_threshold_percent | Defines the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. | null | Optional |
| image_gc_high_threshold_percent | Defines the percent of disk usage after which image garbage collection is always run. | null | Optional |
| image_minimum_gc_age | Defines the minimum age for an unused image before it is garbage collected. | null | Optional |
| image_maximum_gc_age | Defines the maximum age an image can be unused before it is garbage collected. | null | Optional |
| allowed_unsafe_sysctls | Defines a comma-separated allowlist of unsafe sysctls or sysctl patterns which can be set on the Pods. This should be passed as comma separated string. | null | Optional |
| enable_confidential_nodes | An optional flag to enable confidential node config. | false | Optional |
| disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional |
| disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional |
Expand Down
Loading