hampus77
diff --git a/‎autogen/main/cluster.tf.tmpl‎
Lines changed: 23 additions & 1 deletion b/‎autogen/main/cluster.tf.tmpl‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎cluster.tf‎
Lines changed: 9 additions & 1 deletion b/‎cluster.tf‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎modules/beta-private-cluster-update-variant/cluster.tf‎
Lines changed: 17 additions & 1 deletion b/‎modules/beta-private-cluster-update-variant/cluster.tf‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎modules/beta-private-cluster/cluster.tf‎
Lines changed: 17 additions & 1 deletion b/‎modules/beta-private-cluster/cluster.tf‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎modules/beta-public-cluster-update-variant/cluster.tf‎
Lines changed: 17 additions & 1 deletion b/‎modules/beta-public-cluster-update-variant/cluster.tf‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎modules/beta-public-cluster/cluster.tf‎
Lines changed: 17 additions & 1 deletion b/‎modules/beta-public-cluster/cluster.tf‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎modules/private-cluster-update-variant/cluster.tf‎
Lines changed: 9 additions & 1 deletion b/‎modules/private-cluster-update-variant/cluster.tf‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎modules/private-cluster/cluster.tf‎
Lines changed: 9 additions & 1 deletion b/‎modules/private-cluster/cluster.tf‎
Lines changed: 9 additions & 1 deletion
@@ -252,6 +252,13 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ {% if beta_cluster %}
+ image_type = lookup(var.node_pools[0], "image_type", lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled) ? "COS_CONTAINERD" : "COS")
+ {% else %}
+ image_type = lookup(var.node_pools[0], "image_type", "COS")
+ {% endif %}
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -263,6 +270,22 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+ {% if beta_cluster %}
+ dynamic "sandbox_config" {
+ for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
+ content {
+ sandbox_type = sandbox_config.value
+ }
+ }
+
+ boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "")
+ {% endif %}
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -635,4 +658,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -138,6 +138,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -149,6 +152,12 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -330,4 +339,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -225,6 +225,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled) ? "COS_CONTAINERD" : "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -236,6 +239,20 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+ dynamic "sandbox_config" {
+ for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
+ content {
+ sandbox_type = sandbox_config.value
+ }
+ }
+
+ boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "")
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -578,4 +595,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -225,6 +225,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled) ? "COS_CONTAINERD" : "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -236,6 +239,20 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+ dynamic "sandbox_config" {
+ for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
+ content {
+ sandbox_type = sandbox_config.value
+ }
+ }
+
+ boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "")
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -493,4 +510,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -225,6 +225,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled) ? "COS_CONTAINERD" : "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -236,6 +239,20 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+ dynamic "sandbox_config" {
+ for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
+ content {
+ sandbox_type = sandbox_config.value
+ }
+ }
+
+ boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "")
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -559,4 +576,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -225,6 +225,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled) ? "COS_CONTAINERD" : "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -236,6 +239,20 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+ dynamic "sandbox_config" {
+ for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
+ content {
+ sandbox_type = sandbox_config.value
+ }
+ }
+
+ boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", "")
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -474,4 +491,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -138,6 +138,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -149,6 +152,12 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -428,4 +437,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
 
@@ -138,6 +138,9 @@ resource "google_container_cluster" "primary" {
  initial_node_count = var.initial_node_count
 
  node_config {
+ image_type = lookup(var.node_pools[0], "image_type", "COS")
+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")
+
  service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
  dynamic "workload_metadata_config" {
@@ -149,6 +152,12 @@ resource "google_container_cluster" "primary" {
  }
 
  metadata = local.node_pools_metadata["all"]
+
+
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+ }
  }
  }
 
@@ -343,4 +352,3 @@ resource "google_container_node_pool" "pools" {
  delete = "45m"
  }
 }
-
Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,9 @@ resource "google_container_cluster" "primary" {`
`138`	`138`	`initial_node_count = var.initial_node_count`
`139`	`139`
`140`	`140`	`node_config {`
	`141`	`+ image_type = lookup(var.node_pools[0], "image_type", "COS")`
	`142`	`+ machine_type = lookup(var.node_pools[0], "machine_type", "e2-medium")`
	`143`	`+`
`141`	`144`	`service_account = lookup(var.node_pools[0], "service_account", local.service_account)`
`142`	`145`
`143`	`146`	`dynamic "workload_metadata_config" {`
`@@ -149,6 +152,12 @@ resource "google_container_cluster" "primary" {`
`149`	`152`	`}`
`150`	`153`
`151`	`154`	`metadata = local.node_pools_metadata["all"]`
	`155`	`+`
	`156`	`+`
	`157`	`+ shielded_instance_config {`
	`158`	`+ enable_secure_boot = lookup(var.node_pools[0], "enable_secure_boot", false)`
	`159`	`+ enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)`
	`160`	`+ }`
`152`	`161`	`}`
`153`	`162`	`}`
`154`	`163`
`@@ -330,4 +339,3 @@ resource "google_container_node_pool" "pools" {`
`330`	`339`	`delete = "45m"`
`331`	`340`	`}`
`332`	`341`	`}`
`333`		`-`