Merge branch 'main' into nap-cgroup-mode

Author: apeabody

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.24
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 DOCKER_BIN ?= docker
@@ -70,6 +70,7 @@ docker_test_integration:
 docker_test_lint:
 	$(DOCKER_BIN) run --rm -it \
 		-e ENABLE_PARALLEL=1 \
+		-e ENABLE_BPMETADATA=1 \
 		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_lint.sh
@@ -78,9 +79,10 @@ docker_test_lint:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	$(DOCKER_BIN) run --rm -it \
+		-e ENABLE_BPMETADATA=1 \
 		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
-		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
 
 # Generate files from autogen
 .PHONY: docker_generate_modules

README.md

@@ -353,7 +353,7 @@ The node_pools variable takes the following parameters:
 | max_count | Maximum number of nodes in the NodePool. Must be >= min_count. Cannot be used with total limits. | 100 | Optional |
 | total_max_count | Total maximum number of nodes in the NodePool. Must be >= min_count. Cannot be used with per zone limits. | null | Optional |
 | max_pods_per_node | The maximum number of pods per node in this cluster | null | Optional |
-| strategy | The upgrade stragey to be used for upgrading the nodes. Valid values of state are: `SURGE` or `BLUE_GREEN` | "SURGE" | Optional |
+| strategy | The upgrade stragey to be used for upgrading the nodes. Valid values of state are: `SURGE`, `BLUE_GREEN`, or for flex-start and queued provisioning `SHORT_LIVED` | "SURGE" | Optional |
 | threads_per_core | Optional The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed | null | Optional |
 | enable_nested_virtualization | Whether the node should have nested virtualization | null | Optional |
 | max_surge | The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater. Only works with `SURGE` strategy. | 1 | Optional |

autogen/main/README.md

@@ -238,7 +238,7 @@ The node_pools variable takes the following parameters:
 | max_count | Maximum number of nodes in the NodePool. Must be >= min_count. Cannot be used with total limits. | 100 | Optional |
 | total_max_count | Total maximum number of nodes in the NodePool. Must be >= min_count. Cannot be used with per zone limits. | null | Optional |
 | max_pods_per_node | The maximum number of pods per node in this cluster | null | Optional |
-| strategy | The upgrade stragey to be used for upgrading the nodes. Valid values of state are: `SURGE` or `BLUE_GREEN` | "SURGE" | Optional |
+| strategy | The upgrade stragey to be used for upgrading the nodes. Valid values of state are: `SURGE`, `BLUE_GREEN`, or for flex-start and queued provisioning `SHORT_LIVED` | "SURGE" | Optional |
 | threads_per_core | Optional The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed | null | Optional |
 | enable_nested_virtualization | Whether the node should have nested virtualization | null | Optional |
 | max_surge | The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater. Only works with `SURGE` strategy. | 1 | Optional |

autogen/main/cluster.tf.tmpl

@@ -967,20 +967,23 @@ resource "google_container_node_pool" "windows_pools" {
     auto_upgrade = lookup(each.value, "auto_upgrade", local.default_auto_upgrade)
   }
 
-  upgrade_settings {
-    strategy        = lookup(each.value, "strategy", "SURGE")
-    max_surge       = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_surge", 1) : null
-    max_unavailable = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_unavailable", 0) : null
+  dynamic "upgrade_settings" {
+    for_each = contains(["SURGE", "BLUE_GREEN"], lookup(each.value, "strategy", "SURGE")) ? [1] : []
+    content {
+      strategy        = lookup(each.value, "strategy", "SURGE")
+      max_surge       = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_surge", 1) : null
+      max_unavailable = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_unavailable", 0) : null
 
-    dynamic "blue_green_settings" {
-      for_each = lookup(each.value, "strategy", "SURGE") == "BLUE_GREEN" ? [1] : []
-      content {
-        node_pool_soak_duration = lookup(each.value, "node_pool_soak_duration", null)
+      dynamic "blue_green_settings" {
+        for_each = lookup(each.value, "strategy", "SURGE") == "BLUE_GREEN" ? [1] : []
+        content {
+          node_pool_soak_duration = lookup(each.value, "node_pool_soak_duration", null)
 
-        standard_rollout_policy {
-          batch_soak_duration = lookup(each.value, "batch_soak_duration", null)
-          batch_percentage    = lookup(each.value, "batch_percentage", null)
-          batch_node_count    = lookup(each.value, "batch_node_count", null)
+          standard_rollout_policy {
+            batch_soak_duration = lookup(each.value, "batch_soak_duration", null)
+            batch_percentage    = lookup(each.value, "batch_percentage", null)
+            batch_node_count    = lookup(each.value, "batch_node_count", null)
+          }
         }
       }
     }

build/int.cloudbuild.yaml

@@ -486,6 +486,6 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.23'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.24'
 options:
   machineType: 'E2_HIGHCPU_8'

cluster.tf

@@ -670,20 +670,23 @@ resource "google_container_node_pool" "pools" {
     auto_upgrade = lookup(each.value, "auto_upgrade", local.default_auto_upgrade)
   }
 
-  upgrade_settings {
-    strategy        = lookup(each.value, "strategy", "SURGE")
-    max_surge       = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_surge", 1) : null
-    max_unavailable = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_unavailable", 0) : null
+  dynamic "upgrade_settings" {
+    for_each = contains(["SURGE", "BLUE_GREEN"], lookup(each.value, "strategy", "SURGE")) ? [1] : []
+    content {
+      strategy        = lookup(each.value, "strategy", "SURGE")
+      max_surge       = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_surge", 1) : null
+      max_unavailable = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_unavailable", 0) : null
 
-    dynamic "blue_green_settings" {
-      for_each = lookup(each.value, "strategy", "SURGE") == "BLUE_GREEN" ? [1] : []
-      content {
-        node_pool_soak_duration = lookup(each.value, "node_pool_soak_duration", null)
+      dynamic "blue_green_settings" {
+        for_each = lookup(each.value, "strategy", "SURGE") == "BLUE_GREEN" ? [1] : []
+        content {
+          node_pool_soak_duration = lookup(each.value, "node_pool_soak_duration", null)
 
-        standard_rollout_policy {
-          batch_soak_duration = lookup(each.value, "batch_soak_duration", null)
-          batch_percentage    = lookup(each.value, "batch_percentage", null)
-          batch_node_count    = lookup(each.value, "batch_node_count", null)
+          standard_rollout_policy {
+            batch_soak_duration = lookup(each.value, "batch_soak_duration", null)
+            batch_percentage    = lookup(each.value, "batch_percentage", null)
+            batch_node_count    = lookup(each.value, "batch_node_count", null)
+          }
         }
       }
     }
@@ -1001,20 +1004,23 @@ resource "google_container_node_pool" "windows_pools" {
     auto_upgrade = lookup(each.value, "auto_upgrade", local.default_auto_upgrade)
   }
 
-  upgrade_settings {
-    strategy        = lookup(each.value, "strategy", "SURGE")
-    max_surge       = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_surge", 1) : null
-    max_unavailable = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_unavailable", 0) : null
+  dynamic "upgrade_settings" {
+    for_each = contains(["SURGE", "BLUE_GREEN"], lookup(each.value, "strategy", "SURGE")) ? [1] : []
+    content {
+      strategy        = lookup(each.value, "strategy", "SURGE")
+      max_surge       = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_surge", 1) : null
+      max_unavailable = lookup(each.value, "strategy", "SURGE") == "SURGE" ? lookup(each.value, "max_unavailable", 0) : null
 
-    dynamic "blue_green_settings" {
-      for_each = lookup(each.value, "strategy", "SURGE") == "BLUE_GREEN" ? [1] : []
-      content {
-        node_pool_soak_duration = lookup(each.value, "node_pool_soak_duration", null)
+      dynamic "blue_green_settings" {
+        for_each = lookup(each.value, "strategy", "SURGE") == "BLUE_GREEN" ? [1] : []
+        content {
+          node_pool_soak_duration = lookup(each.value, "node_pool_soak_duration", null)
 
-        standard_rollout_policy {
-          batch_soak_duration = lookup(each.value, "batch_soak_duration", null)
-          batch_percentage    = lookup(each.value, "batch_percentage", null)
-          batch_node_count    = lookup(each.value, "batch_node_count", null)
+          standard_rollout_policy {
+            batch_soak_duration = lookup(each.value, "batch_soak_duration", null)
+            batch_percentage    = lookup(each.value, "batch_percentage", null)
+            batch_node_count    = lookup(each.value, "batch_node_count", null)
+          }
         }
       }
     }

examples/node_pool/main.tf

@@ -92,6 +92,7 @@ module "gke" {
       min_count           = 0
       service_account     = var.compute_engine_service_account
       queued_provisioning = true
+      strategy            = "SHORT_LIVED"
     },
     {
       name                         = "pool-05"
@@ -102,7 +103,7 @@ module "gke" {
     {
       name          = "pool-06"
       node_count    = 1
-      machine_type  = "n1-highmem-96"
+      machine_type  = "c2-standard-30"
       node_affinity = "{\"key\": \"compute.googleapis.com/node-group-name\", \"operator\": \"IN\", \"values\": [\"${google_compute_node_group.soletenant-nodes.name}\"]}"
     },
   ]
@@ -170,7 +171,7 @@ resource "google_compute_node_template" "soletenant-tmpl" {
   name   = "soletenant-tmpl-${var.cluster_name_suffix}"
   region = var.region
 
-  node_type = "n1-node-96-624"
+  node_type = "c2-node-60-240"
 }
 
 resource "google_compute_node_group" "soletenant-nodes" {

examples/safer_cluster_iap_bastion/bastion.tf

@@ -30,7 +30,7 @@ module "bastion" {
   name           = local.bastion_name
   zone           = local.bastion_zone
   image_project  = "debian-cloud"
-  machine_type   = "g1-small"
+  machine_type   = "e2-small"
   startup_script = templatefile("${path.module}/templates/startup-script.tftpl", {})
   members        = var.bastion_members
   shielded_vm    = "false"

examples/simple_autopilot_private/main.tf

@@ -50,8 +50,7 @@ module "gke" {
   enable_private_endpoint                = true
   enable_private_nodes                   = true
   network_tags                           = [local.cluster_type]
-  # TODO: b/413643369
-  # node_pools_cgroup_mode                 = "CGROUP_MODE_V2"
+  node_pools_cgroup_mode                 = "CGROUP_MODE_V2"
   deletion_protection                    = false
   insecure_kubelet_readonly_port_enabled = false
 }

examples/simple_autopilot_private_cmek/main.tf

@@ -71,9 +71,8 @@ module "gke" {
   enable_private_endpoint         = true
   enable_private_nodes            = true
   network_tags                    = [local.cluster_type]
-  # TODO: b/413643369
-  # node_pools_cgroup_mode          = "CGROUP_MODE_V2"
-  deletion_protection = false
-  boot_disk_kms_key   = values(module.kms.keys)[0]
-  depends_on          = [google_kms_crypto_key_iam_member.main]
+  node_pools_cgroup_mode          = "CGROUP_MODE_V2"
+  deletion_protection             = false
+  boot_disk_kms_key               = values(module.kms.keys)[0]
+  depends_on                      = [google_kms_crypto_key_iam_member.main]
 }

examples/simple_autopilot_private_non_default_sa/main.tf

@@ -49,9 +49,8 @@ module "gke" {
   enable_vertical_pod_autoscaling = true
   enable_private_endpoint         = true
   enable_private_nodes            = true
-  # TODO: b/413643369
-  # node_pools_cgroup_mode          = "CGROUP_MODE_V2"
-  deletion_protection = false
+  node_pools_cgroup_mode          = "CGROUP_MODE_V2"
+  deletion_protection             = false
 
   master_authorized_networks = [
     {

examples/simple_autopilot_public/main.tf

@@ -47,12 +47,11 @@ module "gke" {
   release_channel                 = "RAPID"
   enable_vertical_pod_autoscaling = true
   network_tags                    = [local.cluster_type]
-  # TODO: b/413643369
-  # node_pools_cgroup_mode          = "CGROUP_MODE_V2"
-  deletion_protection      = false
-  enable_l4_ilb_subsetting = true
-  stateful_ha              = false
-  gke_backup_agent_config  = false
+  node_pools_cgroup_mode          = "CGROUP_MODE_V2"
+  deletion_protection             = false
+  enable_l4_ilb_subsetting        = true
+  stateful_ha                     = false
+  gke_backup_agent_config         = false
   ray_operator_config = {
     enabled            = true
     logging_enabled    = true