diff --git a/modules/gke-nodepool/README.md b/modules/gke-nodepool/README.md
index b2e1ec54b..713e924f4 100644
--- a/modules/gke-nodepool/README.md
+++ b/modules/gke-nodepool/README.md
@@ -211,6 +211,27 @@ module "cluster-1-nodepool-hyperdisk" {
}
# tftest modules=1 resources=1 inventory=hyperdisk.yaml
```
+
+### Advanced machine features
+
+This example shows how to configure advanced machine features such as disabling hyperthreading (`threads_per_core = 1`) or enabling nested virtualization, useful for performance-sensitive workloads or VMs that require running nested hypervisors.
+
+```hcl
+module "cluster-1-nodepool-advanced-machine-features" {
+ source = "./fabric/modules/gke-nodepool"
+ project_id = "myproject"
+ cluster_name = "cluster-1"
+ location = "europe-west4-a"
+ name = "nodepool-advanced-machine-features"
+ node_config = {
+ machine_type = "n2-standard-4"
+ advanced_machine_features = {
+ threads_per_core = 1
+ }
+ }
+}
+# tftest modules=1 resources=1
+```
## Variables
@@ -218,7 +239,7 @@ module "cluster-1-nodepool-hyperdisk" {
|---|---|:---:|:---:|:---:|
| [cluster_name](variables.tf#L23) | Cluster name. | string | ✓ | |
| [location](variables.tf#L48) | Cluster location. | string | ✓ | |
-| [project_id](variables.tf#L225) | Cluster project id. | string | ✓ | |
+| [project_id](variables.tf#L229) | Cluster project id. | string | ✓ | |
| [cluster_id](variables.tf#L17) | Cluster id. Optional, but providing cluster_id is recommended to prevent cluster misconfiguration in some of the edge cases. | string | | null |
| [gke_version](variables.tf#L28) | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string | | null |
| [k8s_labels](variables.tf#L34) | Kubernetes labels applied to each node. | map(string) | | {} |
@@ -227,15 +248,15 @@ module "cluster-1-nodepool-hyperdisk" {
| [name](variables.tf#L59) | Optional nodepool name. | string | | null |
| [network_config](variables.tf#L65) | Network configuration. | object({…}) | | null |
| [node_config](variables.tf#L89) | Node-level configuration. | object({…}) | | {} |
-| [node_count](variables.tf#L171) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | object({…}) | | {…} |
-| [node_locations](variables.tf#L183) | Node locations. | list(string) | | null |
-| [nodepool_config](variables.tf#L189) | Nodepool-level configuration. | object({…}) | | null |
-| [reservation_affinity](variables.tf#L230) | Configuration of the desired reservation which instances could take capacity from. | object({…}) | | null |
-| [resource_manager_tags](variables.tf#L240) | A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. | map(string) | | null |
-| [service_account](variables.tf#L246) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
-| [sole_tenant_nodegroup](variables.tf#L258) | Sole tenant node group. | string | | null |
-| [tags](variables.tf#L264) | Network tags applied to nodes. | list(string) | | null |
-| [taints](variables.tf#L270) | Kubernetes taints applied to all nodes. | map(object({…})) | | {} |
+| [node_count](variables.tf#L175) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | object({…}) | | {…} |
+| [node_locations](variables.tf#L187) | Node locations. | list(string) | | null |
+| [nodepool_config](variables.tf#L193) | Nodepool-level configuration. | object({…}) | | null |
+| [reservation_affinity](variables.tf#L234) | Configuration of the desired reservation which instances could take capacity from. | object({…}) | | null |
+| [resource_manager_tags](variables.tf#L244) | A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. | map(string) | | null |
+| [service_account](variables.tf#L250) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
+| [sole_tenant_nodegroup](variables.tf#L262) | Sole tenant node group. | string | | null |
+| [tags](variables.tf#L268) | Network tags applied to nodes. | list(string) | | null |
+| [taints](variables.tf#L274) | Kubernetes taints applied to all nodes. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/gke-nodepool/main.tf b/modules/gke-nodepool/main.tf
index 92f948b79..37624edc8 100644
--- a/modules/gke-nodepool/main.tf
+++ b/modules/gke-nodepool/main.tf
@@ -338,5 +338,12 @@ resource "google_container_node_pool" "nodepool" {
mode = var.node_config.workload_metadata_config_mode
}
}
+ dynamic "advanced_machine_features" {
+ for_each = var.node_config.advanced_machine_features != null ? [""] : []
+ content {
+ enable_nested_virtualization = var.node_config.advanced_machine_features.enable_nested_virtualization
+ threads_per_core = var.node_config.advanced_machine_features.threads_per_core
+ }
+ }
}
}
diff --git a/modules/gke-nodepool/variables.tf b/modules/gke-nodepool/variables.tf
index 294e3af11..886a95457 100644
--- a/modules/gke-nodepool/variables.tf
+++ b/modules/gke-nodepool/variables.tf
@@ -145,6 +145,10 @@ variable "node_config" {
spot = optional(bool)
flex_start = optional(bool)
workload_metadata_config_mode = optional(string)
+ advanced_machine_features = optional(object({
+ enable_nested_virtualization = optional(bool)
+ threads_per_core = optional(number)
+ }))
})
default = {}
nullable = false