kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support hyperdisk-balanced options on gke-nodepool module (#3767)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2026-02-25 16:10:29 +01:00
committed by GitHub
parent 00796b73ba
commit 6ec1d8f504
8 changed files with 108 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
modules/gke-nodepool/README.md
View File

@@ -187,6 +187,31 @@ module "cluster-1-nodepool-dws" {
}
# tftest modules=1 resources=2 inventory=dws.yaml
```
### Hyperdisk Balanced
This example shows how to configure Hyperdisk Balanced with provisioned IOPS and throughput.
```hcl
module "cluster-1-nodepool-hyperdisk" {
source = "./fabric/modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west4-a"
name = "nodepool-hyperdisk"
node_config = {
machine_type = "c3-standard-4"
boot_disk = {
image_type = "COS_CONTAINERD"
type = "hyperdisk-balanced"
size_gb = 100
provisioned_iops = 3000
provisioned_throughput = 140
}
}
}
# tftest modules=1 resources=1 inventory=hyperdisk.yaml
```
<!-- BEGIN TFDOC -->
## Variables
@@ -194,7 +219,7 @@ module "cluster-1-nodepool-dws" {
|---|---|:---:|:---:|:---:|
| [cluster_name](variables.tf#L23) | Cluster name. | <code>string</code> | ✓ | |
| [location](variables.tf#L48) | Cluster location. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L216) | Cluster project id. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L223) | Cluster project id. | <code>string</code> | ✓ | |
| [cluster_id](variables.tf#L17) | Cluster id. Optional, but providing cluster_id is recommended to prevent cluster misconfiguration in some of the edge cases. | <code>string</code> | | <code>null</code> |
| [gke_version](variables.tf#L28) | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | <code>string</code> | | <code>null</code> |
| [k8s_labels](variables.tf#L34) | Kubernetes labels applied to each node. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
@@ -202,16 +227,16 @@ module "cluster-1-nodepool-dws" {
| [max_pods_per_node](variables.tf#L53) | Maximum number of pods per node. | <code>number</code> | | <code>null</code> |
| [name](variables.tf#L59) | Optional nodepool name. | <code>string</code> | | <code>null</code> |
| [network_config](variables.tf#L65) | Network configuration. | <code title="object&#40;&#123;&#10; enable_private_nodes &#61; optional&#40;bool&#41;&#10; pod_range &#61; optional&#40;object&#40;&#123;&#10; cidr &#61; optional&#40;string&#41;&#10; create &#61; optional&#40;bool, false&#41;&#10; name &#61; optional&#40;string&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; additional_node_network_configs &#61; optional&#40;list&#40;object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; additional_pod_network_configs &#61; optional&#40;list&#40;object&#40;&#123;&#10; subnetwork &#61; string&#10; secondary_pod_range &#61; string&#10; max_pods_per_node &#61; string&#10; &#125;&#41;&#41;, &#91;&#93;&#41;&#10; total_egress_bandwidth_tier &#61; optional&#40;string&#41;&#10; pod_cidr_overprovisioning_disabled &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [node_config](variables.tf#L89) | Node-level configuration. | <code title="object&#40;&#123;&#10; boot_disk_kms_key &#61; optional&#40;string&#41;&#10; disk_size_gb &#61; optional&#40;number&#41;&#10; disk_type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41;&#10; ephemeral_ssd_count &#61; optional&#40;number&#41;&#10; gcfs &#61; optional&#40;bool, false&#41;&#10; guest_accelerator &#61; optional&#40;object&#40;&#123;&#10; count &#61; number&#10; type &#61; string&#10; gpu_driver &#61; optional&#40;object&#40;&#123;&#10; version &#61; string&#10; partition_size &#61; optional&#40;string&#41;&#10; max_shared_clients_per_gpu &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; local_nvme_ssd_count &#61; optional&#40;number&#41;&#10; gvnic &#61; optional&#40;bool, false&#41;&#10; image_type &#61; optional&#40;string&#41;&#10; kubelet_config &#61; optional&#40;object&#40;&#123;&#10; cpu_manager_policy &#61; string&#10; cpu_cfs_quota &#61; optional&#40;bool&#41;&#10; cpu_cfs_quota_period &#61; optional&#40;string&#41;&#10; insecure_kubelet_readonly_port_enabled &#61; optional&#40;string&#41;&#10; pod_pids_limit &#61; optional&#40;number&#41;&#10; container_log_max_size &#61; optional&#40;string&#41;&#10; container_log_max_files &#61; optional&#40;number&#41;&#10; image_gc_low_threshold_percent &#61; optional&#40;number&#41;&#10; image_gc_high_threshold_percent &#61; optional&#40;number&#41;&#10; image_minimum_gc_age &#61; optional&#40;string&#41;&#10; image_maximum_gc_age &#61; optional&#40;string&#41;&#10; allowed_unsafe_sysctls &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;&#10; linux_node_config &#61; optional&#40;object&#40;&#123;&#10; sysctls &#61; optional&#40;map&#40;string&#41;&#41;&#10; cgroup_mode &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; local_ssd_count &#61; optional&#40;number&#41;&#10; machine_type &#61; optional&#40;string&#41;&#10; metadata &#61; optional&#40;map&#40;string&#41;&#41;&#10; min_cpu_platform &#61; optional&#40;string&#41;&#10; preemptible &#61; optional&#40;bool&#41;&#10; sandbox_config_gvisor &#61; optional&#40;bool&#41;&#10; shielded_instance_config &#61; optional&#40;object&#40;&#123;&#10; enable_integrity_monitoring &#61; optional&#40;bool&#41;&#10; enable_secure_boot &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; spot &#61; optional&#40;bool&#41;&#10; workload_metadata_config_mode &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [node_count](variables.tf#L162) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | <code title="object&#40;&#123;&#10; current &#61; optional&#40;number&#41;&#10; initial &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; initial &#61; 1&#10;&#125;">&#123;&#8230;&#125;</code> |
| [node_locations](variables.tf#L174) | Node locations. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [nodepool_config](variables.tf#L180) | Nodepool-level configuration. | <code title="object&#40;&#123;&#10; autoscaling &#61; optional&#40;object&#40;&#123;&#10; location_policy &#61; optional&#40;string&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; min_node_count &#61; optional&#40;number&#41;&#10; use_total_nodes &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; management &#61; optional&#40;object&#40;&#123;&#10; auto_repair &#61; optional&#40;bool&#41;&#10; auto_upgrade &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; placement_policy &#61; optional&#40;object&#40;&#123;&#10; type &#61; string&#10; policy_name &#61; optional&#40;string&#41;&#10; tpu_topology &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; queued_provisioning &#61; optional&#40;bool, false&#41;&#10; upgrade_settings &#61; optional&#40;object&#40;&#123;&#10; max_surge &#61; number&#10; max_unavailable &#61; number&#10; strategy &#61; optional&#40;string&#41;&#10; blue_green_settings &#61; optional&#40;object&#40;&#123;&#10; node_pool_soak_duration &#61; optional&#40;string&#41;&#10; standard_rollout_policy &#61; optional&#40;object&#40;&#123;&#10; batch_percentage &#61; optional&#40;number&#41;&#10; batch_node_count &#61; optional&#40;number&#41;&#10; batch_soak_duration &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [reservation_affinity](variables.tf#L221) | Configuration of the desired reservation which instances could take capacity from. | <code title="object&#40;&#123;&#10; consume_reservation_type &#61; string&#10; key &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [resource_manager_tags](variables.tf#L231) | A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [service_account](variables.tf#L237) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; display_name &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [sole_tenant_nodegroup](variables.tf#L249) | Sole tenant node group. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L255) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [taints](variables.tf#L261) | Kubernetes taints applied to all nodes. | <code title="map&#40;object&#40;&#123;&#10; value &#61; string&#10; effect &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [node_config](variables.tf#L89) | Node-level configuration. | <code title="object&#40;&#123;&#10; boot_disk &#61; optional&#40;object&#40;&#123;&#10; kms_key &#61; optional&#40;string&#41;&#10; size_gb &#61; optional&#40;number&#41;&#10; type &#61; optional&#40;string&#41;&#10; provisioned_iops &#61; optional&#40;number&#41;&#10; provisioned_throughput &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; boot_disk_kms_key &#61; optional&#40;string&#41; &#35; usage of this is discouraged&#10; disk_size_gb &#61; optional&#40;number&#41; &#35; usage of this is discouraged&#10; disk_type &#61; optional&#40;string, &#34;pd-balanced&#34;&#41; &#35; usage of this is discouraged&#10; ephemeral_ssd_count &#61; optional&#40;number&#41;&#10; gcfs &#61; optional&#40;bool, false&#41;&#10; guest_accelerator &#61; optional&#40;object&#40;&#123;&#10; count &#61; number&#10; type &#61; string&#10; gpu_driver &#61; optional&#40;object&#40;&#123;&#10; version &#61; string&#10; partition_size &#61; optional&#40;string&#41;&#10; max_shared_clients_per_gpu &#61; optional&#40;number&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; local_nvme_ssd_count &#61; optional&#40;number&#41;&#10; gvnic &#61; optional&#40;bool, false&#41;&#10; image_type &#61; optional&#40;string&#41;&#10; kubelet_config &#61; optional&#40;object&#40;&#123;&#10; cpu_manager_policy &#61; string&#10; cpu_cfs_quota &#61; optional&#40;bool&#41;&#10; cpu_cfs_quota_period &#61; optional&#40;string&#41;&#10; insecure_kubelet_readonly_port_enabled &#61; optional&#40;string&#41;&#10; pod_pids_limit &#61; optional&#40;number&#41;&#10; container_log_max_size &#61; optional&#40;string&#41;&#10; container_log_max_files &#61; optional&#40;number&#41;&#10; image_gc_low_threshold_percent &#61; optional&#40;number&#41;&#10; image_gc_high_threshold_percent &#61; optional&#40;number&#41;&#10; image_minimum_gc_age &#61; optional&#40;string&#41;&#10; image_maximum_gc_age &#61; optional&#40;string&#41;&#10; allowed_unsafe_sysctls &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;&#41;&#10; linux_node_config &#61; optional&#40;object&#40;&#123;&#10; sysctls &#61; optional&#40;map&#40;string&#41;&#41;&#10; cgroup_mode &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; local_ssd_count &#61; optional&#40;number&#41;&#10; machine_type &#61; optional&#40;string&#41;&#10; metadata &#61; optional&#40;map&#40;string&#41;&#41;&#10; min_cpu_platform &#61; optional&#40;string&#41;&#10; preemptible &#61; optional&#40;bool&#41;&#10; sandbox_config_gvisor &#61; optional&#40;bool&#41;&#10; shielded_instance_config &#61; optional&#40;object&#40;&#123;&#10; enable_integrity_monitoring &#61; optional&#40;bool&#41;&#10; enable_secure_boot &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; spot &#61; optional&#40;bool&#41;&#10; workload_metadata_config_mode &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [node_count](variables.tf#L169) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | <code title="object&#40;&#123;&#10; current &#61; optional&#40;number&#41;&#10; initial &#61; number&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; initial &#61; 1&#10;&#125;">&#123;&#8230;&#125;</code> |
| [node_locations](variables.tf#L181) | Node locations. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [nodepool_config](variables.tf#L187) | Nodepool-level configuration. | <code title="object&#40;&#123;&#10; autoscaling &#61; optional&#40;object&#40;&#123;&#10; location_policy &#61; optional&#40;string&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; min_node_count &#61; optional&#40;number&#41;&#10; use_total_nodes &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; management &#61; optional&#40;object&#40;&#123;&#10; auto_repair &#61; optional&#40;bool&#41;&#10; auto_upgrade &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; placement_policy &#61; optional&#40;object&#40;&#123;&#10; type &#61; string&#10; policy_name &#61; optional&#40;string&#41;&#10; tpu_topology &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; queued_provisioning &#61; optional&#40;bool, false&#41;&#10; upgrade_settings &#61; optional&#40;object&#40;&#123;&#10; max_surge &#61; number&#10; max_unavailable &#61; number&#10; strategy &#61; optional&#40;string&#41;&#10; blue_green_settings &#61; optional&#40;object&#40;&#123;&#10; node_pool_soak_duration &#61; optional&#40;string&#41;&#10; standard_rollout_policy &#61; optional&#40;object&#40;&#123;&#10; batch_percentage &#61; optional&#40;number&#41;&#10; batch_node_count &#61; optional&#40;number&#41;&#10; batch_soak_duration &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [reservation_affinity](variables.tf#L228) | Configuration of the desired reservation which instances could take capacity from. | <code title="object&#40;&#123;&#10; consume_reservation_type &#61; string&#10; key &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [resource_manager_tags](variables.tf#L238) | A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [service_account](variables.tf#L244) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; display_name &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [sole_tenant_nodegroup](variables.tf#L256) | Sole tenant node group. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L262) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [taints](variables.tf#L268) | Kubernetes taints applied to all nodes. | <code title="map&#40;object&#40;&#123;&#10; value &#61; string&#10; effect &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
## Outputs

36
modules/gke-nodepool/main.tf
View File

@@ -192,20 +192,28 @@ resource "google_container_node_pool" "nodepool" {
}
node_config {
boot_disk_kms_key = var.node_config.boot_disk_kms_key
disk_size_gb = var.node_config.disk_size_gb
disk_type = var.node_config.disk_type
image_type = var.node_config.image_type
labels = var.k8s_labels
resource_labels = var.labels
local_ssd_count = var.node_config.local_ssd_count
machine_type = var.node_config.machine_type
metadata = local.node_metadata
min_cpu_platform = var.node_config.min_cpu_platform
node_group = var.sole_tenant_nodegroup
oauth_scopes = local.service_account_scopes
preemptible = var.node_config.preemptible
service_account = local.service_account_email
boot_disk_kms_key = try(var.node_config.boot_disk.kms_key, var.node_config.boot_disk_kms_key)
boot_disk {
size_gb = try(var.node_config.boot_disk.size_gb, var.node_config.disk_size_gb)
disk_type = try(var.node_config.boot_disk.type, var.node_config.disk_type)
provisioned_iops = try(
var.node_config.boot_disk.provisioned_iops, null
)
provisioned_throughput = try(
var.node_config.boot_disk.provisioned_throughput, null
)
}
image_type = var.node_config.image_type
labels = var.k8s_labels
resource_labels = var.labels
local_ssd_count = var.node_config.local_ssd_count
machine_type = var.node_config.machine_type
metadata = local.node_metadata
min_cpu_platform = var.node_config.min_cpu_platform
node_group = var.sole_tenant_nodegroup
oauth_scopes = local.service_account_scopes
preemptible = var.node_config.preemptible
service_account = local.service_account_email
spot = (
var.node_config.spot == true && var.node_config.preemptible != true
)

13
modules/gke-nodepool/variables.tf
View File

@@ -89,9 +89,16 @@ variable "network_config" {
variable "node_config" {
description = "Node-level configuration."
type = object({
boot_disk_kms_key = optional(string)
disk_size_gb = optional(number)
disk_type = optional(string, "pd-balanced")
boot_disk = optional(object({
kms_key = optional(string)
size_gb = optional(number)
type = optional(string)
provisioned_iops = optional(number)
provisioned_throughput = optional(number)
}))
boot_disk_kms_key = optional(string) # usage of this is discouraged
disk_size_gb = optional(number) # usage of this is discouraged
disk_type = optional(string, "pd-balanced") # usage of this is discouraged
ephemeral_ssd_count = optional(number)
gcfs = optional(bool, false)
guest_accelerator = optional(object({

3
tests/fast/stages/s3_gke_dev/hardened.yaml
View File

@@ -245,8 +245,9 @@ values:
name: mynodepool
node_config:
- advanced_machine_features: []
boot_disk:
- disk_type: pd-balanced
boot_disk_kms_key: projects/prj-host/locations/europe-west1/keyRings/dev-primary-default/cryptoKeys/gke
disk_type: pd-balanced
enable_confidential_storage: null
ephemeral_storage_config: []
ephemeral_storage_local_ssd_config: []

3
tests/fast/stages/s3_gke_dev/simple.yaml
View File

@@ -203,8 +203,9 @@ values:
name: mynodepool
node_config:
- advanced_machine_features: []
boot_disk:
- disk_type: pd-balanced
boot_disk_kms_key: null
disk_type: pd-balanced
enable_confidential_storage: null
ephemeral_storage_config: []
ephemeral_storage_local_ssd_config: []

5
tests/modules/gke_nodepool/examples/dws.yaml
View File

@@ -19,8 +19,9 @@ values:
name: nodepool-dws
node_config:
- boot_disk_kms_key: null
disk_size_gb: 50
disk_type: pd-ssd
boot_disk:
- size_gb: 50
disk_type: pd-ssd
ephemeral_storage_config:
- local_ssd_count: 1
ephemeral_storage_local_ssd_config: []

5
tests/modules/gke_nodepool/examples/guest-accelerator.yaml
View File

@@ -19,8 +19,9 @@ values:
name: nodepool-gpu-1
node_config:
- boot_disk_kms_key: null
disk_size_gb: 50
disk_type: pd-ssd
boot_disk:
- size_gb: 50
disk_type: pd-ssd
ephemeral_storage_config:
- local_ssd_count: 1
ephemeral_storage_local_ssd_config: []

30
tests/modules/gke_nodepool/examples/hyperdisk.yaml Normal file
View File

@@ -0,0 +1,30 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-hyperdisk.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west4-a
name: nodepool-hyperdisk
project: myproject
node_config:
- machine_type: c3-standard-4
boot_disk:
- disk_type: hyperdisk-balanced
size_gb: 100
provisioned_iops: 3000
provisioned_throughput: 140
counts:
google_container_node_pool: 1