fix(gke-node-pool)!: module to allow List configurations for fields (#2496)

opopov-google · apeabody · web-flow · commit dc798c1dd7af · 2025-12-03T12:07:11.000-08:00
Co-authored-by: Andrew Peabody &lt;andrewpeabody@google.com&gt;
diff --git a/modules/gke-node-pool/README.md b/modules/gke-node-pool/README.md
@@ -15,7 +15,7 @@
 | max\_pods\_per\_node | The maximum number of pods per node in this node pool. Note that this does not work on node pools which are 'route-based' - that is, node pools belonging to clusters that do not have IP Aliasing enabled. See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr) for more information. | `number` | `null` | no |
 | name | The name of the node pool. If left blank, Terraform will auto-generate a unique name. | `string` | `null` | no |
 | name\_prefix | Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name. | `string` | `null` | no |
-| network\_config | The network configuration of the pool. | <pre>object({<br>    create_pod_range     = optional(bool)<br>    enable_private_nodes = optional(bool)<br>    pod_ipv4_cidr_block  = optional(string)<br>    pod_range            = optional(string)<br>    additional_node_network_configs = optional(object({<br>      network    = string<br>      subnetwork = string<br>    }))<br>    additional_pod_network_configs = optional(object({<br>      subnetwork          = string<br>      secondary_pod_range = string<br>      max_pods_per_node   = number<br>    }))<br>    pod_cidr_overprovision_config = optional(object({<br>      disabled = bool<br>    }))<br>    network_performance_config = optional(object({<br>      total_egress_bandwidth_tier = string<br>    }))<br>  })</pre> | `null` | no |
+| network\_config | The network configuration of the pool. | <pre>object({<br>    create_pod_range     = optional(bool)<br>    enable_private_nodes = optional(bool)<br>    pod_ipv4_cidr_block  = optional(string)<br>    pod_range            = optional(string)<br>    additional_node_network_configs = optional(list(object({<br>      network    = string<br>      subnetwork = string<br>    })))<br>    additional_pod_network_configs = optional(list(object({<br>      subnetwork          = string<br>      secondary_pod_range = string<br>      max_pods_per_node   = number<br>    })))<br>    pod_cidr_overprovision_config = optional(object({<br>      disabled = bool<br>    }))<br>    network_performance_config = optional(object({<br>      total_egress_bandwidth_tier = string<br>    }))<br>  })</pre> | `null` | no |
 | node\_config | Parameters used in creating the node pool. | <pre>object({<br>    confidential_nodes = optional(object({<br>      enabled = bool<br>    }))<br>    disk_size_gb                = optional(number)<br>    disk_type                   = optional(string)<br>    enable_confidential_storage = optional(bool)<br>    local_ssd_encryption_mode   = optional(string)<br>    ephemeral_storage_config = optional(object({<br>      local_ssd_count = number<br>    }))<br>    ephemeral_storage_local_ssd_config = optional(object({<br>      local_ssd_count  = number<br>      data_cache_count = optional(number)<br>    }))<br>    fast_socket = optional(object({<br>      enabled = bool<br>    }))<br>    local_nvme_ssd_block_config = optional(object({<br>      local_ssd_count = number<br>    }))<br>    logging_variant = optional(string)<br>    secondary_boot_disks = optional(object({<br>      disk_image = string<br>      mode       = optional(string)<br>    }))<br>    gcfs_config = optional(object({<br>      enabled = bool<br>    }))<br>    gvnic = optional(object({<br>      enabled = bool<br>    }))<br>    guest_accelerator = optional(object({<br>      type  = string<br>      count = number<br>      gpu_driver_installation_config = optional(object({<br>        gpu_driver_version = string<br>      }))<br>      gpu_partition_size = optional(string)<br>      gpu_sharing_config = optional(object({<br>        gpu_sharing_strategy       = string<br>        max_shared_clients_per_gpu = number<br>      }))<br>    }))<br>    image_type       = optional(string)<br>    labels           = optional(map(string))<br>    resource_labels  = optional(map(string))<br>    max_run_duration = optional(string)<br>    flex_start       = optional(bool)<br>    local_ssd_count  = optional(number)<br>    machine_type     = optional(string)<br>    metadata         = optional(map(string))<br>    min_cpu_platform = optional(string)<br>    oauth_scopes     = optional(list(string))<br>    preemptible      = optional(bool)<br>    reservation_affinity = optional(object({<br>      consume_reservation_type = string<br>      key                      = optional(string)<br>      values                   = optional(list(string))<br>    }))<br>    spot = optional(bool)<br>    sandbox_config = optional(object({<br>      sandbox_type = string<br>    }))<br>    boot_disk_kms_key = optional(string)<br>    service_account   = optional(string)<br>    shielded_instance_config = optional(object({<br>      enable_secure_boot          = optional(bool)<br>      enable_integrity_monitoring = optional(bool)<br>    }))<br>    storage_pools         = optional(list(string))<br>    tags                  = optional(list(string))<br>    resource_manager_tags = optional(map(string))<br>    taint = optional(list(object({<br>      key    = string<br>      value  = string<br>      effect = string<br>    })))<br>    workload_metadata_config = optional(object({<br>      mode = optional(string)<br>    }))<br>    kubelet_config = optional(object({<br>      cpu_manager_policy                     = optional(string)<br>      cpu_cfs_quota                          = optional(bool)<br>      cpu_cfs_quota_period                   = optional(string)<br>      insecure_kubelet_readonly_port_enabled = optional(bool)<br>      pod_pids_limit                         = optional(number)<br>      container_log_max_size                 = optional(string)<br>      container_log_max_files                = optional(number)<br>      image_gc_low_threshold_percent         = optional(number)<br>      image_gc_high_threshold_percent        = optional(number)<br>      image_minimum_gc_age                   = optional(string)<br>      allowed_unsafe_sysctls                 = optional(list(string))<br>    }))<br>    linux_node_config = optional(object({<br>      sysctls     = optional(map(string))<br>      cgroup_mode = optional(string)<br>      hugepages_config = optional(object({<br>        hugepage_size_2m = optional(number)<br>        hugepage_size_1g = optional(number)<br>      }))<br>    }))<br>    windows_node_config = optional(object({<br>      osversion = string<br>    }))<br>    containerd_config = optional(object({<br>      private_registry_access_config = optional(object({<br>        enabled = bool<br>        certificate_authority_domain_config = optional(object({<br>          fqdns = list(string)<br>          gcp_secret_manager_certificate_config = object({<br>            secret_uri = string<br>          })<br>        }))<br>      }))<br>    }))<br>    node_group = optional(string)<br>    sole_tenant_config = optional(object({<br>      node_affinity = optional(object({<br>        key      = string<br>        operator = string<br>        values   = list(string)<br>      }))<br>    }))<br>  })</pre> | <pre>{<br>  "disk_size_gb": 100,<br>  "disk_type": "pd-standard",<br>  "image_type": "COS_CONTAINERD",<br>  "kubelet_config": {<br>    "insecure_kubelet_readonly_port_enabled": false<br>  },<br>  "machine_type": "e2-medium",<br>  "workload_metadata_config": {<br>    "mode": "GKE_METADATA"<br>  }<br>}</pre> | no |
 | node\_count | The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling. | `number` | `1` | no |
 | node\_locations | The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node\_locations will be used. Note: node\_locations will not revert to the cluster's default set of zones upon being unset. You must manually reconcile the list of zones with your cluster. | `list(string)` | `null` | no |
diff --git a/modules/gke-node-pool/main.tf b/modules/gke-node-pool/main.tf
@@ -276,15 +276,15 @@ resource "google_container_node_pool" "main" {
       pod_range            = network_config.value.pod_range
 
       dynamic "additional_node_network_configs" {
-        for_each = network_config.value.additional_node_network_configs != null ? [network_config.value.additional_node_network_configs] : []
+        for_each = coalesce(network_config.value.additional_node_network_configs, [])
         content {
           network    = additional_node_network_configs.value.network
           subnetwork = additional_node_network_configs.value.subnetwork
         }
       }
 
       dynamic "additional_pod_network_configs" {
-        for_each = network_config.value.additional_pod_network_configs != null ? [network_config.value.additional_pod_network_configs] : []
+        for_each = coalesce(network_config.value.additional_pod_network_configs, [])
         content {
           subnetwork          = additional_pod_network_configs.value.subnetwork
           secondary_pod_range = additional_pod_network_configs.value.secondary_pod_range
diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml
@@ -331,15 +331,15 @@ spec:
               enable_private_nodes = optional(bool)
               pod_ipv4_cidr_block  = optional(string)
               pod_range            = optional(string)
-              additional_node_network_configs = optional(object({
+              additional_node_network_configs = optional(list(object({
                 network    = string
                 subnetwork = string
-              }))
-              additional_pod_network_configs = optional(object({
+              })))
+              additional_pod_network_configs = optional(list(object({
                 subnetwork          = string
                 secondary_pod_range = string
                 max_pods_per_node   = number
-              }))
+              })))
               pod_cidr_overprovision_config = optional(object({
                 disabled = bool
               }))
diff --git a/modules/gke-node-pool/variables.tf b/modules/gke-node-pool/variables.tf
@@ -239,15 +239,15 @@ variable "network_config" {
     enable_private_nodes = optional(bool)
     pod_ipv4_cidr_block  = optional(string)
     pod_range            = optional(string)
-    additional_node_network_configs = optional(object({
+    additional_node_network_configs = optional(list(object({
       network    = string
       subnetwork = string
-    }))
-    additional_pod_network_configs = optional(object({
+    })))
+    additional_pod_network_configs = optional(list(object({
       subnetwork          = string
       secondary_pod_range = string
       max_pods_per_node   = number
-    }))
+    })))
     pod_cidr_overprovision_config = optional(object({
       disabled = bool
     }))
