Adding native K8s annotations and GKE cluster enhancements

[arpit974]

This PR enhances the kubectl-apply and gke-cluster modules to support native Kubernetes annotations and advanced GKE features.

Rationale for Kubernetes Annotations: Adding the kubernetes_annotations resource enables users to patch Kubernetes Service Accounts with Workload Identity emails natively through HCL. This provides a declarative and integrated way to establish trust relationships between GCP and Kubernetes identities without relying on external shell scripts or manual manifest management.

Key Changes:

kubectl-apply: Implemented a "hybrid" provider logic that automatically discovers cluster connection details while allowing for manual overrides. It now natively supports service account annotations for streamlined Workload Identity configuration.
gke-cluster: Added support for Vertical Pod Autoscaling (VPA).

Submission Checklist

NOTE: Community submissions can take up to 2 weeks to be reviewed.

Please take the following actions before submitting this pull request.

• Fork your PR branch from the Toolkit "develop" branch (not main)
• Test all changes with pre-commit in a local branch #
• Confirm that "make tests" passes all tests
• Add or modify unit tests to cover code changes
• Ensure that unit test coverage remains above 80%
• Update all applicable documentation
• Follow Cluster Toolkit Contribution guidelines #

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request improves the flexibility and capability of the GKE and kubectl-apply modules. By enabling native HCL-based annotations for service accounts and adding support for advanced GKE features like VPA and slice controllers, the changes streamline cluster configuration and reduce the need for external scripts or manual manifest management.

Highlights

• Native Kubernetes Annotations: Introduced the kubernetes_annotations resource in the kubectl-apply module to allow declarative patching of Kubernetes Service Accounts with Workload Identity emails via HCL.
• Hybrid Provider Logic: Updated kubectl-apply to support a hybrid connection approach, allowing users to provide manual cluster details (endpoint/CA) or fall back to automatic discovery.
• GKE Cluster Enhancements: Added support for Vertical Pod Autoscaling (VPA) and updated the gke-cluster module to include the GKE Slice Controller for advanced topology management.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the kubectl-apply module to allow direct GKE cluster connection parameters and adds a resource for patching service account annotations. It also introduces Vertical Pod Autoscaling (VPA) to the gke-cluster module. Key feedback includes addressing a potential race condition in the annotation resource, fixing a logic bug in the provider's CA certificate resolution, and clarifying that the certificate must be base64-encoded. Additionally, it is recommended to set the VPA default to false to maintain backward compatibility and avoid unintended pod restarts.

[SwarnaBharathiMantena]

LGTM!
Please ensure the changes are tested manually / locally.