Implements review comments.
This commit is contained in:
parent
78d54d13ba
commit
a2598991fc
|
@ -46,5 +46,5 @@ running on a VPC with a private IP and a dedicated Service Account. A GCS bucket
|
||||||
|
|
||||||
<a href="./composer-2/" title="# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
|
<a href="./composer-2/" title="# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
|
||||||
"><img src="./composer-2/diagram.png" align="left" width="280px"></a>
|
"><img src="./composer-2/diagram.png" align="left" width="280px"></a>
|
||||||
This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/sql) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
|
This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/composer/) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
|
||||||
<br clear="left">
|
<br clear="left">
|
|
@ -1,10 +1,10 @@
|
||||||
# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
|
# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
|
||||||
|
|
||||||
This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major verion for Cloud Composer that supports:
|
This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major version for Cloud Composer that supports:
|
||||||
- environment autoscaling
|
- environment autoscaling
|
||||||
- workloads configuration: CPU, memory, and storage parameters for Airflow workers, schedulers, web server, and database.
|
- workloads configuration: CPU, memory, and storage parameters for Airflow workers, schedulers, web server, and database.
|
||||||
|
|
||||||
Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exaustive comparison between Composer Version 1 and Version 2.
|
Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exhaustive comparison between Composer Version 1 and Version 2.
|
||||||
|
|
||||||
The solution will use:
|
The solution will use:
|
||||||
- Cloud Composer
|
- Cloud Composer
|
||||||
|
@ -31,7 +31,7 @@ Run Terraform init:
|
||||||
$ terraform init
|
$ terraform init
|
||||||
```
|
```
|
||||||
|
|
||||||
Configure the Terraform variable in your terraform.tfvars file. You need to spefify at least the following variables:
|
Configure the Terraform variable in your terraform.tfvars file. You need to specify at least the following variables:
|
||||||
|
|
||||||
```tfvars
|
```tfvars
|
||||||
project_id = "lcaggioni-sandbox"
|
project_id = "lcaggioni-sandbox"
|
||||||
|
@ -48,6 +48,12 @@ You can now connect to your instance.
|
||||||
|
|
||||||
# Customizations
|
# Customizations
|
||||||
|
|
||||||
|
## VPC
|
||||||
|
If a shared VPC is not configured, a VPC will be created within the project. The following IP ranges will be used:
|
||||||
|
- Cloudsql: `10.20.10.0/24`
|
||||||
|
- GKE: `10.20.11.0/28`
|
||||||
|
|
||||||
|
Change the code as needed to match your needed configuration, remember that these addresses should not overlap with any other range used in network.
|
||||||
## Shared VPC
|
## Shared VPC
|
||||||
As is often the case in real-world configurations, this blueprint accepts as input an existing [`Shared-VPC`](https://cloud.google.com/vpc/docs/shared-vpc) via the `network_config` variable.
|
As is often the case in real-world configurations, this blueprint accepts as input an existing [`Shared-VPC`](https://cloud.google.com/vpc/docs/shared-vpc) via the `network_config` variable.
|
||||||
|
|
||||||
|
@ -69,7 +75,7 @@ Make sure that:
|
||||||
- The subnet has secondary ranges configured with 2 ranges:
|
- The subnet has secondary ranges configured with 2 ranges:
|
||||||
- pods: `/22` example: `10.10.8.0/22`
|
- pods: `/22` example: `10.10.8.0/22`
|
||||||
- services = `/24` example: 10.10.12.0/24`
|
- services = `/24` example: 10.10.12.0/24`
|
||||||
- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/how-to/managing/configuring-private-ip#step_3_configure_firewall_rules)
|
- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/composer-2/configure-private-ip#step_3_configure_firewall_rules)
|
||||||
|
|
||||||
In order to run the example and deploy Cloud Composer on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
|
In order to run the example and deploy Cloud Composer on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
|
||||||
- Compute Network Admin (roles/compute.networkAdmin)
|
- Compute Network Admin (roles/compute.networkAdmin)
|
||||||
|
|
|
@ -23,6 +23,7 @@ locals {
|
||||||
var.iam_groups_map
|
var.iam_groups_map
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
|
||||||
_shared_vpc_bindings = {
|
_shared_vpc_bindings = {
|
||||||
"roles/compute.networkUser" = [
|
"roles/compute.networkUser" = [
|
||||||
"prj-cloudservices", "prj-robot-gke"
|
"prj-cloudservices", "prj-robot-gke"
|
||||||
|
@ -128,13 +129,7 @@ module "vpc" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
module "firewall" {
|
# No explicit firewall rules set, created automatically by GKE autopilot
|
||||||
source = "../../../modules/net-vpc-firewall"
|
|
||||||
count = local.use_shared_vpc ? 0 : 1
|
|
||||||
project_id = module.project.project_id
|
|
||||||
network = module.vpc.0.name
|
|
||||||
admin_ranges = ["10.0.0.0/20"]
|
|
||||||
}
|
|
||||||
|
|
||||||
module "nat" {
|
module "nat" {
|
||||||
source = "../../../modules/net-cloudnat"
|
source = "../../../modules/net-cloudnat"
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
variable "composer_config" {
|
variable "composer_config" {
|
||||||
description = "Composer environemnt configuration. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
|
description = "Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
|
||||||
type = object({
|
type = object({
|
||||||
environment_size = string
|
environment_size = string
|
||||||
software_config = any
|
software_config = any
|
||||||
|
@ -98,7 +98,7 @@ variable "project_id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "region" {
|
variable "region" {
|
||||||
description = "Region where instances will be deployed."
|
description = "Reagion where instances will be deployed."
|
||||||
type = string
|
type = string
|
||||||
default = "europe-west1"
|
default = "europe-west1"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue