Implements review comments.
This commit is contained in:
parent
78d54d13ba
commit
a2598991fc
|
@ -46,5 +46,5 @@ running on a VPC with a private IP and a dedicated Service Account. A GCS bucket
|
|||
|
||||
<a href="./composer-2/" title="# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
|
||||
"><img src="./composer-2/diagram.png" align="left" width="280px"></a>
|
||||
This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/sql) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
|
||||
This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/composer/) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
|
||||
<br clear="left">
|
|
@ -1,10 +1,10 @@
|
|||
# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
|
||||
|
||||
This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major verion for Cloud Composer that supports:
|
||||
This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major version for Cloud Composer that supports:
|
||||
- environment autoscaling
|
||||
- workloads configuration: CPU, memory, and storage parameters for Airflow workers, schedulers, web server, and database.
|
||||
|
||||
Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exaustive comparison between Composer Version 1 and Version 2.
|
||||
Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exhaustive comparison between Composer Version 1 and Version 2.
|
||||
|
||||
The solution will use:
|
||||
- Cloud Composer
|
||||
|
@ -31,7 +31,7 @@ Run Terraform init:
|
|||
$ terraform init
|
||||
```
|
||||
|
||||
Configure the Terraform variable in your terraform.tfvars file. You need to spefify at least the following variables:
|
||||
Configure the Terraform variable in your terraform.tfvars file. You need to specify at least the following variables:
|
||||
|
||||
```tfvars
|
||||
project_id = "lcaggioni-sandbox"
|
||||
|
@ -48,6 +48,12 @@ You can now connect to your instance.
|
|||
|
||||
# Customizations
|
||||
|
||||
## VPC
|
||||
If a shared VPC is not configured, a VPC will be created within the project. The following IP ranges will be used:
|
||||
- Cloudsql: `10.20.10.0/24`
|
||||
- GKE: `10.20.11.0/28`
|
||||
|
||||
Change the code as needed to match your needed configuration, remember that these addresses should not overlap with any other range used in network.
|
||||
## Shared VPC
|
||||
As is often the case in real-world configurations, this blueprint accepts as input an existing [`Shared-VPC`](https://cloud.google.com/vpc/docs/shared-vpc) via the `network_config` variable.
|
||||
|
||||
|
@ -69,7 +75,7 @@ Make sure that:
|
|||
- The subnet has secondary ranges configured with 2 ranges:
|
||||
- pods: `/22` example: `10.10.8.0/22`
|
||||
- services = `/24` example: 10.10.12.0/24`
|
||||
- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/how-to/managing/configuring-private-ip#step_3_configure_firewall_rules)
|
||||
- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/composer-2/configure-private-ip#step_3_configure_firewall_rules)
|
||||
|
||||
In order to run the example and deploy Cloud Composer on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
|
||||
- Compute Network Admin (roles/compute.networkAdmin)
|
||||
|
|
|
@ -23,6 +23,7 @@ locals {
|
|||
var.iam_groups_map
|
||||
)
|
||||
|
||||
# Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
|
||||
_shared_vpc_bindings = {
|
||||
"roles/compute.networkUser" = [
|
||||
"prj-cloudservices", "prj-robot-gke"
|
||||
|
@ -128,13 +129,7 @@ module "vpc" {
|
|||
]
|
||||
}
|
||||
|
||||
module "firewall" {
|
||||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.0.name
|
||||
admin_ranges = ["10.0.0.0/20"]
|
||||
}
|
||||
# No explicit firewall rules set, created automatically by GKE autopilot
|
||||
|
||||
module "nat" {
|
||||
source = "../../../modules/net-cloudnat"
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
*/
|
||||
|
||||
variable "composer_config" {
|
||||
description = "Composer environemnt configuration. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
|
||||
description = "Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
|
||||
type = object({
|
||||
environment_size = string
|
||||
software_config = any
|
||||
|
@ -98,7 +98,7 @@ variable "project_id" {
|
|||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where instances will be deployed."
|
||||
description = "Reagion where instances will be deployed."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue