Merge branch 'master' into feature/fast-cicd-github-enable-populating-of-data-directory-sample-files-and-update-dependencies
This commit is contained in:
Ludovico Magnocavallo
GitHub
commit
bffd5bc17b
|
|
@ -1,30 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
name: "Build and push the Squid container image"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'modules/cloud-config-container/squid/docker/**'
|
||||
|
||||
jobs:
|
||||
build-push-squid-container-image:
|
||||
uses: ./.github/workflows/container-image.yml
|
||||
with:
|
||||
image_name: fabric-squid
|
||||
docker_context: modules/cloud-config-container/squid/docker
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
name: "Build and push the strongSwan container image"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'modules/cloud-config-container/onprem/docker-images/strongswan/**'
|
||||
|
||||
jobs:
|
||||
build-push-strongswan-container-image:
|
||||
uses: ./.github/workflows/container-image.yml
|
||||
with:
|
||||
image_name: fabric-strongswan
|
||||
docker_context: modules/cloud-config-container/onprem/docker-images/strongswan
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
name: "Build and push the Toolbox container image"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'modules/cloud-config-container/onprem/docker-images/toolbox/**'
|
||||
|
||||
jobs:
|
||||
build-push-toolbox-container-image:
|
||||
uses: ./.github/workflows/container-image.yml
|
||||
with:
|
||||
image_name: fabric-toolbox
|
||||
docker_context: modules/cloud-config-container/onprem/docker-images/toolbox
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
name: "Build and push a generic container image"
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
image_name:
|
||||
required: true
|
||||
type: string
|
||||
docker_context:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
permissions:
|
||||
packages: write
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
|
||||
jobs:
|
||||
build-push-generic-container-image:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Set image version
|
||||
run: echo IMAGE_VERSION=$(date +'%Y%m%d') >> $GITHUB_ENV
|
||||
|
||||
- name: Normalise image name
|
||||
run: echo IMAGE_NAME=$(echo '${{ github.repository_owner }}/${{ inputs.image_name }}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
|
||||
|
||||
- name: Login to GHCR
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: ${{ inputs.docker_context }}
|
||||
push: true
|
||||
tags: |
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}
|
||||
labels: |
|
||||
org.opencontainers.image.licenses=Apache-2.0
|
||||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
|
||||
org.opencontainers.image.title=${{ inputs.image_name }}
|
||||
org.opencontainers.image.vendor=Google LLC
|
||||
org.opencontainers.image.version=${{ env.IMAGE_VERSION }}
|
||||
|
|
@ -83,9 +83,9 @@ module "instance_template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
create_template = true
|
||||
metadata = {
|
||||
|
|
|
|||
|
|
@ -266,11 +266,13 @@ def main_cf_pubsub(event, context):
|
|||
help='Load JSON resources from file, skips init and discovery.')
|
||||
@click.option('--debug-plugin',
|
||||
help='Run only core and specified timeseries plugin.')
|
||||
@click.option('--debug', is_flag=True, default=False,
|
||||
help='Turn on debug logging.')
|
||||
def main(discovery_root, monitoring_project, project=None, folder=None,
|
||||
custom_quota_file=None, dump_file=None, load_file=None,
|
||||
debug_plugin=None):
|
||||
debug_plugin=None, debug=False):
|
||||
'CLI entry point.'
|
||||
logging.basicConfig(level=logging.INFO)
|
||||
logging.basicConfig(level=logging.INFO if not debug else logging.DEBUG)
|
||||
if discovery_root.partition('/')[0] not in ('folders', 'organizations'):
|
||||
raise SystemExit('Invalid discovery root.')
|
||||
descriptors = []
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ def _handle_resource(resources, asset_type, data):
|
|||
# derive parent type and id and skip if parent is not within scope
|
||||
parent_data = _get_parent(data['parent'], resources)
|
||||
if not parent_data:
|
||||
LOGGER.info(f'{resource["self_link"]} outside perimeter')
|
||||
LOGGER.debug(f'{resource["self_link"]} outside perimeter')
|
||||
LOGGER.debug([
|
||||
resources['organization'], resources['folders'],
|
||||
resources['projects:number']
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ def _handle_discovery(resources, response):
|
|||
self_link = part.get('selfLink')
|
||||
if not self_link:
|
||||
logging.warn('invalid quota response')
|
||||
continue
|
||||
self_link = self_link.split('/')
|
||||
if kind == 'compute#project':
|
||||
project_id = self_link[-1]
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Load testing an application running on an autopilot cluster
|
||||
|
||||
This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and install an application that scales as the traffic that is hitting the load balancer exposing it grows. It also installs the tooling required to distributed load test with [locust](https://locust.io) on that application and the monitoring tooling required to observe how things evolve in the cluster during the load test. Ansible is used to install the application and all the tooling on a management VM.
|
||||
This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and installs an application that scales as the traffic that is hitting the load balancer exposing it grows. It also installs the tooling required to distributed load test with [locust](https://locust.io) on that application and the monitoring tooling required to observe how things evolve in the cluster during the load test. Ansible is used to install the application and all the tooling on a management VM.
|
||||
|
||||
The diagram below depicts the architecture.
|
||||
|
||||
|
|
@ -64,13 +64,14 @@ Alternatively you can also check all the above using the dashboards available in
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [project_id](variables.tf#L75) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L68) | Project ID. | <code>string</code> | ✓ | |
|
||||
| [cluster_network_config](variables.tf#L17) | Cluster network configuration. | <code title="object({ nodes_cidr_block = string pods_cidr_block = string services_cidr_block = string master_authorized_cidr_blocks = map(string) master_cidr_block = string })">object({…})</code> | | <code title="{ nodes_cidr_block = "10.0.1.0/24" pods_cidr_block = "172.16.0.0/20" services_cidr_block = "192.168.0.0/24" master_authorized_cidr_blocks = { internal = "10.0.0.0/8" } master_cidr_block = "10.0.0.0/28" }">{…}</code> |
|
||||
| [mgmt_server_config](variables.tf#L37) | Management server configuration. | <code title="object({ disk_size = number disk_type = string image = string instance_type = string })">object({…})</code> | | <code title="{ disk_size = 50 disk_type = "pd-ssd" image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" instance_type = "n1-standard-2" }">{…}</code> |
|
||||
| [mgmt_subnet_cidr_block](variables.tf#L53) | Management subnet IP CIDR range. | <code>string</code> | | <code>"10.0.2.0/24"</code> |
|
||||
| [network](variables.tf#L59) | VPC name. | <code>string</code> | | <code>"vpc"</code> |
|
||||
| [project_create](variables.tf#L66) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L80) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [project_create](variables.tf#L59) | Parameters for the creation of the new project. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
||||
| [region](variables.tf#L73) | Region. | <code>string</code> | | <code>"europe-west1"</code> |
|
||||
| [vpc_create](variables.tf#L79) | Flag indicating whether the VPC should be created or not. | <code>bool</code> | | <code>true</code> |
|
||||
| [vpc_name](variables.tf#L85) | VPC name. | <code>string</code> | | <code>"vpc"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
@ -90,5 +91,5 @@ module "test" {
|
|||
}
|
||||
project_id = "my-project"
|
||||
}
|
||||
# tftest modules=10 resources=30
|
||||
# tftest modules=11 resources=34
|
||||
```
|
||||
|
|
@ -70,11 +70,12 @@ spec:
|
|||
initialDelaySeconds: 2
|
||||
periodSeconds: 2
|
||||
failureThreshold: 1
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 10Mi
|
||||
limits:
|
||||
memory: 10Mi
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 10Mi
|
||||
limits:
|
||||
memory: 10Mi
|
||||
- name: nginx-prometheus-exporter
|
||||
image: nginx/nginx-prometheus-exporter:0.10.0
|
||||
ports:
|
||||
|
|
@ -83,11 +84,12 @@ spec:
|
|||
env:
|
||||
- name: SCRAPE_URI
|
||||
value: http://localhost:8080/stub_status
|
||||
requests:
|
||||
cpu: 5m
|
||||
memory: 5Mi
|
||||
limits:
|
||||
memory: 5Mi
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
memory: 5Mi
|
||||
limits:
|
||||
memory: 5Mi
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
|
|
|
|||
|
|
@ -44,8 +44,9 @@ spec:
|
|||
value: worker
|
||||
- name: LOCUST_MASTER
|
||||
value: locust-master
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
memory: 50Mi
|
||||
resources:
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
memory: 50Mi
|
||||
|
|
@ -29,7 +29,8 @@ module "project" {
|
|||
services = [
|
||||
"artifactregistry.googleapis.com",
|
||||
"cloudbuild.googleapis.com",
|
||||
"container.googleapis.com"
|
||||
"container.googleapis.com",
|
||||
"compute.googleapis.com"
|
||||
]
|
||||
iam = {
|
||||
"roles/monitoring.viewer" = [module.monitoring_sa.iam_email]
|
||||
|
|
|
|||
|
|
@ -36,4 +36,5 @@ module "mgmt_server" {
|
|||
type = var.mgmt_server_config.disk_type
|
||||
size = var.mgmt_server_config.disk_size
|
||||
}
|
||||
}
|
||||
tags = ["ssh"]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,13 +56,6 @@ variable "mgmt_subnet_cidr_block" {
|
|||
default = "10.0.2.0/24"
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "VPC name."
|
||||
type = string
|
||||
default = "vpc"
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "project_create" {
|
||||
description = "Parameters for the creation of the new project."
|
||||
type = object({
|
||||
|
|
@ -81,4 +74,17 @@ variable "region" {
|
|||
description = "Region."
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "vpc_create" {
|
||||
description = "Flag indicating whether the VPC should be created or not."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "vpc_name" {
|
||||
description = "VPC name."
|
||||
type = string
|
||||
nullable = false
|
||||
default = "vpc"
|
||||
}
|
||||
|
|
@ -17,8 +17,8 @@
|
|||
module "vpc" {
|
||||
source = "../../../modules/net-vpc"
|
||||
project_id = module.project.project_id
|
||||
name = var.network
|
||||
vpc_create = (var.project_create != null)
|
||||
name = var.vpc_name
|
||||
vpc_create = var.vpc_create
|
||||
subnets = [
|
||||
{
|
||||
ip_cidr_range = var.mgmt_subnet_cidr_block
|
||||
|
|
@ -37,6 +37,12 @@ module "vpc" {
|
|||
]
|
||||
}
|
||||
|
||||
module "firewall" {
|
||||
source = "../../../modules/net-vpc-firewall"
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.name
|
||||
}
|
||||
|
||||
module "nat" {
|
||||
source = "../../../modules/net-cloudnat"
|
||||
project_id = module.project.project_id
|
||||
|
|
|
|||
|
|
@ -48,11 +48,6 @@ module "test-vm-consumer" {
|
|||
nat = false
|
||||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "debian-cloud/debian-10"
|
||||
type = "pd-standard"
|
||||
size = 10
|
||||
}
|
||||
service_account_create = true
|
||||
metadata = {
|
||||
startup-script = templatefile("${path.module}/startup.sh", { proxy_url = "http://proxy.internal:3128" })
|
||||
|
|
@ -60,7 +55,7 @@ module "test-vm-consumer" {
|
|||
}
|
||||
|
||||
###############################################################################
|
||||
# PSC Consuner #
|
||||
# PSC Consumer #
|
||||
###############################################################################
|
||||
|
||||
resource "google_compute_address" "psc_endpoint_address" {
|
||||
|
|
|
|||
|
|
@ -147,7 +147,9 @@ module "squid-vm" {
|
|||
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "cos-cloud/cos-stable"
|
||||
initialize_params = {
|
||||
image = "cos-cloud/cos-stable"
|
||||
}
|
||||
}
|
||||
service_account = module.service-account-squid.email
|
||||
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
|
|
|
|||
|
|
@ -156,7 +156,9 @@ module "squid-vm" {
|
|||
subnetwork = module.vpc.subnet_self_links["${var.region}/proxy"]
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "cos-cloud/cos-stable"
|
||||
initialize_params = {
|
||||
image = "cos-cloud/cos-stable"
|
||||
}
|
||||
}
|
||||
service_account = module.service-account-squid.email
|
||||
service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
|
||||
|
|
@ -261,10 +263,5 @@ module "test-vm" {
|
|||
nat = false
|
||||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "debian-cloud/debian-10"
|
||||
type = "pd-standard"
|
||||
size = 10
|
||||
}
|
||||
service_account_create = true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -92,9 +92,6 @@ module "instance_template_ew1" {
|
|||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["europe-west1/subnet-ew1"]
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/debian-cloud/global/images/family/debian-11"
|
||||
}
|
||||
metadata = {
|
||||
startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh"
|
||||
}
|
||||
|
|
@ -113,9 +110,6 @@ module "instance_template_ue1" {
|
|||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"]
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/debian-cloud/global/images/family/debian-11"
|
||||
}
|
||||
metadata = {
|
||||
startup-script-url = "gs://cloud-training/gcpnet/httplb/startup.sh"
|
||||
}
|
||||
|
|
@ -136,9 +130,6 @@ module "vm_siege" {
|
|||
subnetwork = module.vpc.subnet_self_links["us-west1/subnet-uw1"]
|
||||
nat = true
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/debian-cloud/global/images/family/debian-11"
|
||||
}
|
||||
metadata = {
|
||||
startup-script = <<EOT
|
||||
#!/bin/bash
|
||||
|
|
|
|||
|
|
@ -81,9 +81,9 @@ module "nva-template" {
|
|||
}
|
||||
]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
size = 10
|
||||
type = "pd-balanced"
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
options = {
|
||||
allow_stopping_for_update = true
|
||||
|
|
|
|||
|
|
@ -28,9 +28,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
create_template = true
|
||||
metadata = {
|
||||
|
|
@ -71,9 +71,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
create_template = true
|
||||
metadata = {
|
||||
|
|
@ -122,9 +122,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
create_template = true
|
||||
metadata = {
|
||||
|
|
@ -174,9 +174,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
create_template = true
|
||||
metadata = {
|
||||
|
|
@ -225,9 +225,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
create_template = true
|
||||
metadata = {
|
||||
|
|
@ -282,9 +282,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
attached_disks = [{
|
||||
name = "repd-1"
|
||||
|
|
@ -352,9 +352,9 @@ module "nginx-template" {
|
|||
addresses = null
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
type = "pd-ssd"
|
||||
size = 10
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
attached_disks = [{
|
||||
name = "repd-1"
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ This module can operate in two distinct modes:
|
|||
In both modes, an optional service account can be created and assigned to either instances or template. If you need a managed instance group when using the module in template mode, refer to the [`compute-mig`](../compute-mig) module.
|
||||
|
||||
## Examples
|
||||
|
||||
- [Instance using defaults](#instance-using-defaults)
|
||||
- [Service account management](#service-account-management)
|
||||
- [Disk management](#disk-management)
|
||||
|
|
@ -25,7 +26,6 @@ In both modes, an optional service account can be created and assigned to either
|
|||
- [Instance template](#instance-template)
|
||||
- [Instance group](#instance-group)
|
||||
|
||||
|
||||
### Instance using defaults
|
||||
|
||||
The simplest example leverages defaults for the boot disk image and size, and uses a service account created by the module. Multiple instances can be managed via the `instance_count` variable.
|
||||
|
|
@ -48,6 +48,7 @@ module "simple-vm-example" {
|
|||
### Service account management
|
||||
|
||||
VM service accounts can be managed in three different ways:
|
||||
|
||||
- You can let the module create a service account for you by settting `service_account_create = true`
|
||||
- You can use an existing service account by setting `service_account_create = false` (the default value) and passing the full email address of the service account to the `service_account` variable. This is useful, for example, if you want to reuse the service account from another previously created instance, or if you want to create the service account manually with the `iam-service-account` module. In this case, you probably also want to set `service_account_scopes` to `cloud-platform`.
|
||||
- Lastly, you can use the default compute service account by setting `service_account_crate = false`. Please note that using the default compute service account is not recommended.
|
||||
|
|
@ -285,8 +286,10 @@ module "vm-with-gvnic" {
|
|||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
boot_disk = {
|
||||
image = google_compute_image.cos-gvnic.self_link
|
||||
type = "pd-ssd"
|
||||
initialize_params = {
|
||||
image = google_compute_image.cos-gvnic.self_link
|
||||
type = "pd-ssd"
|
||||
}
|
||||
}
|
||||
network_interfaces = [{
|
||||
network = var.vpc.self_link
|
||||
|
|
@ -428,9 +431,6 @@ module "kms-vm-example" {
|
|||
size = 10
|
||||
}]
|
||||
service_account_create = true
|
||||
boot_disk = {
|
||||
image = "projects/debian-cloud/global/images/family/debian-10"
|
||||
}
|
||||
encryption = {
|
||||
encrypt_boot = true
|
||||
kms_key_self_link = var.kms_key.self_link
|
||||
|
|
@ -439,7 +439,6 @@ module "kms-vm-example" {
|
|||
# tftest modules=1 resources=3 inventory=cmek.yaml
|
||||
```
|
||||
|
||||
|
||||
### Instance template
|
||||
|
||||
This example shows how to use the module to manage an instance template that defines an additional attached disk for each instance, and overrides defaults for the boot disk image and service account.
|
||||
|
|
@ -455,7 +454,9 @@ module "cos-test" {
|
|||
subnetwork = var.subnet.self_link
|
||||
}]
|
||||
boot_disk = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
initialize_params = {
|
||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||
}
|
||||
}
|
||||
attached_disks = [
|
||||
{
|
||||
|
|
@ -505,34 +506,34 @@ module "instance-group" {
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L181) | Instance name. | <code>string</code> | ✓ | |
|
||||
| [network_interfaces](variables.tf#L186) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ nat = optional(bool, false) network = string subnetwork = string addresses = optional(object({ internal = string external = string }), null) alias_ips = optional(map(string), {}) nic_type = optional(string) }))">list(object({…}))</code> | ✓ | |
|
||||
| [project_id](variables.tf#L223) | Project id. | <code>string</code> | ✓ | |
|
||||
| [zone](variables.tf#L282) | Compute zone. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L182) | Instance name. | <code>string</code> | ✓ | |
|
||||
| [network_interfaces](variables.tf#L187) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ nat = optional(bool, false) network = string subnetwork = string addresses = optional(object({ internal = string external = string }), null) alias_ips = optional(map(string), {}) nic_type = optional(string) }))">list(object({…}))</code> | ✓ | |
|
||||
| [project_id](variables.tf#L224) | Project id. | <code>string</code> | ✓ | |
|
||||
| [zone](variables.tf#L283) | Compute zone. | <code>string</code> | ✓ | |
|
||||
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
||||
| [attached_disks](variables.tf#L38) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list(object({ name = string device_name = optional(string) size = string source = optional(string) source_type = optional(string) options = optional( object({ auto_delete = optional(bool, false) mode = optional(string, "READ_WRITE") replica_zone = optional(string) type = optional(string, "pd-balanced") }), { auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" } ) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [boot_disk](variables.tf#L82) | Boot disk properties. | <code title="object({ auto_delete = optional(bool, true) image = optional(string, "projects/debian-cloud/global/images/family/debian-11") size = optional(number, 10) type = optional(string, "pd-balanced") })">object({…})</code> | | <code title="{ auto_delete = true image = "projects/debian-cloud/global/images/family/debian-11" type = "pd-balanced" size = 10 }">{…}</code> |
|
||||
| [can_ip_forward](variables.tf#L98) | Enable IP forwarding. | <code>bool</code> | | <code>false</code> |
|
||||
| [confidential_compute](variables.tf#L104) | Enable Confidential Compute for these instances. | <code>bool</code> | | <code>false</code> |
|
||||
| [create_template](variables.tf#L110) | Create instance template instead of instances. | <code>bool</code> | | <code>false</code> |
|
||||
| [description](variables.tf#L115) | Description of a Compute Instance. | <code>string</code> | | <code>"Managed by the compute-vm Terraform module."</code> |
|
||||
| [enable_display](variables.tf#L121) | Enable virtual display on the instances. | <code>bool</code> | | <code>false</code> |
|
||||
| [encryption](variables.tf#L127) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | <code title="object({ encrypt_boot = optional(bool, false) disk_encryption_key_raw = optional(string) kms_key_self_link = optional(string) })">object({…})</code> | | <code>null</code> |
|
||||
| [group](variables.tf#L137) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object({ named_ports = map(number) })">object({…})</code> | | <code>null</code> |
|
||||
| [hostname](variables.tf#L145) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L151) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [instance_type](variables.tf#L157) | Instance type. | <code>string</code> | | <code>"f1-micro"</code> |
|
||||
| [labels](variables.tf#L163) | Instance labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [metadata](variables.tf#L169) | Instance metadata. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [min_cpu_platform](variables.tf#L175) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
|
||||
| [options](variables.tf#L201) | Instance options. | <code title="object({ allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) spot = optional(bool, false) termination_action = optional(string) })">object({…})</code> | | <code title="{ allow_stopping_for_update = true deletion_protection = false spot = false termination_action = null }">{…}</code> |
|
||||
| [scratch_disks](variables.tf#L228) | Scratch disks configuration. | <code title="object({ count = number interface = string })">object({…})</code> | | <code title="{ count = 0 interface = "NVME" }">{…}</code> |
|
||||
| [service_account](variables.tf#L240) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account_create](variables.tf#L246) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||
| [service_account_scopes](variables.tf#L254) | Scopes applied to service account. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [shielded_config](variables.tf#L260) | Shielded VM configuration of the instances. | <code title="object({ enable_secure_boot = bool enable_vtpm = bool enable_integrity_monitoring = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [tag_bindings](variables.tf#L270) | Tag bindings for this instance, in key => tag value id format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L276) | Instance network tags for firewall rule targets. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [boot_disk](variables.tf#L82) | Boot disk properties. | <code title="object({ auto_delete = optional(bool, true) source = optional(string) initialize_params = optional(object({ image = optional(string, "projects/debian-cloud/global/images/family/debian-11") size = optional(number, 10) type = optional(string, "pd-balanced") })) })">object({…})</code> | | <code title="{ initialize_params = {} }">{…}</code> |
|
||||
| [can_ip_forward](variables.tf#L99) | Enable IP forwarding. | <code>bool</code> | | <code>false</code> |
|
||||
| [confidential_compute](variables.tf#L105) | Enable Confidential Compute for these instances. | <code>bool</code> | | <code>false</code> |
|
||||
| [create_template](variables.tf#L111) | Create instance template instead of instances. | <code>bool</code> | | <code>false</code> |
|
||||
| [description](variables.tf#L116) | Description of a Compute Instance. | <code>string</code> | | <code>"Managed by the compute-vm Terraform module."</code> |
|
||||
| [enable_display](variables.tf#L122) | Enable virtual display on the instances. | <code>bool</code> | | <code>false</code> |
|
||||
| [encryption](variables.tf#L128) | Encryption options. Only one of kms_key_self_link and disk_encryption_key_raw may be set. If needed, you can specify to encrypt or not the boot disk. | <code title="object({ encrypt_boot = optional(bool, false) disk_encryption_key_raw = optional(string) kms_key_self_link = optional(string) })">object({…})</code> | | <code>null</code> |
|
||||
| [group](variables.tf#L138) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object({ named_ports = map(number) })">object({…})</code> | | <code>null</code> |
|
||||
| [hostname](variables.tf#L146) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L152) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [instance_type](variables.tf#L158) | Instance type. | <code>string</code> | | <code>"f1-micro"</code> |
|
||||
| [labels](variables.tf#L164) | Instance labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [metadata](variables.tf#L170) | Instance metadata. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [min_cpu_platform](variables.tf#L176) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
|
||||
| [options](variables.tf#L202) | Instance options. | <code title="object({ allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) spot = optional(bool, false) termination_action = optional(string) })">object({…})</code> | | <code title="{ allow_stopping_for_update = true deletion_protection = false spot = false termination_action = null }">{…}</code> |
|
||||
| [scratch_disks](variables.tf#L229) | Scratch disks configuration. | <code title="object({ count = number interface = string })">object({…})</code> | | <code title="{ count = 0 interface = "NVME" }">{…}</code> |
|
||||
| [service_account](variables.tf#L241) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account_create](variables.tf#L247) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||
| [service_account_scopes](variables.tf#L255) | Scopes applied to service account. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [shielded_config](variables.tf#L261) | Shielded VM configuration of the instances. | <code title="object({ enable_secure_boot = bool enable_vtpm = bool enable_integrity_monitoring = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [tag_bindings](variables.tf#L271) | Tag bindings for this instance, in key => tag value id format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L277) | Instance network tags for firewall rule targets. | <code>list(string)</code> | | <code>[]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -163,14 +163,18 @@ resource "google_compute_instance" "default" {
|
|||
}
|
||||
|
||||
boot_disk {
|
||||
auto_delete = var.boot_disk.auto_delete
|
||||
initialize_params {
|
||||
type = var.boot_disk.type
|
||||
image = var.boot_disk.image
|
||||
size = var.boot_disk.size
|
||||
}
|
||||
auto_delete = var.boot_disk.auto_delete
|
||||
source = var.boot_disk.source
|
||||
disk_encryption_key_raw = var.encryption != null ? var.encryption.disk_encryption_key_raw : null
|
||||
kms_key_self_link = var.encryption != null ? var.encryption.kms_key_self_link : null
|
||||
dynamic "initialize_params" {
|
||||
for_each = var.boot_disk.initialize_params == null ? [] : [""]
|
||||
content {
|
||||
image = var.boot_disk.initialize_params.image
|
||||
size = var.boot_disk.initialize_params.size
|
||||
type = var.boot_disk.initialize_params.type
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "confidential_instance_config" {
|
||||
|
|
@ -268,9 +272,9 @@ resource "google_compute_instance_template" "default" {
|
|||
disk {
|
||||
auto_delete = var.boot_disk.auto_delete
|
||||
boot = true
|
||||
disk_size_gb = var.boot_disk.size
|
||||
disk_type = var.boot_disk.type
|
||||
source_image = var.boot_disk.image
|
||||
disk_size_gb = var.boot_disk.initialize_params.size
|
||||
disk_type = var.boot_disk.initialize_params.type
|
||||
source_image = var.boot_disk.initialize_params.image
|
||||
}
|
||||
|
||||
dynamic "confidential_instance_config" {
|
||||
|
|
|
|||
|
|
@ -83,16 +83,17 @@ variable "boot_disk" {
|
|||
description = "Boot disk properties."
|
||||
type = object({
|
||||
auto_delete = optional(bool, true)
|
||||
image = optional(string, "projects/debian-cloud/global/images/family/debian-11")
|
||||
size = optional(number, 10)
|
||||
type = optional(string, "pd-balanced")
|
||||
source = optional(string)
|
||||
initialize_params = optional(object({
|
||||
image = optional(string, "projects/debian-cloud/global/images/family/debian-11")
|
||||
size = optional(number, 10)
|
||||
type = optional(string, "pd-balanced")
|
||||
}))
|
||||
})
|
||||
default = {
|
||||
auto_delete = true
|
||||
image = "projects/debian-cloud/global/images/family/debian-11"
|
||||
type = "pd-balanced"
|
||||
size = 10
|
||||
initialize_params = {}
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "can_ip_forward" {
|
||||
|
|
|
|||
|
|
@ -214,9 +214,10 @@ module "glb-0" {
|
|||
}
|
||||
# tftest modules=1 resources=6
|
||||
```
|
||||
|
||||
#### Managed Instance Groups
|
||||
|
||||
This example shows how to use the module with a manage instance group as backend:
|
||||
This example shows how to use the module with a manage instance group as backend:
|
||||
|
||||
```hcl
|
||||
module "win-template" {
|
||||
|
|
@ -227,9 +228,10 @@ module "win-template" {
|
|||
instance_type = "n2d-standard-2"
|
||||
create_template = true
|
||||
boot_disk = {
|
||||
image = "projects/windows-cloud/global/images/windows-server-2019-dc-v20221214"
|
||||
type = "pd-balanced"
|
||||
size = 70
|
||||
initialize_params = {
|
||||
image = "projects/windows-cloud/global/images/windows-server-2019-dc-v20221214"
|
||||
size = 70
|
||||
}
|
||||
}
|
||||
network_interfaces = [{
|
||||
network = var.vpc.self_link
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ values:
|
|||
- auto_delete: true
|
||||
disk_encryption_key_raw: null
|
||||
initialize_params:
|
||||
- image: projects/debian-cloud/global/images/family/debian-10
|
||||
- image: projects/debian-cloud/global/images/family/debian-11
|
||||
size: 10
|
||||
type: pd-balanced
|
||||
kms_key_self_link: kms_key_self_link
|
||||
|
|
|
|||
Loading…
Reference in New Issue