zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Variables

This commit is contained in:
lcaggio 2023-03-01 07:54:10 +01:00
parent ff0ab33ce6
commit dc37783022
3 changed files with 45 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/dataproc/README.md
View File

@ -46,6 +46,35 @@ module "processing-dp-cluster" {
# tftest modules=1 resources=1
```
### Cluster with CMEK encrypotion
To set cluster configuration use the Customer Managed Encryption key, set '' variable. The Compute Engine service agent and the Cloud Storage service agent needs to have 'CryptoKey Encrypter/Decrypter' role on they configured KMS key ([Documentation](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/customer-managed-encryption)).
```hcl
module "processing-dp-cluster" {
source = "./fabric/modules/dataproc"
project_id = "my-project"
name = "my-cluster"
region = "europe-west1"
prefix = "prefix"
dataproc_config = {
cluster_config = {
gce_cluster_config = {
subnetwork = "https://www.googleapis.com/compute/v1/projects/PROJECT/regions/europe-west1/subnetworks/SUBNET"
zone = "europe-west1-b"
service_account = ""
service_account_scopes = ["cloud-platform"]
internal_ip_only = true
}
}
}
encryption_config = try({
kms_key_name = "projects/project-id/locations/region/keyRings/key-ring-name/cryptoKeys/key-name"
}, null)
}
# tftest modules=1 resources=1
```
## IAM Examples
IAM is managed via several variables that implement different levels of control:

26
modules/dataproc/main.tf
View File

@ -59,9 +59,9 @@ resource "google_dataproc_cluster" "cluster" {
dynamic "shielded_instance_config" {
for_each = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config == null ? [] : [""]
content {
enable_secure_boot = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.value.enable_secure_boot
enable_vtpm = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.value.enable_vtpm
enable_integrity_monitoring = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.value.enable_integrity_monitoring
enable_secure_boot = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.enable_secure_boot
enable_vtpm = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.enable_vtpm
enable_integrity_monitoring = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.enable_integrity_monitoring
}
}
}
@ -99,9 +99,9 @@ resource "google_dataproc_cluster" "cluster" {
dynamic "disk_config" {
for_each = var.dataproc_config.cluster_config.worker_config.disk_config == null ? [] : [""]
content {
boot_disk_type = var.dataproc_config.cluster_config.worker_config.disk_config.value.boot_disk_type
boot_disk_size_gb = var.dataproc_config.cluster_config.worker_config.disk_config.value.boot_disk_size_gb
num_local_ssds = var.dataproc_config.cluster_config.worker_config.disk_config.value.num_local_ssds
boot_disk_type = var.dataproc_config.cluster_config.worker_config.disk_config.boot_disk_type
boot_disk_size_gb = var.dataproc_config.cluster_config.worker_config.disk_config.boot_disk_size_gb
num_local_ssds = var.dataproc_config.cluster_config.worker_config.disk_config.num_local_ssds
}
}
image_uri = var.dataproc_config.cluster_config.worker_config.image_uri
@ -165,20 +165,20 @@ resource "google_dataproc_cluster" "cluster" {
dynamic "autoscaling_config" {
for_each = var.dataproc_config.cluster_config.autoscaling_config == null ? [] : [""]
content {
policy_uri = var.dataproc_config.cluster_config.autoscaling_config.value.policy_uri
policy_uri = var.dataproc_config.cluster_config.autoscaling_config.policy_uri
}
}
dynamic "initialization_action" {
for_each = var.dataproc_config.cluster_config.initialization_action == null ? [] : [""]
content {
script = var.dataproc_config.cluster_config.initialization_action.value.script
timeout_sec = var.dataproc_config.cluster_config.initialization_action.value.timeout_sec
script = var.dataproc_config.cluster_config.initialization_action.script
timeout_sec = var.dataproc_config.cluster_config.initialization_action.timeout_sec
}
}
dynamic "encryption_config" {
for_each = var.dataproc_config.cluster_config.encryption_config == null ? [] : [""]
for_each = try(var.dataproc_config.cluster_config.encryption_config.kms_key_name == null ? [] : [""], [])
content {
kms_key_name = var.dataproc_config.cluster_config.encryption_config.value.kms_key_name
kms_key_name = var.dataproc_config.cluster_config.encryption_config.kms_key_name
}
}
dynamic "dataproc_metric_config" {
@ -243,8 +243,8 @@ resource "google_dataproc_cluster" "cluster" {
dynamic "kubernetes_software_config" {
for_each = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config == null ? [] : [""]
content {
component_version = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.value.component_version
properties = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.value.properties
component_version = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.component_version
properties = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.properties
}
}

6
modules/dataproc/variables.tf
View File

@ -84,9 +84,9 @@ variable "dataproc_config" {
}), null)
}), null)
software_config = optional(object({
image_version = string
override_properties = list(map(string))
optional_components = list(string)
image_version = optional(string, null)
override_properties = map(string)
optional_components = optional(list(string), null)
}), null)
security_config = optional(object({
kerberos_config = object({