Fix Variables
This commit is contained in:
parent
ff0ab33ce6
commit
dc37783022
|
@ -46,6 +46,35 @@ module "processing-dp-cluster" {
|
|||
# tftest modules=1 resources=1
|
||||
```
|
||||
|
||||
### Cluster with CMEK encrypotion
|
||||
|
||||
To set cluster configuration use the Customer Managed Encryption key, set '' variable. The Compute Engine service agent and the Cloud Storage service agent needs to have 'CryptoKey Encrypter/Decrypter' role on they configured KMS key ([Documentation](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/customer-managed-encryption)).
|
||||
|
||||
```hcl
|
||||
module "processing-dp-cluster" {
|
||||
source = "./fabric/modules/dataproc"
|
||||
project_id = "my-project"
|
||||
name = "my-cluster"
|
||||
region = "europe-west1"
|
||||
prefix = "prefix"
|
||||
dataproc_config = {
|
||||
cluster_config = {
|
||||
gce_cluster_config = {
|
||||
subnetwork = "https://www.googleapis.com/compute/v1/projects/PROJECT/regions/europe-west1/subnetworks/SUBNET"
|
||||
zone = "europe-west1-b"
|
||||
service_account = ""
|
||||
service_account_scopes = ["cloud-platform"]
|
||||
internal_ip_only = true
|
||||
}
|
||||
}
|
||||
}
|
||||
encryption_config = try({
|
||||
kms_key_name = "projects/project-id/locations/region/keyRings/key-ring-name/cryptoKeys/key-name"
|
||||
}, null)
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
```
|
||||
|
||||
## IAM Examples
|
||||
|
||||
IAM is managed via several variables that implement different levels of control:
|
||||
|
|
|
@ -59,9 +59,9 @@ resource "google_dataproc_cluster" "cluster" {
|
|||
dynamic "shielded_instance_config" {
|
||||
for_each = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config == null ? [] : [""]
|
||||
content {
|
||||
enable_secure_boot = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.value.enable_secure_boot
|
||||
enable_vtpm = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.value.enable_vtpm
|
||||
enable_integrity_monitoring = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.value.enable_integrity_monitoring
|
||||
enable_secure_boot = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.enable_secure_boot
|
||||
enable_vtpm = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.enable_vtpm
|
||||
enable_integrity_monitoring = var.dataproc_config.cluster_config.gce_cluster_config.shielded_instance_config.enable_integrity_monitoring
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -99,9 +99,9 @@ resource "google_dataproc_cluster" "cluster" {
|
|||
dynamic "disk_config" {
|
||||
for_each = var.dataproc_config.cluster_config.worker_config.disk_config == null ? [] : [""]
|
||||
content {
|
||||
boot_disk_type = var.dataproc_config.cluster_config.worker_config.disk_config.value.boot_disk_type
|
||||
boot_disk_size_gb = var.dataproc_config.cluster_config.worker_config.disk_config.value.boot_disk_size_gb
|
||||
num_local_ssds = var.dataproc_config.cluster_config.worker_config.disk_config.value.num_local_ssds
|
||||
boot_disk_type = var.dataproc_config.cluster_config.worker_config.disk_config.boot_disk_type
|
||||
boot_disk_size_gb = var.dataproc_config.cluster_config.worker_config.disk_config.boot_disk_size_gb
|
||||
num_local_ssds = var.dataproc_config.cluster_config.worker_config.disk_config.num_local_ssds
|
||||
}
|
||||
}
|
||||
image_uri = var.dataproc_config.cluster_config.worker_config.image_uri
|
||||
|
@ -165,20 +165,20 @@ resource "google_dataproc_cluster" "cluster" {
|
|||
dynamic "autoscaling_config" {
|
||||
for_each = var.dataproc_config.cluster_config.autoscaling_config == null ? [] : [""]
|
||||
content {
|
||||
policy_uri = var.dataproc_config.cluster_config.autoscaling_config.value.policy_uri
|
||||
policy_uri = var.dataproc_config.cluster_config.autoscaling_config.policy_uri
|
||||
}
|
||||
}
|
||||
dynamic "initialization_action" {
|
||||
for_each = var.dataproc_config.cluster_config.initialization_action == null ? [] : [""]
|
||||
content {
|
||||
script = var.dataproc_config.cluster_config.initialization_action.value.script
|
||||
timeout_sec = var.dataproc_config.cluster_config.initialization_action.value.timeout_sec
|
||||
script = var.dataproc_config.cluster_config.initialization_action.script
|
||||
timeout_sec = var.dataproc_config.cluster_config.initialization_action.timeout_sec
|
||||
}
|
||||
}
|
||||
dynamic "encryption_config" {
|
||||
for_each = var.dataproc_config.cluster_config.encryption_config == null ? [] : [""]
|
||||
for_each = try(var.dataproc_config.cluster_config.encryption_config.kms_key_name == null ? [] : [""], [])
|
||||
content {
|
||||
kms_key_name = var.dataproc_config.cluster_config.encryption_config.value.kms_key_name
|
||||
kms_key_name = var.dataproc_config.cluster_config.encryption_config.kms_key_name
|
||||
}
|
||||
}
|
||||
dynamic "dataproc_metric_config" {
|
||||
|
@ -243,8 +243,8 @@ resource "google_dataproc_cluster" "cluster" {
|
|||
dynamic "kubernetes_software_config" {
|
||||
for_each = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config == null ? [] : [""]
|
||||
content {
|
||||
component_version = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.value.component_version
|
||||
properties = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.value.properties
|
||||
component_version = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.component_version
|
||||
properties = var.dataproc_config.virtual_cluster_config.kubernetes_cluster_config.kubernetes_software_config.properties
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -84,9 +84,9 @@ variable "dataproc_config" {
|
|||
}), null)
|
||||
}), null)
|
||||
software_config = optional(object({
|
||||
image_version = string
|
||||
override_properties = list(map(string))
|
||||
optional_components = list(string)
|
||||
image_version = optional(string, null)
|
||||
override_properties = map(string)
|
||||
optional_components = optional(list(string), null)
|
||||
}), null)
|
||||
security_config = optional(object({
|
||||
kerberos_config = object({
|
||||
|
|
Loading…
Reference in New Issue