Skip to content

Files

Latest commit

PradeepSingh1988Pradeep Singhboredabdel
Insert received data at CloudRun Endpoint into BQ (#825)
May 17, 2022
e2653cb · May 17, 2022

History

History

composer-shared-vpc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
composer_v1_pvt_shared_vpc
composer_v1_pvt_shared_vpc
May 10, 2022
shared
shared
May 10, 2022
README.md
README.md
May 17, 2022
backend.tf.sample
backend.tf.sample
May 10, 2022
main.tf
main.tf
May 10, 2022
provider.tf
provider.tf
May 10, 2022
terraform.tfvars.sample
terraform.tfvars.sample
May 10, 2022
variables.tf
variables.tf
May 10, 2022

README.md

Cloud Composer in Shared VPC

This repo uses terraform to create below resources in order to deploy a private composer environment in shared VPC.

  • Two projects, one for shared VPC and other for composer environment
  • One shared VPC and subnets in host project
  • Neccesary IAM permissions and firewall rules in order to deploy composer env
  • Service Account for composer workers
  • Composer env itself

Requirements

  • A folder in org where projects will be created

  • A service account which will be used by terraform having below permissions

    • at above folder level
      • "roles/resourcemanager.projectCreator"
      • "roles/compute.xpnAdmin"
    • at org level
      • "roles/browser"
    • At billing account level
      • "roles/billing.admin"
    • At bucket(used to store state) level
      • "roles/storage.objectAdmin"

  • User/Service account executing terraform code need to have below permissions on above service account used by terraform.

    • "roles/iam.serviceAccountTokenCreator"

Providers

Name Version
google.impersonate n/a

Modules

Name Source Version
composer-env ./composer_v1_pvt_shared_vpc n/a
shared ./shared/ n/a

Resources

Name Type
google_service_account_access_token.default data source

Inputs

Name Description Type Default Required
billing_account The ID of the billing account to associate this project with string n/a yes
composer_subnets subnets for composer workers 
map(object({
    description    = string
    cidr_range     = string
    region         = string
    private_access = bool
    flow_logs      = bool
    secondary_ranges = list(object({
      range_name    = string
      ip_cidr_range = string
    }))
  }))
 {} no
composer_v1_private_envs composer v1 private envs 
map(object({
    region                = string
    zone                  = string
    pod_ip_range_name     = string
    service_ip_range_name = string
    subnet                = string
    control_plane_cidr    = string
    web_server_cidr       = string
    cloud_sql_cidr        = string
    tags                  = list(string)
    software_config = object({
      airflow_config_overrides = map(string)
      env_variables            = map(string)
      image_version            = string
      pypi_packages            = map(string)
      python_version           = string
    })
  }))
 {} no
deny_all_egrees_rule_create Create deny all egress bool true no
folder_name Parent folder for projects, folder should be child of organization string n/a yes
org_id The organization id for the associated services string n/a yes
prefix prefix for resource names string n/a yes
terraform_service_account Service account email of the account to impersonate to run Terraform. string n/a yes
vm_ext_ip_access_policy_create Create VM external policy constraint at project level to allow public IPs for public composer envs bool true no

Outputs

No outputs.