Skip to content

Latest commit

 

History

History
63 lines (50 loc) · 4.21 KB

File metadata and controls

63 lines (50 loc) · 4.21 KB

Cloud Composer in Shared VPC

This repo uses terraform to create below resources in order to deploy a private composer environment in shared VPC.

  • Two projects, one for shared VPC and other for composer environment
  • One shared VPC and subnets in host project
  • Neccesary IAM permissions and firewall rules in order to deploy composer env
  • Service Account for composer workers
  • Composer env itself

Requirements

  • A folder in org where projects will be created

  • A service account which will be used by terraform having below permissions

    • at above folder level
      • "roles/resourcemanager.projectCreator"
      • "roles/compute.xpnAdmin"
    • at org level
      • "roles/browser"
    • At billing account level
      • "roles/billing.admin"
    • At bucket(used to store state) level
      • "roles/storage.objectAdmin"
  • User/Service account executing terraform code need to have below permissions on above service account used by terraform.

    • "roles/iam.serviceAccountTokenCreator"

Providers

Name Version
google.impersonate n/a

Modules

Name Source Version
composer-env ./composer_v1_pvt_shared_vpc n/a
shared ./shared/ n/a

Resources

Name Type
google_service_account_access_token.default data source

Inputs

Name Description Type Default Required
billing_account The ID of the billing account to associate this project with string n/a yes
composer_subnets subnets for composer workers
map(object({
description = string
cidr_range = string
region = string
private_access = bool
flow_logs = bool
secondary_ranges = list(object({
range_name = string
ip_cidr_range = string
}))
}))
{} no
composer_v1_private_envs composer v1 private envs
map(object({
region = string
zone = string
pod_ip_range_name = string
service_ip_range_name = string
subnet = string
control_plane_cidr = string
web_server_cidr = string
cloud_sql_cidr = string
tags = list(string)
software_config = object({
airflow_config_overrides = map(string)
env_variables = map(string)
image_version = string
pypi_packages = map(string)
python_version = string
})
}))
{} no
deny_all_egrees_rule_create Create deny all egress bool true no
folder_name Parent folder for projects, folder should be child of organization string n/a yes
org_id The organization id for the associated services string n/a yes
prefix prefix for resource names string n/a yes
terraform_service_account Service account email of the account to impersonate to run Terraform. string n/a yes
vm_ext_ip_access_policy_create Create VM external policy constraint at project level to allow public IPs for public composer envs bool true no

Outputs

No outputs.