diff --git a/benchmarks/infra/stage-1/README.md b/benchmarks/infra/stage-1/README.md index 9ec209a03..482dd77ee 100644 --- a/benchmarks/infra/stage-1/README.md +++ b/benchmarks/infra/stage-1/README.md @@ -68,60 +68,27 @@ gcloud container fleet memberships get-credentials kubectl get nodes ``` - -Copyright 2024 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [gke-infra](#module\_gke-infra) | ./modules/gke-infra/ | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | Name of new or existing cluster. | `string` | n/a | yes | -| [cluster\_options](#input\_cluster\_options) | Specific cluster configuration options | 
object({
    release_channel                       = optional(string, "REGULAR")
    enable_backup_agent                   = optional(bool, false)
    enable_gcs_fuse_csi_driver            = optional(bool, false)
    enable_gcp_filestore_csi_driver       = optional(bool, false)
    enable_gce_persistent_disk_csi_driver = optional(bool, false)
  })
| `{}` | no | -| [filestore\_storage](#input\_filestore\_storage) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | 
map(object({
    name        = string
    tier        = string
    capacity_gb = number
  }))
| `{}` | no | -| [gke\_location](#input\_gke\_location) | Region or zone used for cluster. | `string` | `"us-central1-a"` | no | -| [nodepools](#input\_nodepools) | Nodepools for the cluster | 
map(object({
    machine_type   = optional(string, "n2-standard-2"),
    gke_version    = optional(string),
    max_node_count = optional(number, 10),
    min_node_count = optional(number, 1),

    guest_accelerator = optional(object({
      type  = optional(string),
      count = optional(number),
      gpu_driver = optional(object({
        version                    = optional(string, "LATEST"),
        partition_size             = optional(string),
        max_shared_clients_per_gpu = optional(number)
      }))
    }))

    ephemeral_ssd_block_config = optional(object({
      ephemeral_ssd_count = optional(number)
    }))

    local_nvme_ssd_block_config = optional(object({
      local_ssd_count = optional(number)
    }))
  }))
| `{}` | no | -| [prefix](#input\_prefix) | Prefix used for resource names. | `string` | `"ai-gke-0"` | no | -| [private\_cluster\_config](#input\_private\_cluster\_config) | Private cluster configuration. Default of {} configures a private\_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production. | 
object({
    # Is overriden by above variable enable_private_endpoint
    enable_private_endpoint = optional(bool, true)
    master_global_access    = optional(bool, true)
  })
| `{}` | no | -| [project\_id](#input\_project\_id) | Project id of existing or created project. | `string` | n/a | yes | -| [region](#input\_region) | Region used for network resources. | `string` | `"us-central1"` | no | -| [vpc\_create](#input\_vpc\_create) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | 
object({
    name                     = optional(string)
    subnet_name              = optional(string)
    primary_range_nodes      = optional(string, "10.0.0.0/24")
    secondary_range_pods     = optional(string, "10.16.0.0/20")
    secondary_range_services = optional(string, "10.32.0.0/24")
    enable_cloud_nat         = optional(bool, false)
    proxy_only_subnet        = optional(string)
  })
| `null` | no | + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [cluster_name](variables.tf#L22) | Name of new or existing cluster. | string | ✓ | | +| [project_id](variables.tf#L17) | Project id of existing or created project. | string | ✓ | | +| [cluster_options](variables.tf#L59) | Specific cluster configuration options | object({…}) | | {} | +| [enable_private_endpoint](variables.tf#L39) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. | bool | | true | +| [filestore_storage](variables.tf#L96) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | map(object({…})) | | {} | +| [gke_location](variables.tf#L33) | Region or zone used for cluster. | string | | "us-central1-a" | +| [nodepools](variables.tf#L71) | Nodepools for the cluster | map(object({…})) | | {} | +| [region](variables.tf#L27) | Region used for network resources. | string | | "us-central1" | +| [vpc_create](variables.tf#L45) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | object({…}) | | null | ## Outputs -| Name | Description | -|------|-------------| -| [created\_resources](#output\_created\_resources) | IDs of the resources created, if any. | -| [fleet\_host](#output\_fleet\_host) | Fleet Connect Gateway host that can be used to configure the GKE provider. | -| [get\_credentials](#output\_get\_credentials) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | -| [project\_id](#output\_project\_id) | Project ID of where the GKE cluster is hosted | - \ No newline at end of file +| name | description | sensitive | +|---|---|:---:| +| [created_resources](outputs.tf#L17) | IDs of the resources created, if any. | | +| [fleet_host](outputs.tf#L27) | Fleet Connect Gateway host that can be used to configure the GKE provider. | | +| [get_credentials](outputs.tf#L32) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | | +| [project_id](outputs.tf#L22) | Project ID of where the GKE cluster is hosted | | + diff --git a/benchmarks/infra/stage-1/main.tf b/benchmarks/infra/stage-1/main.tf index 7f7efbed2..11920ac00 100644 --- a/benchmarks/infra/stage-1/main.tf +++ b/benchmarks/infra/stage-1/main.tf @@ -31,7 +31,6 @@ module "gke-infra" { registry_create = true - private_cluster_config = var.private_cluster_config enable_private_endpoint = var.enable_private_endpoint vpc_create = var.vpc_create diff --git a/benchmarks/infra/stage-1/modules/gke-infra/README.md b/benchmarks/infra/stage-1/modules/gke-infra/README.md index 90f81d774..e9fc8ce32 100644 --- a/benchmarks/infra/stage-1/modules/gke-infra/README.md +++ b/benchmarks/infra/stage-1/modules/gke-infra/README.md @@ -73,81 +73,31 @@ module "benchmark-0-infra" { } } ``` - - -Copyright 2024 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [cluster-autopilot](#module\_cluster-autopilot) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/gke-cluster-autopilot | v30.0.0&depth=1 | -| [cluster-nodepool](#module\_cluster-nodepool) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/gke-nodepool | v30.0.0&depth=1 | -| [cluster-service-account](#module\_cluster-service-account) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/iam-service-account | v30.0.0&depth=1 | -| [cluster-standard](#module\_cluster-standard) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/gke-cluster-standard | v30.0.0&depth=1 | -| [fleet](#module\_fleet) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/gke-hub | v30.0.0&depth=1 | -| [fleet-project](#module\_fleet-project) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/project | v30.0.0&depth=1 | -| [nat](#module\_nat) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/net-cloudnat | v30.0.0&depth=1 | -| [project](#module\_project) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/project | v30.0.0&depth=1 | -| [registry](#module\_registry) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/artifact-registry | v30.0.0&depth=1 | -| [vpc](#module\_vpc) | git::https://github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/net-vpc | n/a | - -## Resources - -| Name | Type | -|------|------| -| [google_filestore_instance.instance](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/filestore_instance) | resource | -| [google_container_cluster.cluster](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_create](#input\_cluster\_create) | Cluster configuration for newly created cluster. Set to null to use existing cluster, or create using defaults in new project. | 
object({
    labels = optional(map(string))
    master_authorized_ranges = optional(map(string), {
      rfc-1918-10-8 = "10.0.0.0/8"
    })
    master_ipv4_cidr_block = optional(string, "172.16.255.0/28")
    vpc = optional(object({
      id        = string
      subnet_id = string
      secondary_range_names = optional(object({
        pods     = optional(string, "pods")
        services = optional(string, "services")
      }), {})
    }))
    version = optional(string)
    options = optional(object({
      release_channel                       = optional(string, "REGULAR")
      enable_backup_agent                   = optional(bool, false)
      dns_cache                             = optional(bool, true)
      enable_gcs_fuse_csi_driver            = optional(bool, false)
      enable_gcp_filestore_csi_driver       = optional(bool, false)
      enable_gce_persistent_disk_csi_driver = optional(bool, false)
    }), {})
  })
| `null` | no | -| [cluster\_name](#input\_cluster\_name) | Name of new or existing cluster. | `string` | n/a | yes | -| [enable\_private\_endpoint](#input\_enable\_private\_endpoint) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. | `bool` | `true` | no | -| [filestore\_storage](#input\_filestore\_storage) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | 
map(object({
    name        = string
    tier        = string
    capacity_gb = number
  }))
| `{}` | no | -| [fleet\_project\_id](#input\_fleet\_project\_id) | GKE Fleet project id. If null cluster project will also be used for fleet. | `string` | `null` | no | -| [gke\_autopilot](#input\_gke\_autopilot) | Create GKE Autopiot cluster | `bool` | `false` | no | -| [gke\_location](#input\_gke\_location) | Region or zone used for cluster. | `string` | `"us-central1-a"` | no | -| [node\_locations](#input\_node\_locations) | Zones in which the GKE Autopilot cluster's nodes are located. | `list(string)` | `[]` | no | -| [nodepools](#input\_nodepools) | Nodepools for the GKE Standard cluster | 
map(object({
    machine_type   = optional(string, "n2-standard-2"),
    gke_version    = optional(string),
    max_node_count = optional(number, 10),
    min_node_count = optional(number, 1),

    guest_accelerator = optional(object({
      type  = optional(string),
      count = optional(number),
      gpu_driver = optional(object({
        version                    = string
        partition_size             = optional(string)
        max_shared_clients_per_gpu = optional(number)
      }))
    }))

    ephemeral_ssd_block_config = optional(object({
      ephemeral_ssd_count = optional(number)
    }))

    local_nvme_ssd_block_config = optional(object({
      local_ssd_count = optional(number)
    }))
  }))
| `{}` | no | -| [prefix](#input\_prefix) | Prefix used for resource names. | `string` | `"ai-gke-0"` | no | -| [private\_cluster\_config](#input\_private\_cluster\_config) | Private cluster configuration. Default of {} configures a private\_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production. | 
object({
    # Is overriden by above variable enable_private_endpoint
    enable_private_endpoint = optional(bool, true)
    master_global_access    = optional(bool, true)
  })
| `{}` | no | -| [project\_create](#input\_project\_create) | Project configuration for newly created project. Leave null to use existing project. Project creation forces VPC and cluster creation. | 
object({
    billing_account = string
    parent          = optional(string)
    shared_vpc_host = optional(string)
  })
| `null` | no | -| [project\_id](#input\_project\_id) | Project id of existing or created project. | `string` | n/a | yes | -| [region](#input\_region) | Region used for network resources. | `string` | `"us-central1"` | no | -| [registry\_create](#input\_registry\_create) | Create remote Docker Artifact Registry. | `bool` | `true` | no | -| [vpc\_create](#input\_vpc\_create) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | 
object({
    name                     = optional(string)
    subnet_name              = optional(string)
    primary_range_nodes      = optional(string, "10.0.0.0/24")
    secondary_range_pods     = optional(string, "10.16.0.0/20")
    secondary_range_services = optional(string, "10.32.0.0/24")
    enable_cloud_nat         = optional(bool, false)
    proxy_only_subnet        = optional(string)
  })
| `null` | no | + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [cluster_name](variables.tf#L81) | Name of new or existing cluster. | string | ✓ | | +| [project_id](variables.tf#L101) | Project id of existing or created project. | string | ✓ | | +| [cluster_create](variables.tf#L17) | Cluster configuration for newly created cluster. Set to null to use existing cluster, or create using defaults in new project. | object({…}) | | null | +| [enable_private_endpoint](variables.tf#L75) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. | bool | | true | +| [filestore_storage](variables.tf#L143) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | map(object({…})) | | {} | +| [fleet_project_id](variables.tf#L88) | GKE Fleet project id. If null cluster project will also be used for fleet. | string | | null | +| [gke_location](variables.tf#L112) | Region or zone used for cluster. | string | | "us-central1-a" | +| [nodepools](variables.tf#L118) | Nodepools for the cluster | map(object({…})) | | {} | +| [prefix](variables.tf#L94) | Prefix used for resource names. | string | | "ai-gke-0" | +| [project_create](variables.tf#L45) | Project configuration for newly created project. Leave null to use existing project. Project creation forces VPC and cluster creation. | object({…}) | | null | +| [region](variables.tf#L106) | Region used for network resources. | string | | "us-central1" | +| [registry_create](variables.tf#L55) | Create remote Docker Artifact Registry. | bool | | true | +| [vpc_create](variables.tf#L61) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | object({…}) | | null | ## Outputs -| Name | Description | -|------|-------------| -| [created\_resources](#output\_created\_resources) | IDs of the resources created, if any. | -| [fleet\_host](#output\_fleet\_host) | Fleet Connect Gateway host that can be used to configure the GKE provider. | -| [get\_credentials](#output\_get\_credentials) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | -| [project\_id](#output\_project\_id) | Project ID of where the GKE cluster is hosted | - \ No newline at end of file +| name | description | sensitive | +|---|---|:---:| +| [created_resources](outputs.tf#L17) | IDs of the resources created, if any. | | +| [fleet_host](outputs.tf#L49) | Fleet Connect Gateway host that can be used to configure the GKE provider. | | +| [get_credentials](outputs.tf#L58) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | | +| [project_id](outputs.tf#L44) | Project ID of where the GKE cluster is hosted | | + diff --git a/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf b/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf index efb75d92a..dc7066193 100644 --- a/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf +++ b/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf @@ -84,9 +84,10 @@ module "cluster-standard" { master_authorized_ranges = var.cluster_create.master_authorized_ranges master_ipv4_cidr_block = var.cluster_create.master_ipv4_cidr_block } - private_cluster_config = var.private_cluster_config == null ? null : merge(var.private_cluster_config, { + private_cluster_config = { enable_private_endpoint = var.enable_private_endpoint - }) + master_global_access = true + } labels = var.cluster_create.labels release_channel = var.cluster_create.options.release_channel backup_configs = { @@ -138,9 +139,12 @@ module "cluster-autopilot" { master_authorized_ranges = var.cluster_create.master_authorized_ranges master_ipv4_cidr_block = var.cluster_create.master_ipv4_cidr_block } - private_cluster_config = var.private_cluster_config - labels = var.cluster_create.labels - release_channel = var.cluster_create.options.release_channel + private_cluster_config = { + enable_private_endpoint = var.enable_private_endpoint + master_global_access = true + } + labels = var.cluster_create.labels + release_channel = var.cluster_create.options.release_channel backup_configs = { enable_backup_agent = var.cluster_create.options.enable_backup_agent } diff --git a/benchmarks/infra/stage-1/modules/gke-infra/variables.tf b/benchmarks/infra/stage-1/modules/gke-infra/variables.tf index 91d184822..97169076d 100644 --- a/benchmarks/infra/stage-1/modules/gke-infra/variables.tf +++ b/benchmarks/infra/stage-1/modules/gke-infra/variables.tf @@ -79,24 +79,10 @@ variable "vpc_create" { default = null } -variable "private_cluster_config" { - description = "Private cluster configuration. Default of {} configures a private_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production." - type = object({ - # When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. - enable_private_endpoint = optional(bool, true) - master_global_access = optional(bool, true) - }) - default = {} -} - -variable "private_cluster_config" { - description = "Private cluster configuration. Default of {} configures a private_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production." - type = object({ - # Is overriden by above variable enable_private_endpoint - enable_private_endpoint = optional(bool, true) - master_global_access = optional(bool, true) - }) - default = {} +variable "enable_private_endpoint" { + description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled." + type = bool + default = true } variable "cluster_name" { diff --git a/benchmarks/infra/stage-1/variables.tf b/benchmarks/infra/stage-1/variables.tf index 377682568..fa326a31e 100644 --- a/benchmarks/infra/stage-1/variables.tf +++ b/benchmarks/infra/stage-1/variables.tf @@ -36,24 +36,10 @@ variable "gke_location" { default = "us-central1-a" } -variable "private_cluster_config" { - description = "Private cluster configuration. Default of {} configures a private_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production." - type = object({ - # When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. - enable_private_endpoint = optional(bool, true) - master_global_access = optional(bool, true) - }) - default = {} -} - -variable "private_cluster_config" { - description = "Private cluster configuration. Default of {} configures a private_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production." - type = object({ - # Is overriden by above variable enable_private_endpoint - enable_private_endpoint = optional(bool, true) - master_global_access = optional(bool, true) - }) - default = {} +variable "enable_private_endpoint" { + description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled." + type = bool + default = true } variable "vpc_create" {