Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Experimental Networking Features for GKE #3114

Merged
merged 3 commits into from
Oct 11, 2024
Merged

Experimental Networking Features for GKE #3114

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
00c34d8
RDMA Support in GKE Modules
arajmane-g Oct 9, 2024
01f7bf6
Merge pull request #1 from annuay-google/a3u_rdma
arajmane-g Oct 9, 2024
5ca7d82
Address Feedback
arajmane-g Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions community/modules/compute/pbspro-execution/README.md
View file
Open in desktop

Large diffs are not rendered by default.

30 changes: 15 additions & 15 deletions community/modules/compute/schedmd-slurm-gcp-v6-nodeset-dynamic/README.md
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion community/modules/network/rdma-vpc/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ No resources.
| <a name="input_region"></a> [region](#input\_region) | The default region for Cloud resources | `string` | n/a | yes |
| <a name="input_secondary_ranges"></a> [secondary\_ranges](#input\_secondary\_ranges) | Secondary ranges that will be used in some of the subnets. Please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions. | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| <a name="input_shared_vpc_host"></a> [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
| <a name="input_subnetworks_template"></a> [subnetworks\_template](#input\_subnetworks\_template) | Rules for creating subnetworks within the VPC | <pre>object({<br> count = number<br> name_prefix = string<br> ip_range = string<br> region = string<br> private_access = optional(bool)<br> })</pre> | <pre>{<br> "count": 8,<br> "ip_range": "192.168.0.0/16",<br> "name_prefix": "subnet",<br> "region": null<br>}</pre> | no |
| <a name="input_subnetworks_template"></a> [subnetworks\_template](#input\_subnetworks\_template) | Rules for creating subnetworks within the VPC | <pre>object({<br/> count = number<br/> name_prefix = string<br/> ip_range = string<br/> region = string<br/> private_access = optional(bool)<br/> })</pre> | <pre>{<br/> "count": 8,<br/> "ip_range": "192.168.0.0/16",<br/> "name_prefix": "subnet",<br/> "region": null<br/>}</pre> | no |

## Outputs

Expand All @@ -76,5 +76,7 @@ No resources.
| <a name="output_network_name"></a> [network\_name](#output\_network\_name) | Name of the new VPC network |
| <a name="output_network_self_link"></a> [network\_self\_link](#output\_network\_self\_link) | Self link of the new VPC network |
| <a name="output_subnetwork_interfaces"></a> [subnetwork\_interfaces](#output\_subnetwork\_interfaces) | Full list of subnetwork objects belonging to the new VPC network (compatible with vm-instance) |
| <a name="output_subnetwork_interfaces_gke"></a> [subnetwork\_interfaces\_gke](#output\_subnetwork\_interfaces\_gke) | Full list of subnetwork objects belonging to the new VPC network (compatible with gke-node-pool) |
| <a name="output_subnetwork_name_prefix"></a> [subnetwork\_name\_prefix](#output\_subnetwork\_name\_prefix) | Prefix of the RDMA subnetwork names |
| <a name="output_subnetworks"></a> [subnetworks](#output\_subnetworks) | Full list of subnetwork objects belonging to the new VPC network |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
17 changes: 17 additions & 0 deletions community/modules/network/rdma-vpc/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,23 @@ locals {
alias_ip_range = []
}
]

# FIX_ME(arajmane): There is a concern about this not working in a shared VPC environment.
# To unblock experimental testing, we decided to go ahead with this.
arajmane-g marked this conversation as resolved.
Show resolved Hide resolved
output_subnets_gke = [
for subnet in module.vpc.subnets : {
network = local.network_name
subnetwork = subnet.name
subnetwork_project = null
network_ip = ""
nic_type = coalesce(var.nic_type, try(regex("IRDMA", local.profile_name), regex("MRDMA", local.profile_name), "RDMA"))
stack_type = null
queue_count = null
access_config = []
ipv6_access_config = []
alias_ip_range = []
}
]
}

module "vpc" {
Expand Down
14 changes: 14 additions & 0 deletions community/modules/network/rdma-vpc/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,17 @@ output "subnetwork_interfaces" {
value = local.output_subnets
depends_on = [module.vpc]
}

# The output subnetwork_interfaces is compatible with vm-instance module but not with gke-node-pool
# See https://github.com/GoogleCloudPlatform/cluster-toolkit/blob/99493df21cecf6a092c45298bf7a45e0343cf622/modules/compute/vm-instance/variables.tf#L220
# So, we need a separate output that makes the network and subnetwork names available
output "subnetwork_interfaces_gke" {
description = "Full list of subnetwork objects belonging to the new VPC network (compatible with gke-node-pool)"
value = local.output_subnets_gke
depends_on = [module.vpc]
}

output "subnetwork_name_prefix" {
description = "Prefix of the RDMA subnetwork names"
value = var.subnetworks_template.name_prefix
}
8 changes: 4 additions & 4 deletions community/modules/network/rdma-vpc/vpc-submodule/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@ limitations under the License.
| <a name="input_auto_create_subnetworks"></a> [auto\_create\_subnetworks](#input\_auto\_create\_subnetworks) | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | `bool` | `false` | no |
| <a name="input_delete_default_internet_gateway_routes"></a> [delete\_default\_internet\_gateway\_routes](#input\_delete\_default\_internet\_gateway\_routes) | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | `bool` | `false` | no |
| <a name="input_description"></a> [description](#input\_description) | An optional description of this resource. The resource must be recreated to modify this field. | `string` | `""` | no |
| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br/> name = string<br/> description = optional(string, null)<br/> disabled = optional(bool, null)<br/> priority = optional(number, null)<br/> destination_ranges = optional(list(string), [])<br/> source_ranges = optional(list(string), [])<br/> source_tags = optional(list(string))<br/> source_service_accounts = optional(list(string))<br/> target_tags = optional(list(string))<br/> target_service_accounts = optional(list(string))<br/><br/> allow = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> deny = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> log_config = optional(object({<br/> metadata = string<br/> }))<br/> }))</pre> | `[]` | no |
| <a name="input_enable_ipv6_ula"></a> [enable\_ipv6\_ula](#input\_enable\_ipv6\_ula) | Enabled IPv6 ULA, this is a permanent change and cannot be undone! (default 'false') | `bool` | `false` | no |
| <a name="input_firewall_rules"></a> [firewall\_rules](#input\_firewall\_rules) | This is DEPRECATED and available for backward compatibility. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> direction = optional(string, "INGRESS")<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| <a name="input_firewall_rules"></a> [firewall\_rules](#input\_firewall\_rules) | This is DEPRECATED and available for backward compatibility. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br/> name = string<br/> description = optional(string, null)<br/> direction = optional(string, "INGRESS")<br/> disabled = optional(bool, null)<br/> priority = optional(number, null)<br/> ranges = optional(list(string), [])<br/> source_tags = optional(list(string))<br/> source_service_accounts = optional(list(string))<br/> target_tags = optional(list(string))<br/> target_service_accounts = optional(list(string))<br/><br/> allow = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> deny = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> log_config = optional(object({<br/> metadata = string<br/> }))<br/> }))</pre> | `[]` | no |
| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br/> name = string<br/> description = optional(string, null)<br/> disabled = optional(bool, null)<br/> priority = optional(number, null)<br/> destination_ranges = optional(list(string), [])<br/> source_ranges = optional(list(string), [])<br/> source_tags = optional(list(string))<br/> source_service_accounts = optional(list(string))<br/> target_tags = optional(list(string))<br/> target_service_accounts = optional(list(string))<br/><br/> allow = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> deny = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> log_config = optional(object({<br/> metadata = string<br/> }))<br/> }))</pre> | `[]` | no |
| <a name="input_internal_ipv6_range"></a> [internal\_ipv6\_range](#input\_internal\_ipv6\_range) | When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) | `string` | `null` | no |
| <a name="input_mtu"></a> [mtu](#input\_mtu) | The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | `number` | `0` | no |
| <a name="input_network_firewall_policy_enforcement_order"></a> [network\_firewall\_policy\_enforcement\_order](#input\_network\_firewall\_policy\_enforcement\_order) | Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`) | `string` | `null` | no |
Expand All @@ -68,7 +68,7 @@ limitations under the License.
| <a name="input_routing_mode"></a> [routing\_mode](#input\_routing\_mode) | The network routing mode (default 'GLOBAL') | `string` | `"GLOBAL"` | no |
| <a name="input_secondary_ranges"></a> [secondary\_ranges](#input\_secondary\_ranges) | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| <a name="input_shared_vpc_host"></a> [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | The list of subnets being created | <pre>list(object({<br> subnet_name = string<br> subnet_ip = string<br> subnet_region = string<br> subnet_private_access = optional(string)<br> subnet_private_ipv6_access = optional(string)<br> subnet_flow_logs = optional(string)<br> subnet_flow_logs_interval = optional(string)<br> subnet_flow_logs_sampling = optional(string)<br> subnet_flow_logs_metadata = optional(string)<br> subnet_flow_logs_filter = optional(string)<br> subnet_flow_logs_metadata_fields = optional(list(string))<br> description = optional(string)<br> purpose = optional(string)<br> role = optional(string)<br> stack_type = optional(string)<br> ipv6_access_type = optional(string)<br> }))</pre> | n/a | yes |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | The list of subnets being created | <pre>list(object({<br/> subnet_name = string<br/> subnet_ip = string<br/> subnet_region = string<br/> subnet_private_access = optional(string)<br/> subnet_private_ipv6_access = optional(string)<br/> subnet_flow_logs = optional(string)<br/> subnet_flow_logs_interval = optional(string)<br/> subnet_flow_logs_sampling = optional(string)<br/> subnet_flow_logs_metadata = optional(string)<br/> subnet_flow_logs_filter = optional(string)<br/> subnet_flow_logs_metadata_fields = optional(list(string))<br/> description = optional(string)<br/> purpose = optional(string)<br/> role = optional(string)<br/> stack_type = optional(string)<br/> ipv6_access_type = optional(string)<br/> }))</pre> | n/a | yes |

## Outputs

Expand Down
Loading
Loading