From ca85ea17a1507a22e3506f296d750569b6e68b20 Mon Sep 17 00:00:00 2001 From: Umesh Kumhar Date: Tue, 5 Mar 2024 01:06:29 +0530 Subject: [PATCH] minor bug fixes and linting (#274) --- applications/jupyter/main.tf | 30 ++++----- applications/jupyter/variables.tf | 19 +++--- ...workloads-auto-create-brand.example.tfvars | 34 +++++----- ...ng-brand-auto-create-client.example.tfvars | 32 +++++----- ...sting-brand-existing-client.example.tfvars | 24 +++---- .../workloads-without-iap.example.tfvars | 10 +-- applications/jupyter/workloads.tfvars | 36 +++++------ applications/rag/frontend/main.tf | 40 ++++++------ applications/rag/frontend/variables.tf | 14 ++-- applications/rag/main.tf | 62 +++++++++--------- applications/rag/variables.tf | 12 ++-- applications/rag/workloads.tfvars | 40 ++++++------ cloudbuild.yaml | 2 +- infrastructure/variables.tf | 2 +- modules/iap/iap.tf | 4 +- modules/iap/variables.tf | 16 ++--- modules/jupyter/main.tf | 64 +++++++++---------- modules/jupyter/variables.tf | 6 +- 18 files changed, 224 insertions(+), 223 deletions(-) diff --git a/applications/jupyter/main.tf b/applications/jupyter/main.tf index e4879b048..7d8e08614 100644 --- a/applications/jupyter/main.tf +++ b/applications/jupyter/main.tf @@ -80,19 +80,19 @@ module "jupyterhub" { autopilot_cluster = data.google_container_cluster.default.enable_autopilot # IAP Auth parameters - add_auth = var.add_auth - brand = var.brand - support_email = var.support_email - client_id = var.client_id - client_secret = var.client_secret - k8s_ingress_name = var.k8s_ingress_name - k8s_managed_cert_name = var.k8s_managed_cert_name - k8s_iap_secret_name = var.k8s_iap_secret_name - k8s_backend_config_name = var.k8s_backend_config_name - k8s_backend_service_name = var.k8s_backend_service_name - k8s_backend_service_port = var.k8s_backend_service_port - url_domain_addr = var.url_domain_addr - url_domain_name = var.url_domain_name - members_allowlist = var.members_allowlist - depends_on = [module.gcs] + add_auth = var.add_auth + brand = var.brand + support_email = var.support_email + client_id = var.client_id + client_secret = var.client_secret + k8s_ingress_name = var.k8s_ingress_name + k8s_managed_cert_name = var.k8s_managed_cert_name + k8s_iap_secret_name = var.k8s_iap_secret_name + k8s_backend_config_name = var.k8s_backend_config_name + k8s_backend_service_name = var.k8s_backend_service_name + k8s_backend_service_port = var.k8s_backend_service_port + url_domain_addr = var.url_domain_addr + url_domain_name = var.url_domain_name + members_allowlist = var.members_allowlist + depends_on = [module.gcs] } diff --git a/applications/jupyter/variables.tf b/applications/jupyter/variables.tf index 63235e38b..a2e322a1d 100644 --- a/applications/jupyter/variables.tf +++ b/applications/jupyter/variables.tf @@ -63,9 +63,9 @@ variable "k8s_ingress_name" { } variable "k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "jupyter-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "jupyter-managed-cert" } variable "k8s_iap_secret_name" { @@ -86,9 +86,9 @@ variable "k8s_backend_service_name" { } variable "k8s_backend_service_port" { - type = number - description = "Name of the Backend Service on GCP" - default = 80 + type = number + description = "Name of the Backend Service on GCP" + default = 80 } variable "brand" { @@ -112,6 +112,7 @@ variable "url_domain_name" { variable "support_email" { type = string description = "Email for users to contact with questions about their consent" + default = "" } variable "client_id" { @@ -128,7 +129,7 @@ variable "client_secret" { } variable "create_gcs_bucket" { - type = bool - default = false - description = "Enable flag to create gcs_bucket" + type = bool + default = false + description = "Enable flag to create gcs_bucket" } \ No newline at end of file diff --git a/applications/jupyter/workloads-auto-create-brand.example.tfvars b/applications/jupyter/workloads-auto-create-brand.example.tfvars index 5d37ce4b2..c1748b44f 100644 --- a/applications/jupyter/workloads-auto-create-brand.example.tfvars +++ b/applications/jupyter/workloads-auto-create-brand.example.tfvars @@ -26,23 +26,23 @@ cluster_membership_id = "" # required only for private cluster, default: cluster ####################################################### ## JupyterHub variables -namespace = "jupyter" -create_gcs_bucket = true -gcs_bucket = "" -workload_identity_service_account = "jupyter-service-account" +namespace = "jupyter" +create_gcs_bucket = true +gcs_bucket = "" +workload_identity_service_account = "jupyter-service-account" # Jupyterhub with IAP -add_auth = true -brand = "" # Leave it empty to auto create -support_email = "" -k8s_ingress_name = "jupyter-ingress" -k8s_iap_secret_name = "jupyter-iap-secret" -k8s_backend_config_name = "jupyter-iap-config" -k8s_backend_service_name = "proxy-public" -k8s_backend_service_port = 80 +add_auth = true +brand = "" # Leave it empty to auto create +support_email = "" +k8s_ingress_name = "jupyter-ingress" +k8s_iap_secret_name = "jupyter-iap-secret" +k8s_backend_config_name = "jupyter-iap-config" +k8s_backend_service_name = "proxy-public" +k8s_backend_service_port = 80 -url_domain_addr = "" -url_domain_name = "" -client_id = "" -client_secret = "" -members_allowlist = ["allAuthenticatedUsers", "user:"] +url_domain_addr = "" +url_domain_name = "" +client_id = "" +client_secret = "" +members_allowlist = ["allAuthenticatedUsers", "user:"] diff --git a/applications/jupyter/workloads-existing-brand-auto-create-client.example.tfvars b/applications/jupyter/workloads-existing-brand-auto-create-client.example.tfvars index 37809f07c..586c43390 100644 --- a/applications/jupyter/workloads-existing-brand-auto-create-client.example.tfvars +++ b/applications/jupyter/workloads-existing-brand-auto-create-client.example.tfvars @@ -26,22 +26,22 @@ cluster_membership_id = "" # required only for private cluster, default: cluster ####################################################### ## JupyterHub variables -namespace = "jupyter" -gcs_bucket = "" -workload_identity_service_account = "jupyter-service-account" +namespace = "jupyter" +gcs_bucket = "" +workload_identity_service_account = "jupyter-service-account" # Jupyterhub with IAP -add_auth = true -brand = "projects//brands/" # ensure brand is Internal -support_email = "" -k8s_ingress_name = "jupyter-ingress" -k8s_iap_secret_name = "jupyter-iap-secret" -k8s_backend_config_name = "jupyter-iap-config" -k8s_backend_service_name = "proxy-public" -k8s_backend_service_port = 80 +add_auth = true +brand = "projects//brands/" # ensure brand is Internal +support_email = "" +k8s_ingress_name = "jupyter-ingress" +k8s_iap_secret_name = "jupyter-iap-secret" +k8s_backend_config_name = "jupyter-iap-config" +k8s_backend_service_name = "proxy-public" +k8s_backend_service_port = 80 -url_domain_addr = "" -url_domain_name = "" -client_id = "" -client_secret = "" -members_allowlist = ["allAuthenticatedUsers", "user:"] +url_domain_addr = "" +url_domain_name = "" +client_id = "" +client_secret = "" +members_allowlist = ["allAuthenticatedUsers", "user:"] diff --git a/applications/jupyter/workloads-existing-brand-existing-client.example.tfvars b/applications/jupyter/workloads-existing-brand-existing-client.example.tfvars index f765a4bc0..26fdb8569 100644 --- a/applications/jupyter/workloads-existing-brand-existing-client.example.tfvars +++ b/applications/jupyter/workloads-existing-brand-existing-client.example.tfvars @@ -26,20 +26,20 @@ cluster_membership_id = "" # required only for private cluster, default: cluster ####################################################### ## JupyterHub variables -namespace = "jupyter" -create_gcs_bucket = true -gcs_bucket = "" -workload_identity_service_account = "jupyter-service-account" +namespace = "jupyter" +create_gcs_bucket = true +gcs_bucket = "" +workload_identity_service_account = "jupyter-service-account" # Jupyterhub with IAP -add_auth = true -brand = "projects//brands/" -support_email = "" -k8s_ingress_name = "jupyter-ingress" -k8s_iap_secret_name = "jupyter-iap-secret" -k8s_backend_config_name = "jupyter-iap-config" -k8s_backend_service_name = "proxy-public" -k8s_backend_service_port = 80 +add_auth = true +brand = "projects//brands/" +support_email = "" +k8s_ingress_name = "jupyter-ingress" +k8s_iap_secret_name = "jupyter-iap-secret" +k8s_backend_config_name = "jupyter-iap-config" +k8s_backend_service_name = "proxy-public" +k8s_backend_service_port = 80 url_domain_addr = "" url_domain_name = "" diff --git a/applications/jupyter/workloads-without-iap.example.tfvars b/applications/jupyter/workloads-without-iap.example.tfvars index 685262afa..e048ac674 100644 --- a/applications/jupyter/workloads-without-iap.example.tfvars +++ b/applications/jupyter/workloads-without-iap.example.tfvars @@ -26,10 +26,10 @@ cluster_membership_id = "" # required only for private clusters, default: cluste ####################################################### ## JupyterHub variables -namespace = "jupyter" -gcs_bucket = "" -create_service_account = true -gcp_and_k8s_service_account = "jupyter-service-account" +namespace = "jupyter" +gcs_bucket = "" +create_gcs_bucket = true +workload_identity_service_account = "jupyter-service-account" # Jupyterhub without IAP -add_auth = false +add_auth = false diff --git a/applications/jupyter/workloads.tfvars b/applications/jupyter/workloads.tfvars index 823f0adc7..4abf5a2dd 100644 --- a/applications/jupyter/workloads.tfvars +++ b/applications/jupyter/workloads.tfvars @@ -26,25 +26,25 @@ cluster_membership_id = "" # required for private cluster, defaults to `cluster_ ####################################################### ## JupyterHub variables -namespace = "ml" -gcs_bucket = "gcs-bucket-dsfhfh" -create_gcs_bucket = true -workload_identity_service_account = "jupyter-service-account" +namespace = "ml" +gcs_bucket = "gcs-bucket-dsfhfh" +create_gcs_bucket = true +workload_identity_service_account = "jupyter-service-account" # Jupyterhub with IAP -add_auth = false +add_auth = false # TODO make this a bool flag and fetch the project number in tf -brand = "projects//brands/" # ensure brand is Internal -support_email = "" -k8s_ingress_name = "jupyter-ingress" -k8s_managed_cert_name = "jupyter-managed-cert" -k8s_iap_secret_name = "jupyter-iap-secret" -k8s_backend_config_name = "jupyter-iap-config" -k8s_backend_service_name = "proxy-public" -k8s_backend_service_port = 80 +brand = "projects//brands/" # ensure brand is Internal +support_email = "" +k8s_ingress_name = "jupyter-ingress" +k8s_managed_cert_name = "jupyter-managed-cert" +k8s_iap_secret_name = "jupyter-iap-secret" +k8s_backend_config_name = "jupyter-iap-config" +k8s_backend_service_name = "proxy-public" +k8s_backend_service_port = 80 -url_domain_addr = "" -url_domain_name = "" -client_id = "" -client_secret = "" -members_allowlist = ["allAuthenticatedUsers", "user:"] +url_domain_addr = "" +url_domain_name = "" +client_id = "" +client_secret = "" +members_allowlist = ["allAuthenticatedUsers", "user:"] diff --git a/applications/rag/frontend/main.tf b/applications/rag/frontend/main.tf index fa58984e7..9c969f59e 100644 --- a/applications/rag/frontend/main.tf +++ b/applications/rag/frontend/main.tf @@ -36,9 +36,9 @@ locals { # IAP Section: Enabled the IAP service resource "google_project_service" "project_service" { - count = var.add_auth ? 1 : 0 - project = var.project_id - service = "iap.googleapis.com" + count = var.add_auth ? 1 : 0 + project = var.project_id + service = "iap.googleapis.com" disable_dependent_services = false disable_on_destroy = false @@ -53,23 +53,23 @@ resource "google_iap_client" "iap_oauth_client" { # IAP Section: Creates the GKE components module "iap_auth" { - count = var.add_auth ? 1 : 0 - source = "../../../modules/iap" - - project_id = var.project_id - namespace = var.namespace - frontend_add_auth = var.add_auth - frontend_k8s_ingress_name = var.k8s_ingress_name - frontend_k8s_managed_cert_name = var.k8s_managed_cert_name - frontend_k8s_iap_secret_name = var.k8s_iap_secret_name - frontend_k8s_backend_config_name = var.k8s_backend_config_name - frontend_k8s_backend_service_name = var.k8s_backend_service_name - frontend_k8s_backend_service_port = var.k8s_backend_service_port - frontend_client_id = var.client_id != "" ? var.client_id : google_iap_client.iap_oauth_client[0].client_id - frontend_client_secret = var.client_id != "" ? var.client_secret : google_iap_client.iap_oauth_client[0].secret - frontend_url_domain_addr = var.url_domain_addr - frontend_url_domain_name = var.url_domain_name - depends_on = [ + count = var.add_auth ? 1 : 0 + source = "../../../modules/iap" + + project_id = var.project_id + namespace = var.namespace + frontend_add_auth = var.add_auth + frontend_k8s_ingress_name = var.k8s_ingress_name + frontend_k8s_managed_cert_name = var.k8s_managed_cert_name + frontend_k8s_iap_secret_name = var.k8s_iap_secret_name + frontend_k8s_backend_config_name = var.k8s_backend_config_name + frontend_k8s_backend_service_name = var.k8s_backend_service_name + frontend_k8s_backend_service_port = var.k8s_backend_service_port + frontend_client_id = var.client_id != "" ? var.client_id : google_iap_client.iap_oauth_client[0].client_id + frontend_client_secret = var.client_id != "" ? var.client_secret : google_iap_client.iap_oauth_client[0].secret + frontend_url_domain_addr = var.url_domain_addr + frontend_url_domain_name = var.url_domain_name + depends_on = [ google_project_service.project_service, kubernetes_service.rag_frontend_service ] diff --git a/applications/rag/frontend/variables.tf b/applications/rag/frontend/variables.tf index 6ce56c0a0..c372f6eab 100644 --- a/applications/rag/frontend/variables.tf +++ b/applications/rag/frontend/variables.tf @@ -65,7 +65,7 @@ variable "create_service_account" { variable "google_service_account" { type = string description = "Google Service Account name" - default = "frontend-gcp-sa" + default = "frontend-gcp-sa" } variable "add_auth" { @@ -80,9 +80,9 @@ variable "k8s_ingress_name" { } variable "k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "frontend-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "frontend-managed-cert" } variable "k8s_iap_secret_name" { @@ -127,9 +127,9 @@ variable "url_domain_name" { } variable "support_email" { - type = string - description = "Email for users to contact with questions about their consent" - default = "" + type = string + description = "Email for users to contact with questions about their consent" + default = "" } variable "client_id" { diff --git a/applications/rag/main.tf b/applications/rag/main.tf index ddf6baee9..3c3b28a69 100644 --- a/applications/rag/main.tf +++ b/applications/rag/main.tf @@ -132,20 +132,20 @@ module "jupyterhub" { workload_identity_service_account = var.jupyter_service_account # IAP Auth parameters - brand = var.brand - support_email = var.jupyter_support_email - client_id = var.jupyter_client_id - client_secret = var.jupyter_client_secret - k8s_ingress_name = var.jupyter_k8s_ingress_name - k8s_managed_cert_name = var.jupyter_k8s_managed_cert_name - k8s_backend_config_name = var.jupyter_k8s_backend_config_name - k8s_backend_service_name = var.jupyter_k8s_backend_service_name - k8s_backend_service_port = var.jupyter_k8s_backend_service_port - url_domain_addr = var.jupyter_url_domain_addr - url_domain_name = var.jupyter_url_domain_name - members_allowlist = var.jupyter_members_allowlist - - depends_on = [module.kuberay-operator, module.gcs] + brand = var.brand + support_email = var.jupyter_support_email + client_id = var.jupyter_client_id + client_secret = var.jupyter_client_secret + k8s_ingress_name = var.jupyter_k8s_ingress_name + k8s_managed_cert_name = var.jupyter_k8s_managed_cert_name + k8s_backend_config_name = var.jupyter_k8s_backend_config_name + k8s_backend_service_name = var.jupyter_k8s_backend_service_name + k8s_backend_service_port = var.jupyter_k8s_backend_service_port + url_domain_addr = var.jupyter_url_domain_addr + url_domain_name = var.jupyter_url_domain_name + members_allowlist = var.jupyter_members_allowlist + + depends_on = [module.kuberay-operator, module.gcs] } module "kuberay-logging" { @@ -201,22 +201,22 @@ module "frontend" { db_secret_name = module.cloudsql.db_secret_name db_secret_namespace = module.cloudsql.db_secret_namespace dataset_embeddings_table_name = var.dataset_embeddings_table_name - + # IAP Auth parameters - add_auth = var.frontend_add_auth - brand = var.brand - support_email = var.frontend_support_email - client_id = var.frontend_client_id - client_secret = var.frontend_client_secret - k8s_ingress_name = var.frontend_k8s_ingress_name - k8s_managed_cert_name = var.frontend_k8s_managed_cert_name - k8s_iap_secret_name = var.frontend_k8s_iap_secret_name - k8s_backend_config_name = var.frontend_k8s_backend_config_name - k8s_backend_service_name = var.frontend_k8s_backend_service_name - k8s_backend_service_port = var.frontend_k8s_backend_service_port - url_domain_addr = var.frontend_url_domain_addr - url_domain_name = var.frontend_url_domain_name - members_allowlist = var.frontend_members_allowlist - - depends_on = [module.cloudsql, module.gcs, module.inference-server] + add_auth = var.frontend_add_auth + brand = var.brand + support_email = var.frontend_support_email + client_id = var.frontend_client_id + client_secret = var.frontend_client_secret + k8s_ingress_name = var.frontend_k8s_ingress_name + k8s_managed_cert_name = var.frontend_k8s_managed_cert_name + k8s_iap_secret_name = var.frontend_k8s_iap_secret_name + k8s_backend_config_name = var.frontend_k8s_backend_config_name + k8s_backend_service_name = var.frontend_k8s_backend_service_name + k8s_backend_service_port = var.frontend_k8s_backend_service_port + url_domain_addr = var.frontend_url_domain_addr + url_domain_name = var.frontend_url_domain_name + members_allowlist = var.frontend_members_allowlist + + depends_on = [module.cloudsql, module.gcs, module.inference-server] } diff --git a/applications/rag/variables.tf b/applications/rag/variables.tf index f0748fb15..3eea1213b 100644 --- a/applications/rag/variables.tf +++ b/applications/rag/variables.tf @@ -107,9 +107,9 @@ variable "frontend_k8s_ingress_name" { } variable "frontend_k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "frontend-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "frontend-managed-cert" } variable "frontend_k8s_iap_secret_name" { @@ -184,9 +184,9 @@ variable "jupyter_k8s_ingress_name" { } variable "jupyter_k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "jupyter-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "jupyter-managed-cert" } variable "jupyter_k8s_iap_secret_name" { diff --git a/applications/rag/workloads.tfvars b/applications/rag/workloads.tfvars index 59d332925..8378884d3 100644 --- a/applications/rag/workloads.tfvars +++ b/applications/rag/workloads.tfvars @@ -20,9 +20,9 @@ cluster_name = "" cluster_location = "us-central1" ## GKE environment variables -kubernetes_namespace = "rag" -create_gcs_bucket = true -gcs_bucket = "rag-data-xyzu" # Choose a globally unique bucket name. +kubernetes_namespace = "rag" +create_gcs_bucket = true +gcs_bucket = "rag-data-xyzu" # Choose a globally unique bucket name. ## Service accounts # Creates a google service account & k8s service account & configures workload identity with appropriate permissions. @@ -43,17 +43,17 @@ jupyter_service_account = "jupyter-system-account" dataset_embeddings_table_name = "googlemaps_reviews_db" ## IAP config -brand = "projects//brands/" +brand = "projects//brands/" ## Jupyter IAP Settings -jupyter_add_auth = true # Set to true when using auth with IAP -jupyter_support_email = "" -jupyter_k8s_ingress_name = "jupyter-ingress" -jupyter_k8s_managed_cert_name = "jupyter-managed-cert" -jupyter_k8s_iap_secret_name = "jupyter-iap-secret" -jupyter_k8s_backend_config_name = "jupyter-iap-config" -jupyter_k8s_backend_service_name = "proxy-public" -jupyter_k8s_backend_service_port = 80 +jupyter_add_auth = true # Set to true when using auth with IAP +jupyter_support_email = "" +jupyter_k8s_ingress_name = "jupyter-ingress" +jupyter_k8s_managed_cert_name = "jupyter-managed-cert" +jupyter_k8s_iap_secret_name = "jupyter-iap-secret" +jupyter_k8s_backend_config_name = "jupyter-iap-config" +jupyter_k8s_backend_service_name = "proxy-public" +jupyter_k8s_backend_service_port = 80 jupyter_url_domain_addr = "" jupyter_url_domain_name = "" @@ -62,14 +62,14 @@ jupyter_client_secret = "" jupyter_members_allowlist = ["allAuthenticatedUsers", "user:"] ## Frontend IAP Settings -frontend_add_auth = true # Set to true when using auth with IAP -frontend_support_email = "" -frontend_k8s_ingress_name = "frontend-ingress" -frontend_k8s_managed_cert_name = "frontend-managed-cert" -frontend_k8s_iap_secret_name = "frontend-iap-secret" -frontend_k8s_backend_config_name = "frontend-iap-config" -frontend_k8s_backend_service_name = "rag-frontend" -frontend_k8s_backend_service_port = 8080 +frontend_add_auth = true # Set to true when using auth with IAP +frontend_support_email = "" +frontend_k8s_ingress_name = "frontend-ingress" +frontend_k8s_managed_cert_name = "frontend-managed-cert" +frontend_k8s_iap_secret_name = "frontend-iap-secret" +frontend_k8s_backend_config_name = "frontend-iap-config" +frontend_k8s_backend_service_name = "rag-frontend" +frontend_k8s_backend_service_port = 8080 frontend_url_domain_addr = "" frontend_url_domain_name = "" diff --git a/cloudbuild.yaml b/cloudbuild.yaml index abf7c8d56..542e2fee9 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -139,7 +139,7 @@ steps: -var=project_id=$PROJECT_ID \ -var=cluster_name=ml-$SHORT_SHA-$_PR_NUMBER-cluster \ -var=namespace=ml-$SHORT_SHA \ - -var=gcp_and_k8s_service_account=jupyter-sa-$SHORT_SHA \ + -var=workload_identity_service_account=jupyter-sa-$SHORT_SHA \ -var=gcs_bucket=gke-aieco-jupyter-$SHORT_SHA \ -auto-approve -no-color diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index a2cfeb035..5eba7fc87 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -174,7 +174,7 @@ variable "enable_tpu" { } variable "enable_gpu" { type = bool - description = "Set to true to create TPU node pool" + description = "Set to true to create GPU node pool" default = true } diff --git a/modules/iap/iap.tf b/modules/iap/iap.tf index 7740707a3..1da475025 100644 --- a/modules/iap/iap.tf +++ b/modules/iap/iap.tf @@ -63,7 +63,7 @@ resource "helm_release" "iap_jupyter" { } set { - name = "iap.managedCertificate.name" + name = "iap.managedCertificate.name" value = var.jupyter_k8s_managed_cert_name } @@ -135,7 +135,7 @@ resource "helm_release" "iap_frontend" { } set { - name = "iap.managedCertificate.name" + name = "iap.managedCertificate.name" value = var.frontend_k8s_managed_cert_name } diff --git a/modules/iap/variables.tf b/modules/iap/variables.tf index 2067271b5..613fefcb9 100644 --- a/modules/iap/variables.tf +++ b/modules/iap/variables.tf @@ -35,9 +35,9 @@ variable "frontend_k8s_ingress_name" { } variable "frontend_k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "frontend-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "frontend-managed-cert" } variable "frontend_k8s_iap_secret_name" { @@ -61,7 +61,7 @@ variable "frontend_k8s_backend_service_name" { variable "frontend_k8s_backend_service_port" { type = number description = "Name of the Backend Service Port" - default = 8080 + default = 8080 } variable "frontend_url_domain_addr" { @@ -112,9 +112,9 @@ variable "jupyter_k8s_ingress_name" { } variable "jupyter_k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "frontend-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "frontend-managed-cert" } variable "jupyter_k8s_iap_secret_name" { @@ -138,7 +138,7 @@ variable "jupyter_k8s_backend_service_name" { variable "jupyter_k8s_backend_service_port" { type = number description = "NName of the Backend Service Port" - default = 80 + default = 80 } variable "jupyter_url_domain_addr" { diff --git a/modules/jupyter/main.tf b/modules/jupyter/main.tf index f226e3824..fcbb556d7 100644 --- a/modules/jupyter/main.tf +++ b/modules/jupyter/main.tf @@ -56,20 +56,20 @@ module "iap_auth" { count = var.add_auth ? 1 : 0 source = "../../modules/iap" - project_id = var.project_id - namespace = var.namespace - jupyter_add_auth = var.add_auth - jupyter_k8s_ingress_name = var.k8s_ingress_name - jupyter_k8s_managed_cert_name = var.k8s_managed_cert_name - jupyter_k8s_iap_secret_name = var.k8s_iap_secret_name - jupyter_k8s_backend_config_name = var.k8s_backend_config_name - jupyter_k8s_backend_service_name = var.k8s_backend_service_name - jupyter_k8s_backend_service_port = var.k8s_backend_service_port - jupyter_client_id = var.client_id != "" ? var.client_id : google_iap_client.iap_oauth_client[0].client_id - jupyter_client_secret = var.client_id != "" ? var.client_secret : google_iap_client.iap_oauth_client[0].secret - jupyter_url_domain_addr = var.url_domain_addr - jupyter_url_domain_name = var.url_domain_name - depends_on = [ + project_id = var.project_id + namespace = var.namespace + jupyter_add_auth = var.add_auth + jupyter_k8s_ingress_name = var.k8s_ingress_name + jupyter_k8s_managed_cert_name = var.k8s_managed_cert_name + jupyter_k8s_iap_secret_name = var.k8s_iap_secret_name + jupyter_k8s_backend_config_name = var.k8s_backend_config_name + jupyter_k8s_backend_service_name = var.k8s_backend_service_name + jupyter_k8s_backend_service_port = var.k8s_backend_service_port + jupyter_client_id = var.client_id != "" ? var.client_id : google_iap_client.iap_oauth_client[0].client_id + jupyter_client_secret = var.client_id != "" ? var.client_secret : google_iap_client.iap_oauth_client[0].secret + jupyter_url_domain_addr = var.url_domain_addr + jupyter_url_domain_name = var.url_domain_name + depends_on = [ google_project_service.project_service, helm_release.jupyterhub ] @@ -108,9 +108,9 @@ data "google_service_account" "sa" { } resource "google_service_account_iam_binding" "hub-workload-identity-user" { - count = var.add_auth ? 1 : 0 - service_account_id = data.google_service_account.sa.name - role = "roles/iam.workloadIdentityUser" + count = var.add_auth ? 1 : 0 + service_account_id = data.google_service_account.sa.name + role = "roles/iam.workloadIdentityUser" members = [ "serviceAccount:${var.project_id}.svc.id.goog[${var.namespace}/hub]", @@ -148,18 +148,18 @@ resource "helm_release" "jupyterhub" { # Autopilot deployment will complete even faster than Standard, as it relies on Ray Autoscaler to provision user pods. timeout = 300 - values = var.autopilot_cluster ? [ templatefile("${path.module}/jupyter_config/config-selfauth-autopilot.yaml", { - password = var.add_auth ? "dummy" : random_password.generated_password[0].result - project_id = var.project_id - project_number = data.google_project.project.number - namespace = var.namespace - backend_config = var.k8s_backend_config_name - service_name = var.k8s_backend_service_name - authenticator_class = var.add_auth ? "'gcpiapjwtauthenticator.GCPIAPAuthenticator'" : "dummy" - service_type = var.add_auth ? "NodePort" : "LoadBalancer" - gcs_bucket = var.gcs_bucket - k8s_service_account = var.workload_identity_service_account - ephemeral_storage = var.ephemeral_storage + values = var.autopilot_cluster ? [templatefile("${path.module}/jupyter_config/config-selfauth-autopilot.yaml", { + password = var.add_auth ? "dummy" : random_password.generated_password[0].result + project_id = var.project_id + project_number = data.google_project.project.number + namespace = var.namespace + backend_config = var.k8s_backend_config_name + service_name = var.k8s_backend_service_name + authenticator_class = var.add_auth ? "'gcpiapjwtauthenticator.GCPIAPAuthenticator'" : "dummy" + service_type = var.add_auth ? "NodePort" : "LoadBalancer" + gcs_bucket = var.gcs_bucket + k8s_service_account = var.workload_identity_service_account + ephemeral_storage = var.ephemeral_storage }) ] : [templatefile("${path.module}/jupyter_config/config-selfauth.yaml", { password = var.add_auth ? "dummy" : random_password.generated_password[0].result @@ -178,13 +178,13 @@ resource "helm_release" "jupyterhub" { ephemeral_storage = var.ephemeral_storage }) ] - depends_on = [ module.jupyterhub-workload-identity ] + depends_on = [module.jupyterhub-workload-identity] } data "kubernetes_service" "jupyter-ingress" { metadata { - name = var.k8s_ingress_name + name = var.k8s_backend_service_name namespace = var.namespace } - depends_on = [module.iap_auth] + depends_on = [module.iap_auth, helm_release.jupyterhub] } \ No newline at end of file diff --git a/modules/jupyter/variables.tf b/modules/jupyter/variables.tf index 30aa7210f..0fa2ba7bf 100644 --- a/modules/jupyter/variables.tf +++ b/modules/jupyter/variables.tf @@ -62,9 +62,9 @@ variable "k8s_ingress_name" { } variable "k8s_managed_cert_name" { - type = string - description = "Name for frontend managed certificate" - default = "jupyter-managed-cert" + type = string + description = "Name for frontend managed certificate" + default = "jupyter-managed-cert" } variable "k8s_iap_secret_name" {