diff --git a/blueprints/data-solutions/README.md b/blueprints/data-solutions/README.md
index 44311b632..819861ebb 100644
--- a/blueprints/data-solutions/README.md
+++ b/blueprints/data-solutions/README.md
@@ -46,5 +46,5 @@ running on a VPC with a private IP and a dedicated Service Account. A GCS bucket
-This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/sql) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
+This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/composer/) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
\ No newline at end of file
diff --git a/blueprints/data-solutions/composer-2/README.md b/blueprints/data-solutions/composer-2/README.md
index 00dbcc0fc..4ee62126c 100644
--- a/blueprints/data-solutions/composer-2/README.md
+++ b/blueprints/data-solutions/composer-2/README.md
@@ -1,10 +1,10 @@
# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
-This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major verion for Cloud Composer that supports:
+This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major version for Cloud Composer that supports:
- environment autoscaling
- workloads configuration: CPU, memory, and storage parameters for Airflow workers, schedulers, web server, and database.
-Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exaustive comparison between Composer Version 1 and Version 2.
+Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exhaustive comparison between Composer Version 1 and Version 2.
The solution will use:
- Cloud Composer
@@ -31,7 +31,7 @@ Run Terraform init:
$ terraform init
```
-Configure the Terraform variable in your terraform.tfvars file. You need to spefify at least the following variables:
+Configure the Terraform variable in your terraform.tfvars file. You need to specify at least the following variables:
```tfvars
project_id = "lcaggioni-sandbox"
@@ -48,6 +48,12 @@ You can now connect to your instance.
# Customizations
+## VPC
+If a shared VPC is not configured, a VPC will be created within the project. The following IP ranges will be used:
+- Cloudsql: `10.20.10.0/24`
+- GKE: `10.20.11.0/28`
+
+Change the code as needed to match your needed configuration, remember that these addresses should not overlap with any other range used in network.
## Shared VPC
As is often the case in real-world configurations, this blueprint accepts as input an existing [`Shared-VPC`](https://cloud.google.com/vpc/docs/shared-vpc) via the `network_config` variable.
@@ -69,7 +75,7 @@ Make sure that:
- The subnet has secondary ranges configured with 2 ranges:
- pods: `/22` example: `10.10.8.0/22`
- services = `/24` example: 10.10.12.0/24`
-- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/how-to/managing/configuring-private-ip#step_3_configure_firewall_rules)
+- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/composer-2/configure-private-ip#step_3_configure_firewall_rules)
In order to run the example and deploy Cloud Composer on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
- Compute Network Admin (roles/compute.networkAdmin)
diff --git a/blueprints/data-solutions/composer-2/main.tf b/blueprints/data-solutions/composer-2/main.tf
index e85562964..c55113e02 100644
--- a/blueprints/data-solutions/composer-2/main.tf
+++ b/blueprints/data-solutions/composer-2/main.tf
@@ -23,6 +23,7 @@ locals {
var.iam_groups_map
)
+ # Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
_shared_vpc_bindings = {
"roles/compute.networkUser" = [
"prj-cloudservices", "prj-robot-gke"
@@ -128,13 +129,7 @@ module "vpc" {
]
}
-module "firewall" {
- source = "../../../modules/net-vpc-firewall"
- count = local.use_shared_vpc ? 0 : 1
- project_id = module.project.project_id
- network = module.vpc.0.name
- admin_ranges = ["10.0.0.0/20"]
-}
+# No explicit firewall rules set, created automatically by GKE autopilot
module "nat" {
source = "../../../modules/net-cloudnat"
diff --git a/blueprints/data-solutions/composer-2/variables.tf b/blueprints/data-solutions/composer-2/variables.tf
index c39f3b32e..0a57eef23 100644
--- a/blueprints/data-solutions/composer-2/variables.tf
+++ b/blueprints/data-solutions/composer-2/variables.tf
@@ -15,7 +15,7 @@
*/
variable "composer_config" {
- description = "Composer environemnt configuration. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
+ description = "Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
type = object({
environment_size = string
software_config = any
@@ -98,7 +98,7 @@ variable "project_id" {
}
variable "region" {
- description = "Region where instances will be deployed."
+ description = "Reagion where instances will be deployed."
type = string
default = "europe-west1"
}