Enable sole tenancy (node_affinities) on compute_vm (#1903)
This commit is contained in:
Luca Prete
@@ -36,6 +36,7 @@ In both modes, an optional service account can be created and assigned to either
|
||||
- [Snapshot Schedules](#snapshot-schedules)
|
||||
- [Resource Manager Tags (non-firewall)](#resource-manager-tags-non-firewall)
|
||||
- [Resource Manager Tags (firewall)](#resource-manager-tags-firewall)
|
||||
- [Sole Tenancy](#sole-tenancy)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
@@ -737,6 +738,35 @@ module "simple-vm-example" {
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=tag-bindings.yaml
|
||||
```
|
||||
|
||||
### Sole Tenancy
|
||||
|
||||
You can add node affinities (and anti-affinity) configurations to allocate the VM on sole tenant nodes.
|
||||
|
||||
```hcl
|
||||
module "sole-tenancy" {
|
||||
source = "./fabric/modules/compute-vm"
|
||||
project_id = var.project_id
|
||||
zone = "europe-west1-b"
|
||||
name = "test"
|
||||
network_interfaces = [{
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
}]
|
||||
options = {
|
||||
node_affinities = {
|
||||
workload = {
|
||||
values = ["frontend"]
|
||||
}
|
||||
cpu = {
|
||||
in = false
|
||||
values = ["c3"]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=sole-tenancy.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
@@ -744,8 +774,8 @@ module "simple-vm-example" {
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L235) | Instance name. | <code>string</code> | ✓ | |
|
||||
| [network_interfaces](variables.tf#L240) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ network = string subnetwork = string alias_ips = optional(map(string), {}) nat = optional(bool, false) nic_type = optional(string) stack_type = optional(string) addresses = optional(object({ internal = optional(string) external = optional(string) }), null) }))">list(object({…}))</code> | ✓ | |
|
||||
| [project_id](variables.tf#L278) | Project id. | <code>string</code> | ✓ | |
|
||||
| [zone](variables.tf#L376) | Compute zone. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L282) | Project id. | <code>string</code> | ✓ | |
|
||||
| [zone](variables.tf#L380) | Compute zone. | <code>string</code> | ✓ | |
|
||||
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
||||
| [attached_disks](variables.tf#L37) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list(object({ name = string device_name = optional(string) size = string snapshot_schedule = optional(string) source = optional(string) source_type = optional(string) options = optional( object({ auto_delete = optional(bool, false) mode = optional(string, "READ_WRITE") replica_zone = optional(string) type = optional(string, "pd-balanced") }), { auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" } ) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [boot_disk](variables.tf#L83) | Boot disk properties. | <code title="object({ auto_delete = optional(bool, true) snapshot_schedule = optional(string) source = optional(string) initialize_params = optional(object({ image = optional(string, "projects/debian-cloud/global/images/family/debian-11") size = optional(number, 10) type = optional(string, "pd-balanced") })) use_independent_disk = optional(bool, false) })">object({…})</code> | | <code title="{ initialize_params = {} }">{…}</code> |
|
||||
@@ -763,14 +793,14 @@ module "simple-vm-example" {
|
||||
| [labels](variables.tf#L217) | Instance labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [metadata](variables.tf#L223) | Instance metadata. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [min_cpu_platform](variables.tf#L229) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
|
||||
| [options](variables.tf#L256) | Instance options. | <code title="object({ allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) spot = optional(bool, false) termination_action = optional(string) })">object({…})</code> | | <code title="{ allow_stopping_for_update = true deletion_protection = false spot = false termination_action = null }">{…}</code> |
|
||||
| [scratch_disks](variables.tf#L283) | Scratch disks configuration. | <code title="object({ count = number interface = string })">object({…})</code> | | <code title="{ count = 0 interface = "NVME" }">{…}</code> |
|
||||
| [service_account](variables.tf#L295) | Service account email and scopes. If email is null, the default Compute service account will be used unless auto_create is true, in which case a service account will be created. Set the variable to null to avoid attaching a service account. | <code title="object({ auto_create = optional(bool, false) email = optional(string) scopes = optional(list(string)) })">object({…})</code> | | <code>{}</code> |
|
||||
| [shielded_config](variables.tf#L305) | Shielded VM configuration of the instances. | <code title="object({ enable_secure_boot = bool enable_vtpm = bool enable_integrity_monitoring = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [snapshot_schedules](variables.tf#L315) | Snapshot schedule resource policies that can be attached to disks. | <code title="map(object({ schedule = object({ daily = optional(object({ days_in_cycle = number start_time = string })) hourly = optional(object({ hours_in_cycle = number start_time = string })) weekly = optional(list(object({ day = string start_time = string }))) }) description = optional(string) retention_policy = optional(object({ max_retention_days = number on_source_disk_delete_keep = optional(bool) })) snapshot_properties = optional(object({ chain_name = optional(string) guest_flush = optional(bool) labels = optional(map(string)) storage_locations = optional(list(string)) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tag_bindings](variables.tf#L358) | Resource manager tag bindings for this instance, in tag key => tag value format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tag_bindings_firewall](variables.tf#L364) | Firewall (network scoped) tag bindings for this instance, in tag key => tag value format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L370) | Instance network tags for firewall rule targets. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [options](variables.tf#L256) | Instance options. | <code title="object({ allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) node_affinities = optional(map(object({ values = list(string) in = optional(bool, true) })), {}) spot = optional(bool, false) termination_action = optional(string) })">object({…})</code> | | <code title="{ allow_stopping_for_update = true deletion_protection = false spot = false termination_action = null }">{…}</code> |
|
||||
| [scratch_disks](variables.tf#L287) | Scratch disks configuration. | <code title="object({ count = number interface = string })">object({…})</code> | | <code title="{ count = 0 interface = "NVME" }">{…}</code> |
|
||||
| [service_account](variables.tf#L299) | Service account email and scopes. If email is null, the default Compute service account will be used unless auto_create is true, in which case a service account will be created. Set the variable to null to avoid attaching a service account. | <code title="object({ auto_create = optional(bool, false) email = optional(string) scopes = optional(list(string)) })">object({…})</code> | | <code>{}</code> |
|
||||
| [shielded_config](variables.tf#L309) | Shielded VM configuration of the instances. | <code title="object({ enable_secure_boot = bool enable_vtpm = bool enable_integrity_monitoring = bool })">object({…})</code> | | <code>null</code> |
|
||||
| [snapshot_schedules](variables.tf#L319) | Snapshot schedule resource policies that can be attached to disks. | <code title="map(object({ schedule = object({ daily = optional(object({ days_in_cycle = number start_time = string })) hourly = optional(object({ hours_in_cycle = number start_time = string })) weekly = optional(list(object({ day = string start_time = string }))) }) description = optional(string) retention_policy = optional(object({ max_retention_days = number on_source_disk_delete_keep = optional(bool) })) snapshot_properties = optional(object({ chain_name = optional(string) guest_flush = optional(bool) labels = optional(map(string)) storage_locations = optional(list(string)) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [tag_bindings](variables.tf#L362) | Resource manager tag bindings for this instance, in tag key => tag value format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tag_bindings_firewall](variables.tf#L368) | Firewall (network scoped) tag bindings for this instance, in tag key => tag value format. | <code>map(string)</code> | | <code>null</code> |
|
||||
| [tags](variables.tf#L374) | Instance network tags for firewall rule targets. | <code>list(string)</code> | | <code>[]</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -273,6 +273,16 @@ resource "google_compute_instance" "default" {
|
||||
on_host_maintenance = local.on_host_maintenance
|
||||
preemptible = var.options.spot
|
||||
provisioning_model = var.options.spot ? "SPOT" : "STANDARD"
|
||||
|
||||
dynamic "node_affinities" {
|
||||
for_each = var.options.node_affinities
|
||||
iterator = affinity
|
||||
content {
|
||||
key = affinity.key
|
||||
operator = affinity.value.in ? "IN" : "NOT_IN"
|
||||
values = affinity.value.values
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "scratch_disk" {
|
||||
@@ -418,6 +428,16 @@ resource "google_compute_instance_template" "default" {
|
||||
on_host_maintenance = local.on_host_maintenance
|
||||
preemptible = var.options.spot
|
||||
provisioning_model = var.options.spot ? "SPOT" : "STANDARD"
|
||||
|
||||
dynamic "node_affinities" {
|
||||
for_each = var.options.node_affinities
|
||||
iterator = affinity
|
||||
content {
|
||||
key = affinity.key
|
||||
operator = affinity.value.in ? "IN" : "NOT_IN"
|
||||
values = affinity.value.values
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "service_account" {
|
||||
|
||||
@@ -258,8 +258,12 @@ variable "options" {
|
||||
type = object({
|
||||
allow_stopping_for_update = optional(bool, true)
|
||||
deletion_protection = optional(bool, false)
|
||||
spot = optional(bool, false)
|
||||
termination_action = optional(string)
|
||||
node_affinities = optional(map(object({
|
||||
values = list(string)
|
||||
in = optional(bool, true)
|
||||
})), {})
|
||||
spot = optional(bool, false)
|
||||
termination_action = optional(string)
|
||||
})
|
||||
default = {
|
||||
allow_stopping_for_update = true
|
||||
|
||||
87
tests/modules/compute_vm/examples/sole-tenancy.yaml
Normal file
87
tests/modules/compute_vm/examples/sole-tenancy.yaml
Normal file
@@ -0,0 +1,87 @@
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.sole-tenancy.google_compute_instance.default[0]:
|
||||
advanced_machine_features: []
|
||||
allow_stopping_for_update: true
|
||||
attached_disk: []
|
||||
boot_disk:
|
||||
- auto_delete: true
|
||||
disk_encryption_key_raw: null
|
||||
initialize_params:
|
||||
- enable_confidential_compute: null
|
||||
image: projects/debian-cloud/global/images/family/debian-11
|
||||
resource_manager_tags: null
|
||||
size: 10
|
||||
type: pd-balanced
|
||||
mode: READ_WRITE
|
||||
can_ip_forward: false
|
||||
deletion_protection: false
|
||||
description: Managed by the compute-vm Terraform module.
|
||||
desired_status: null
|
||||
enable_display: false
|
||||
hostname: null
|
||||
labels: null
|
||||
machine_type: f1-micro
|
||||
metadata: null
|
||||
metadata_startup_script: null
|
||||
name: test
|
||||
network_interface:
|
||||
- access_config: []
|
||||
alias_ip_range: []
|
||||
ipv6_access_config: []
|
||||
network: projects/xxx/global/networks/aaa
|
||||
nic_type: null
|
||||
queue_count: null
|
||||
security_policy: null
|
||||
subnetwork: subnet_self_link
|
||||
network_performance_config: []
|
||||
params: []
|
||||
project: project-id
|
||||
resource_policies: null
|
||||
scheduling:
|
||||
- automatic_restart: true
|
||||
instance_termination_action: null
|
||||
local_ssd_recovery_timeout: []
|
||||
maintenance_interval: null
|
||||
max_run_duration: []
|
||||
min_node_cpus: null
|
||||
node_affinities:
|
||||
- key: cpu
|
||||
operator: NOT_IN
|
||||
values:
|
||||
- c3
|
||||
- key: workload
|
||||
operator: IN
|
||||
values:
|
||||
- frontend
|
||||
on_host_maintenance: MIGRATE
|
||||
preemptible: false
|
||||
provisioning_model: STANDARD
|
||||
scratch_disk: []
|
||||
service_account:
|
||||
- scopes:
|
||||
- https://www.googleapis.com/auth/devstorage.read_only
|
||||
- https://www.googleapis.com/auth/logging.write
|
||||
- https://www.googleapis.com/auth/monitoring.write
|
||||
shielded_instance_config: []
|
||||
tags: null
|
||||
timeouts: null
|
||||
zone: europe-west1-b
|
||||
|
||||
counts:
|
||||
google_compute_instance: 1
|
||||
modules: 1
|
||||
resources: 1
|
||||
Reference in New Issue
Block a user