Merge pull request #46 from anyscale/brent/example-no_filestore

upd: Example with no Filestore

CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.17.3 (Released)
+FEATURES:
+
+BUG FIXES:
+
+BREAKING CHANGES:
+
+OTHER:
+- New example for an Anyscale Cloud without Filestore requirements
+
 ## 0.17.2 (Released)
 FEATURES:
 

README.md

@@ -43,6 +43,8 @@ The examples folder has several common use cases that have been tested. These in
   * [anyscale-v2-kitchensink](https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/tree/main/examples/anyscale-v2-kitchensink): Build everything with as many parameters as possible
   * [anyscale-v2-vpc-shared](https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/tree/main/examples/anyscale-v2-vpc-shared): Build evertything but use an existing VPC shared from a different Anyscale Project
   * [anyscale-v2-existingidentityfederation](https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/tree/main/examples/anyscale-v2-existingidentityfederation): Use an existing Workload Identity Federation Ressource and Project.
+  * [anyscale-v2-no_filestore](https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/tree/main/examples/anyscale-v2-no_filestore): Build everything except for the Filestore service, use a common name for all resources
+
 
 These examples will include an output that can be run with the Anyscale CLI to build an Anyscale Cloud with the Google resources.
 Additional examples can be requested via an [issues] ticket.

examples/anyscale-v2-no_filestore/README.md

@@ -0,0 +1,59 @@
+# anyscale-v2-no_filestore example
+
+Builds the resources for Anyscale in a Google Cloud.
+This example will build resources with a standard prefix and random suffix.
+Creates a v2 stack including:
+- Project
+- Enabling Cloud APIs on the Project
+- Cloud Storage Bucket - Standard
+- IAM Roles
+- VPC with publicly routed subnets (no internal)
+- VPC Firewall
+
+This does NOT create a GCP Filestore for NFS mounts. It uses `gcsfuse` as an alternative for Anyscale Workspace snapshots and associated tooling.
+
+Since this creates a new project, the user/role that is executing this example needs to have the `roles/billing.user` permission to tie the project to a Billing Account.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 5.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_google_anyscale_v2_commonname"></a> [google\_anyscale\_v2\_commonname](#module\_google\_anyscale\_v2\_commonname) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_anyscale_google_region"></a> [anyscale\_google\_region](#input\_anyscale\_google\_region) | (Required) Google region to deploy Anyscale resources. | `string` | n/a | yes |
+| <a name="input_anyscale_google_zone"></a> [anyscale\_google\_zone](#input\_anyscale\_google\_zone) | (Required) Google zone to deploy Anyscale resources. | `string` | n/a | yes |
+| <a name="input_anyscale_org_id"></a> [anyscale\_org\_id](#input\_anyscale\_org\_id) | (Required) Anyscale Organization ID | `string` | n/a | yes |
+| <a name="input_billing_account_id"></a> [billing\_account\_id](#input\_billing\_account\_id) | (Required) Google billing account ID to deploy Anyscale resources. | `string` | n/a | yes |
+| <a name="input_customer_ingress_cidr_ranges"></a> [customer\_ingress\_cidr\_ranges](#input\_customer\_ingress\_cidr\_ranges) | The IPv4 CIDR blocks that allows access Anyscale clusters.<br/>These are added to the firewall and allows port 443 (https) and 22 (ssh) access.<br/>ex: `52.1.1.23/32,10.1.0.0/16'<br/>` | `string` | n/a | yes |
+| <a name="input_root_folder_number"></a> [root\_folder\_number](#input\_root\_folder\_number) | (Required) Google Folder number to deploy Anyscale resources. Will create a new sub-project by default. | `string` | n/a | yes |
+| <a name="input_anyscale_cloud_id"></a> [anyscale\_cloud\_id](#input\_anyscale\_cloud\_id) | (Optional) Anyscale Cloud ID. Default is `null`. | `string` | `null` | no |
+| <a name="input_anyscale_deploy_env"></a> [anyscale\_deploy\_env](#input\_anyscale\_deploy\_env) | (Required) Anyscale deploy environment. Used in resource names and tags. | `string` | `"production"` | no |
+| <a name="input_labels"></a> [labels](#input\_labels) | (Optional) A map of labels to all resources that accept labels. | `map(string)` | <pre>{<br/>  "environment": "test",<br/>  "test": "true"<br/>}</pre> | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_registration_command"></a> [registration\_command](#output\_registration\_command) | The Anyscale registration command. |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC. |
+<!-- END_TF_DOCS -->

examples/anyscale-v2-no_filestore/main.tf

@@ -0,0 +1,54 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# Create core Anyscale v2 Stack resources in Google Cloud with common name
+#   Creates a v2 stack including
+#     - Project
+#     - Enabling Cloud APIs on the Project
+#     - Cloud Storage Bucket
+#     - IAM Roles
+#     - VPC with publicly routed subnets (no internal)
+#     - VPC Firewall
+#     - NO Filestore
+# ---------------------------------------------------------------------------------------------------------------------
+locals {
+  full_labels = merge(tomap({
+    anyscale-cloud-id           = var.anyscale_cloud_id,
+    anyscale-deploy-environment = var.anyscale_deploy_env
+    }),
+    var.labels
+  )
+
+}
+
+module "google_anyscale_v2_commonname" {
+  source = "../.."
+  labels = local.full_labels
+
+  anyscale_deploy_env      = var.anyscale_deploy_env
+  anyscale_cloud_id        = var.anyscale_cloud_id
+  anyscale_organization_id = var.anyscale_org_id
+
+  common_prefix   = "anyscale-tf-"
+  use_common_name = true
+
+  # Project Related
+  anyscale_project_billing_account = var.billing_account_id
+  anyscale_project_folder_id       = var.root_folder_number
+
+  # VPC Related
+  anyscale_vpc_public_subnet_cidr = "172.25.100.0/22"
+  anyscale_vpc_proxy_subnet_cidr  = "172.25.104.0/22"
+
+  # Firewall Related
+  anyscale_vpc_firewall_allow_access_from_cidrs = var.customer_ingress_cidr_ranges
+
+  # Filestore Related
+  enable_anyscale_filestore = false # Disable creating the Anyscale Filestore
+
+  # Cloud Storage (Bucket) Related
+  anyscale_bucket_location = "US"
+
+  # Enable Cloud Logging on GCP - this will enable sending logs and metrics to GCP Logs and Monitoring
+  enable_cloud_logging_monitoring = true
+
+  enable_anyscale_loggingsink = false
+}

examples/anyscale-v2-no_filestore/outputs.tf

@@ -0,0 +1,22 @@
+output "registration_command" {
+  description = "The Anyscale registration command."
+  value       = <<-EOT
+    anyscale cloud register --provider gcp \
+    --name <anyscale_cloud_name> \
+    --project-id ${module.google_anyscale_v2_commonname.project_name} \
+    --vpc-name ${module.google_anyscale_v2_commonname.vpc_name} \
+    --subnet-names ${module.google_anyscale_v2_commonname.public_subnet_name} \
+    --region ${module.google_anyscale_v2_commonname.public_subnet_region} \
+    --firewall-policy-names ${module.google_anyscale_v2_commonname.vpc_firewall_policy_name} \
+    --cloud-storage-bucket-name ${module.google_anyscale_v2_commonname.cloudstorage_bucket_name} \
+    --anyscale-service-account-email ${module.google_anyscale_v2_commonname.iam_anyscale_access_service_acct_email} \
+    --instance-service-account-email ${module.google_anyscale_v2_commonname.iam_anyscale_cluster_node_service_acct_email} \
+    --provider-name ${module.google_anyscale_v2_commonname.iam_workload_identity_provider_name}
+  EOT
+}
+#
+
+output "vpc_id" {
+  description = "The ID of the VPC."
+  value       = module.google_anyscale_v2_commonname.vpc_id
+}

examples/anyscale-v2-no_filestore/variables.tf

@@ -0,0 +1,89 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# ENVIRONMENT VARIABLES
+# Define these secrets as environment variables
+# ---------------------------------------------------------------------------------------------------------------------
+
+
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED VARIABLES
+# These variables must be set when using this module.
+# ---------------------------------------------------------------------------------------------------------------------
+variable "anyscale_google_region" {
+  description = "(Required) Google region to deploy Anyscale resources."
+  type        = string
+}
+variable "anyscale_google_zone" {
+  description = "(Required) Google zone to deploy Anyscale resources."
+  type        = string
+}
+
+variable "anyscale_org_id" {
+  description = "(Required) Anyscale Organization ID"
+  type        = string
+  validation {
+    condition = (
+      length(var.anyscale_org_id) > 4 &&
+      substr(var.anyscale_org_id, 0, 4) == "org_"
+    )
+    error_message = "The anyscale_org_id value must start with \"org_\"."
+  }
+}
+
+# Project Related Required Variables
+variable "root_folder_number" {
+  description = "(Required) Google Folder number to deploy Anyscale resources. Will create a new sub-project by default."
+  type        = string
+}
+variable "billing_account_id" {
+  description = "(Required) Google billing account ID to deploy Anyscale resources."
+  type        = string
+}
+
+variable "customer_ingress_cidr_ranges" {
+  description = <<-EOT
+    The IPv4 CIDR blocks that allows access Anyscale clusters.
+    These are added to the firewall and allows port 443 (https) and 22 (ssh) access.
+    ex: `52.1.1.23/32,10.1.0.0/16'
+  EOT
+  type        = string
+}
+
+# ------------------------------------------------------------------------------
+# OPTIONAL PARAMETERS
+# These variables have defaults, but may be overridden.
+# ------------------------------------------------------------------------------
+variable "anyscale_deploy_env" {
+  description = "(Required) Anyscale deploy environment. Used in resource names and tags."
+  type        = string
+  validation {
+    condition = (
+      var.anyscale_deploy_env == "production" || var.anyscale_deploy_env == "development" || var.anyscale_deploy_env == "test"
+    )
+    error_message = "The anyscale_deploy_env only allows `production`, `test`, or `development`"
+  }
+  default = "production"
+}
+
+variable "anyscale_cloud_id" {
+  description = "(Optional) Anyscale Cloud ID. Default is `null`."
+  type        = string
+  default     = null
+  validation {
+    condition = (
+      var.anyscale_cloud_id == null ? true : (
+        length(var.anyscale_cloud_id) > 4 &&
+        substr(var.anyscale_cloud_id, 0, 4) == "cld_"
+      )
+    )
+    error_message = "The anyscale_cloud_id value must start with \"cld_\"."
+  }
+}
+
+variable "labels" {
+  description = "(Optional) A map of labels to all resources that accept labels."
+  type        = map(string)
+  default = {
+    "test" : "true",
+    "environment" : "test"
+  }
+}

examples/anyscale-v2-no_filestore/versions.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "google" {
+  region = var.anyscale_google_region
+  zone   = var.anyscale_google_zone
+}