(beam) branch master updated: Update to fix endpoint connectivity (#30022)

Wed, 17 Jan 2024 11:05:25 -0800 

This is an automated email from the ASF dual-hosted git repository.

jrmccluskey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git


The following commit(s) were added to refs/heads/master by this push:
     new 52b4a9cb58e Update to fix endpoint connectivity (#30022)
52b4a9cb58e is described below

commit 52b4a9cb58e486745ded7d53a5b6e2d2312e9551
Author: Damon <[email protected]>
AuthorDate: Wed Jan 17 11:05:10 2024 -0800

    Update to fix endpoint connectivity (#30022)
---
 .../google-kubernetes-engine/README.md                | 14 ++++++++++----
 .../google-kubernetes-engine/cluster.tf               | 19 +++++++++++--------
 ....tfvars => us-central1.apache-beam-testing.tfvars} |  4 ++--
 ...ing.tfvars => us-west1.apache-beam-testing.tfvars} |  2 +-
 4 files changed, 24 insertions(+), 15 deletions(-)

diff --git 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/README.md
 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/README.md
index cd9558e7739..3b4a31d2a98 100644
--- 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/README.md
+++ 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/README.md
@@ -27,13 +27,13 @@ Google Cloud Platform (GCP).
 See [Google Cloud Platform requirements](../../google-cloud-platform/README.md)
 for details on requirements and usage.
 
-# Prerequisites
+# IMPORTANT Prerequisites
 
 This module assumes the following pre-existing resources:
 
 - [Cloud Resource Manager API 
Enabled](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com)
 - [Virtual Private Cloud (VPC) network and 
subnetwork](https://cloud.google.com/vpc/docs/create-modify-vpc-networks)
-- [GCP Service 
Account](https://cloud.google.com/iam/docs/service-accounts-create)
+- [GCP Service 
Account](https://cloud.google.com/iam/docs/service-accounts-create) with 
[minimally permissive IAM 
roles](https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa)
 
 # Step 1. Create vars.tfvars
 
@@ -53,9 +53,15 @@ variable names.
 
 ## If you are provisioning in `apache-beam-testing`:
 
+Set the region:
+```
+REGION=us-central1
+```
+
+Apply the module:
 ```
 terraform init
-terraform apply -var-file=apache-beam-testing.tfvars
+terraform apply -var-file=$REGION.apache-beam-testing.tfvars
 ```
 
 You will be prompted for any remaining variables.
@@ -67,4 +73,4 @@ terraform init
 terraform apply -var-file=vars.tfvars
 ```
 
-You will be prompted for any remaining variables.
+You will be prompted for any remaining variables.
\ No newline at end of file
diff --git 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/cluster.tf
 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/cluster.tf
index 90c6ac79338..db41632124a 100644
--- 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/cluster.tf
+++ 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/cluster.tf
@@ -23,15 +23,18 @@ resource "random_string" "postfix" {
 }
 
 resource "google_container_cluster" "default" {
-  depends_on       = [google_project_service.required]
-  name             = 
"${var.cluster_name_prefix}-${random_string.postfix.result}"
-  location         = var.region
-  enable_autopilot = true
-  network          = data.google_compute_network.default.id
-  subnetwork       = data.google_compute_subnetwork.default.id
-  master_authorized_networks_config {}
+  depends_on          = [google_project_service.required]
+  deletion_protection = false
+  name                = 
"${var.cluster_name_prefix}-${random_string.postfix.result}"
+  location            = var.region
+  enable_autopilot    = true
+  network             = data.google_compute_network.default.id
+  subnetwork          = data.google_compute_subnetwork.default.id
   private_cluster_config {
     enable_private_nodes    = true
     enable_private_endpoint = false
   }
-}
+  node_config {
+    service_account = data.google_service_account.default.email
+  }
+}
\ No newline at end of file
diff --git 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/apache-beam-testing.tfvars
 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/us-central1.apache-beam-testing.tfvars
similarity index 92%
copy from 
.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/apache-beam-testing.tfvars
copy to 
.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/us-central1.apache-beam-testing.tfvars
index f1105e180f7..34d0b6076c8 100644
--- 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/apache-beam-testing.tfvars
+++ 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/us-central1.apache-beam-testing.tfvars
@@ -18,5 +18,5 @@
 
 project    = "apache-beam-testing"
 network    = "default"
-subnetwork = "default"
-region     = "us-central1"
+subnetwork = "default-f91f013bcf8bd369"
+region     = "us-central1"
\ No newline at end of file
diff --git 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/apache-beam-testing.tfvars
 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/us-west1.apache-beam-testing.tfvars
similarity index 97%
rename from 
.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/apache-beam-testing.tfvars
rename to 
.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/us-west1.apache-beam-testing.tfvars
index f1105e180f7..4de029a41c8 100644
--- 
a/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/apache-beam-testing.tfvars
+++ 
b/.test-infra/terraform/google-cloud-platform/google-kubernetes-engine/us-west1.apache-beam-testing.tfvars
@@ -19,4 +19,4 @@
 project    = "apache-beam-testing"
 network    = "default"
 subnetwork = "default"
-region     = "us-central1"
+region     = "us-west1"
\ No newline at end of file

Reply via email to