This repository's Terraform modules build the foundational cloud resources needed to run Anyscale in a cloud environment. This module and sub-modules support Google Cloud.
THIS IS PROVIDED AS A STARTING POINT
USE AT YOUR OWN RISK
The Anyscale GCP Deployment Guide details the minimum required resources for deploying Anyscale on GCP. This module can be used to build the resources to support Customer Defined Networking Clouds (diagrammed below) and Direct Networking Clouds.
To streamline long-term management and enable customization, we've modularized the resources into the following Terraform sub-modules:
- google-anyscale-cloudapis - This enables the Google Cloud APIs necessary for Anyscale to work
- google-anyscale-cloudstorage - This builds a Cloud Storage bucket, which Anyscale uses to store cluster logs and shared resources.
- google-anyscale-filestore - This builds a FileStore and mount points, which Workspaces use.
- google-anyscale-iam - This builds IAM roles and policies. One role for cross-account access from the Anyscale Control Plane, and one for compute/clusters to use.
- google-anyscale-project - This builds a base Google Project
- google-anyscale-vpc - This builds a rudimentary Google VPC
- google-anyscale-vpc-firewall - This builds the required Google VPC Firewall Policy
- google-anyscale-memorystore - This (optional) module creates a Memorystore resource used for Anyscale Services Head Node High Availability. To use, make sure to set
enable_anyscale_memorystore
properly.
These sub-modules should only be called from the root module (current location).
These modules are designed with best practices in mind, ensuring a secure, efficient, and scalable Anyscale deployment on Google Cloud. Each submodule can be disabled, allowing easy incorporation of custom solutions for specific resources.
If you choose to disable a module, creating and managing that resource shifts to you. This flexibility is ideal if you have existing network setups (e.g., VPCs) or need tailored configurations for Buckets, IAM, Filestore, or other services. The Anyscale GCP Terraform Modules are particularly useful for integrating Anyscale components with pre-existing infrastructure, ensuring a smooth blend between what you already have and need.
The examples folder has several common use cases that have been tested. These include:
- Anyscale v2
- anyscale-v2: Build everything with minimal parameters (primarily used for testing)
- anyscale-v2-commonname: Build everything, use a common name for all resources
- anyscale-v2-privatenetwork: Build everything but with a private network - includes Memorystore resources
- anyscale-v2-existingproject: Build everything except the project
- anyscale-v2-existingvpc: Build everything except the VPC
- anyscale-v2-kitchensink: Build everything with as many parameters as possible
- anyscale-v2-vpc-shared: Build evertything but use an existing VPC shared from a different Anyscale Project
These examples will include an output that can be run with the Anyscale CLI to build an Anyscale Cloud with the Google resources. Additional examples can be requested via an issues ticket.
Example Cloud Register command for GCP:
anyscale cloud register --provider gcp \
--name gce-anyscale-tf-test-1 \
--vpc-name anyscale-tf-test-1 \
--subnet-names anyscale-tf-test-1-subnet-uscentral1 \
--filestore-instance-id anyscale-tf-test-1 \
--filestore-location us-central1-a \
--anyscale-service-account-email anyscale-tf-test-1-crossacc@gcp-register-cloud-1.iam.gserviceaccount.com \
--instance-service-account-email anyscale-tf-test-1-cluster@gcp-register-cloud-1.iam.gserviceaccount.com \
--firewall-policy-names anyscale-tf-test-1-fw \
--cloud-storage-bucket-name anyscale-tf-test-1 \
--region us-central1 \
--project-id gcp-register-cloud-dogfood-1 \
--provider-name projects/123456789012/locations/global/workloadIdentityPools/anyscale-tf-test-1/providers/private-cloud
--memorystore-instance-name anyscale-memorystore
--private-network
We use GitHub Issues to track community reported issues and missing features.
When registering a cloud with Memorystore, please take note that Ray GCS supports a single shard across multiple Redis nodes, but NOT multiple shards.
None
Name | Version |
---|---|
terraform | >= 1.0 |
~> 5.0 | |
random | ~> 3.0 |
Name | Version |
---|---|
6.4.0 | |
random | 3.6.3 |
Name | Source | Version |
---|---|---|
google_anyscale_cloudapis | ./modules/google-anyscale-cloudapis | n/a |
google_anyscale_cloudstorage | ./modules/google-anyscale-cloudstorage | n/a |
google_anyscale_filestore | ./modules/google-anyscale-filestore | n/a |
google_anyscale_iam | ./modules/google-anyscale-iam | n/a |
google_anyscale_loggingsink | ./modules/google-anyscale-loggingsink | n/a |
google_anyscale_memorystore | ./modules/google-anyscale-memorystore | n/a |
google_anyscale_project | ./modules/google-anyscale-project | n/a |
google_anyscale_vpc | ./modules/google-anyscale-vpc | n/a |
google_anyscale_vpc_firewall_policy | ./modules/google-anyscale-vpc-firewall | n/a |
Name | Type |
---|---|
random_id.common_name | resource |
google_client_config.current | data source |
google_compute_subnetwork.existing_vpc_subnet | data source |
google_compute_subnetwork.shared_vpc_subnet | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_ssh_from_google_ui | (Optional) Determines if SSH access is allowed from the Google UI. ex: allow_ssh_from_google_ui = true |
bool |
false |
no |
anyscale_access_role_description | (Optional) The description of the Anyscale IAM access role. ex: anyscale_access_role_description = "Anyscale Cross Account Access" |
string |
"Anyscale Cross Account Access Role" |
no |
anyscale_bucket_cors_rules | (Optional) List of CORS rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#cors except max_age_seconds should be a number. ex: anyscale_bucket_cors_rules = [ |
set(object({ |
[ |
no |
anyscale_bucket_lifecycle_rules | (Optional) List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string. ex: anyscale_bucket_lifecycle_rules = [ |
set(object({ |
[] |
no |
anyscale_bucket_location | (Optional) The location of the bucket. ex: anyscale_bucket_location = "US" |
string |
"US" |
no |
anyscale_bucket_name | (Optional - forces new resource) Cloudstorage bucket name. The name of the bucket used to store Anyscale related logs and other shared resources. - If left null , will default to anyscale_bucket_prefix .- If provided, overrides the anyscale_bucket_prefix variable.ex: anyscale_bucket_name = "anyscale-bucket" |
string |
null |
no |
anyscale_bucket_prefix | (Optional - forces new resource) Cloudstorage bucket name prefix. Creates a unique bucket name beginning with the specified prefix. - If anyscale_bucket_name is provided, it will override this variable.- The variable general_prefix is a fall-back prefix if this is not provided.- Default is null but is set to anyscale- in a local variable.ex: anyscale_bucket_prefix = "anyscale-bucket-" |
string |
null |
no |
anyscale_bucket_storage_class | (Optional) Bucket storage class. Must be one of: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE ex: anyscale_bucket_storage_class = "STANDARD" |
string |
"STANDARD" |
no |
anyscale_cloud_id | (Optional) Anyscale Cloud ID. This is the ID of the Anyscale Cloud. This is not the same as the GCP Project ID. Used in labels. ex: anyscale_cloud_id = "cld_1234567890" |
string |
null |
no |
anyscale_cluster_node_service_acct_description | (Optional) The description of the IAM role that will be created for Anyscale access. ex: anyscale_cluster_node_service_acct_description = "Anyscale Cluster Node" |
string |
null |
no |
anyscale_cluster_node_service_acct_name | (Optional - forces new resource) IAM Cluster Node Role Name The name of the IAM role that will be created for Anyscale cluster nodes. - If left null , will default to anyscale_cluster_node_service_acct_name_prefix.- If provided, overrides the anyscale_cluster_node_service_acct_name_prefix variable. - It needs to be > 4 chars and < 28 chars. ex: anyscale_cluster_node_service_acct_name = "anyscale-cluster-node" |
string |
null |
no |
anyscale_cluster_node_service_acct_name_prefix | (Optional - forces new resource) IAM Cluster Node Role Name Prefix Creates a unique IAM role name beginning with the specified prefix. - If anyscale_cluster_node_service_acct_name is provided, it will override this variable.- The variable general_prefix is a fall-back prefix if this is not provided.- Default is null but is set to anyscale-cluster- in a local variable.- It needs to be > 4 chars and < 20 chars. ex: anyscale_cluster_node_service_acct_name_prefix = "anyscale-cluster-" |
string |
null |
no |
anyscale_deploy_env | (Optional) Anyscale deploy environment. Used in resource names and tags. ex: anyscale_deploy_env = "production" |
string |
"production" |
no |
anyscale_filestore_capacity_gb | (Optional) The capacity of the fileshare in GB. This must be at least 1024 GiB for the standard or enterprise tiers, or 2560 GiB for the premium tier. Default is 1024 . |
number |
1024 |
no |
anyscale_filestore_description | (Optional) The description of the filestore instance. ex: anyscale_filestore_description = "Anyscale Filestore Instance" |
string |
"Anyscale Filestore Instance" |
no |
anyscale_filestore_fileshare_name | (Optional - forces new resource) Filestore fileshare name. The name of the fileshare to create. - If left null , will default to common_name .- If common_name is null or over 16 chars, will default to anyscale .- Must start with a letter, followed by letters, numbers, or underscores, and cannot end with an underscore. - Can not be longer than 16 characters. ex: anyscale_filestore_fileshare_name = "anyscale-fileshare" |
string |
null |
no |
anyscale_filestore_labels | (Optional) Filestore Labels A map of labels to be added to the Filestore instance. Duplicate labels in labels will be overwritten by labels in anyscale_filestore_labels .ex: anyscale_filestore_labels = { |
map(string) |
{} |
no |
anyscale_filestore_location | (Optional) The name of the location region in which the filestore resource will be created. This can be a region for ENTERPRISE tier instances.If it is not provided, the region for the VPC network will be used If a VPC network was not created, provider region is used. ex: anyscale_filestore_location = "us-central1" |
string |
null |
no |
anyscale_filestore_name | (Optional - forces new resource) Filestore instance name. The name of the filestore instance used to store Anyscale related logs and other shared resources. - If left null , will default to anyscale_filestore_name_prefix .- If provided, overrides the anyscale_filestore_name_prefix variable.ex: anyscale_filestore_name = "anyscale-filestore" |
string |
null |
no |
anyscale_filestore_name_prefix | (Optional - forces new resource) Filestore instance name prefix. Creates a unique filestore instance name beginning with the specified prefix. - If anyscale_filestore_name is provided, it will override this variable.- The variable general_prefix is a fall-back prefix if this is not provided.- Default is null but is set to anyscale- in a local variable.ex: anyscale_filestore_name_prefix = "anyscale-filestore-" |
string |
null |
no |
anyscale_filestore_network_conect_mode | (Optional) The network connect mode of the filestore instance. Must be one of DIRECT_PEERING or PRIVATE_SERVICE_ACCESS . If using a Shared VPC, this must be set to PRIVATE_SERVICE_ACCESS .ex: anyscale_filestore_network_conect_mode = "DIRECT_PEERING" |
string |
"DIRECT_PEERING" |
no |
anyscale_filestore_tier | (Optional) The tier of the filestore to create. Supported values include STANDARD , PREMIUM , BASIC_HDD , BASIC_SSD , HIGH_SCALE_SSD , ENTERPRISE , ZONAL , and REGIONAL .ex: anyscale_filestore_tier = "STANDARD" |
string |
"STANDARD" |
no |
anyscale_iam_access_role_id | (Optional, forces creation of new resource) The ID of the Anyscale IAM access role. Overrides anyscale_iam_access_role_id_prefix .ex: anyscale_iam_access_role_id = "anyscale_access_role" |
string |
null |
no |
anyscale_iam_access_role_id_prefix | (Optional, forces creation of new resource) The prefix of the Anyscale IAM access role. If anyscale_iam_access_role_id is provided, it will override this variable.If set to null , the prefix will be set to "anyscale_" in a local variable.ex: anyscale_iam_access_role_id_prefix = "anyscale_crossacct_role_" |
string |
"anyscale_crossacct_role_" |
no |
anyscale_iam_access_service_acct_description | (Optional) The description of the IAM role that will be created for Anyscale access. ex: anyscale_iam_access_service_acct_description = "Anyscale Cross Account Access" |
string |
null |
no |
anyscale_iam_access_service_acct_name | (Optional - forces new resource) IAM Access Service Account Name The name of the IAM role that will be created for Anyscale access. - If left null , will default to anyscale_iam_access_service_acct_name_prefix .- If provided, overrides the anyscale_iam_access_service_acct_name_prefix variable.- It needs to be > 4 chars and < 28 chars. ex: anyscale_iam_access_service_acct_name = "anyscale-crossacct-access" |
string |
null |
no |
anyscale_iam_access_service_acct_name_prefix | (Optional - forces new resource) IAM Access Role Name Prefix Creates a unique IAM Service Account name beginning with the specified prefix. - If anyscale_iam_access_service_acct_name is provided, it will override this variable.- The variable general_prefix is a fall-back prefix if this is not provided.- Default is null but is set to anyscale-crossacct- in a local variable.- It needs to be > 4 chars and < 20 chars. ex: anyscale_iam_access_service_acct_name_prefix = "anyscale-crossacct-" |
string |
null |
no |
anyscale_memorystore_display_name | (Optional) Memorystore Display Name The display name of the Memorystore instance used for Anyscale Services Head Node HA. Must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens, and cannot end with a hyphen. ex: anyscale_memorystore_display_name = "Anyscale Memorystore" |
string |
null |
no |
anyscale_memorystore_labels | (Optional) Memorystore Labels A map of labels to be added to the Memorystore instance. Duplicate labels in labels will be overwritten by labels in anyscale_memorystore_labels .ex: anyscale_memorystore_labels = { |
map(string) |
{} |
no |
anyscale_memorystore_name | (Optional - forces new resource) Memorystore Name The name of the Memorystore instance used for Anyscale Services Head Node HA. If left null , will default to anyscale_memorystore_name_prefix .If provided, overrides the anyscale_memorystore_name_prefix variable.ex: anyscale_memorystore_name = "anyscale-memorystore" |
string |
null |
no |
anyscale_memorystore_name_prefix | (Optional - forces new resource) Memorystore Name Prefix Creates a unique Memorystore instance name beginning with the specified prefix. If anyscale_memorystore_name is provided, it will override this variable.Because it is the prefix, it can end in a hyphen as it will have a random suffix appended to it. The variable general_prefix is a fall-back prefix if this is not provided.ex: anyscale_memorystore_name_prefix = "anyscale-memorystore" |
string |
null |
no |
anyscale_organization_id | (Required) Anyscale Organization ID. This is the ID of the Anyscale Organization. This is not the same as the GCP Organization ID. The Organization ID will be used to lock down the cross account access from Anyscale. You can find the Anyscale Organization ID by going to the Anyscale UI while logged in as an Organization Owner, and clicking on you're username, then clicking on Organization. This is required. |
string |
n/a | yes |
anyscale_project_billing_account | (Optional) Google Billing Account ID. This is required if creating a new project. ex: anyscale_project_billing_account = "123456-123456-123456" |
string |
null |
no |
anyscale_project_folder_id | (Optional) The ID of a Google Cloud Folder. Conflicts with anyscale_project_organization_id . If anyscale_project_folder_id is provided, it will be used and anyscale_project_organization_id will be ignored.Changing this forces the project to be migrated to the newly specified folder. ex: anyscale_project_folder_id = "1234567890" |
string |
null |
no |
anyscale_project_labels | (Optional) Project labels. A map of labels to be added to the Anyscale Project. ex: anyscale_project_labels = {Default is an empty map. |
map(string) |
{} |
no |
anyscale_project_name | (Optional) Google Project name. Google Project Name to create. ex: anyscale_project_name = "anyscale-project" |
string |
null |
no |
anyscale_project_name_prefix | (Optional) The name prefix for the project. If anyscale_project_name is provided, it will override this variable.The variable general_prefix is a fall-back prefix if this is not provided.Default is null but is set to anyscale-project- in a local variable.ex: anyscale_project_name_prefix = "anyscale-project-" |
string |
null |
no |
anyscale_project_organization_id | (Optional) Google Cloud Organization ID. Conflicts with anyscale_project_folder_id . If anyscale_project_folder_id is provided, it will be used and organization_id will be ignored.Changing this forces the project to be migrated to the newly specified organization. ex: anyscale_project_organization_id = "1234567890" |
string |
null |
no |
anyscale_vpc_create_natgw | (Optional) Determines if a NAT Gateway is created.anyscale_vpc_private_subnet_cidr must also be specified for this resource to be created.ex: anyscale_vpc_create_natgw = true |
bool |
true |
no |
anyscale_vpc_description | (Optional) The description of the VPC. ex: anyscale_vpc_description = "Anyscale VPC" |
string |
"VPC for Anyscale Resources" |
no |
anyscale_vpc_firewall_allow_access_from_cidrs | (Required) Comma delimited string of IPv4 CIDRs CIDR ranges to allow access to Anyscale resources. This should be the list of CIDR ranges that have access to the clusters. Public or private IPs are supported. SSH and HTTPs ports will be opened to these CIDR ranges. ex: anyscale_vpc_firewall_allow_access_from_cidrs = "10.0.1.0/24,24.1.24.24/32" |
string |
n/a | yes |
anyscale_vpc_firewall_policy_description | (Optional) The description of the Anyscale VPC Firewall Policy. ex: anyscale_vpc_firewall_policy_description = "Anyscale VPC Firewall Policy" |
string |
"Anyscale VPC Firewall Policy" |
no |
anyscale_vpc_firewall_policy_name | (Optional) The name of the Anyscale VPC Firewall Policy. ex: anyscale_vpc_firewall_policy_name = "anyscale-vpc-firewall-policy" |
string |
null |
no |
anyscale_vpc_name | (Optional) VPC name. The name of the VPC to create. - If left null , will default to anyscale_vpc_name_prefix .- If provided, overrides the anyscale_vpc_name_prefix variable.ex: anyscale_vpc_name = "anyscale-vpc" |
string |
null |
no |
anyscale_vpc_name_prefix | (Optional) The prefix of the VPC name. Creates a unique VPC name beginning with the specified prefix. - If anyscale_vpc_name is provided, it will override this variable.- The variable general_prefix is a fall-back prefix if this is not provided.- Default is null but is set to anyscale-vpc- in a local variable.ex: anyscale_vpc_name_prefix = "anyscale-vpc-" |
string |
null |
no |
anyscale_vpc_private_subnet_cidr | (Optional) The private subnet to create. Anyscale recommends a /20 or larger CIDR block, but will accept a /24 or larger with a warning. The Anyscale VPC module will only create one private subnet in one region. ex: anyscale_vpc_private_subnet_cidr = "10.100.0.0/20" |
string |
null |
no |
anyscale_vpc_private_subnet_name | (Optional) The private subnet name. This VPC terraform will only create one private subnet in one region. Overrides anyscale_vpc_private_subnet_suffix if provided.ex: anyscale_vpc_private_subnet_name = "anyscale-private-subnet" |
string |
null |
no |
anyscale_vpc_private_subnet_suffix | (Optional) The private subnet suffix. Prepended with the VPC name and region to create a unique private subnet name. Overriden by anyscale_vpc_private_subnet_name .ex: anyscale_vpc_private_subnet_suffix = "private" |
string |
"private" |
no |
anyscale_vpc_proxy_subnet_cidr | (Optional) The proxy subnet to create. Anyscale recommends a /22 or larger CIDR block. The Anyscale VPC module will only create one proxy subnet in one region. Anyscale uses Proxy Subnets for the load balancer as part of Anyscale Services. ex: anyscale_vpc_proxy_subnet_cidr = "10.100.0.0/20" |
string |
null |
no |
anyscale_vpc_proxy_subnet_name | (Optional) The proxy subnet name. Overrides anyscale_vpc_proxy_subnet_suffix if provided.This VPC terraform will only create one proxy subnet in one region. Proxy-Only subnets are used for Google Cloud Load Balancers. More information can be found in the Google Cloud Load Balancer Documentation. ex: anyscale_vpc_proxy_subnet_name = "anyscale-proxy-subnet" |
string |
null |
no |
anyscale_vpc_proxy_subnet_suffix | (Optional) The proxy subnet suffix. Prepended with the VPC name and region to create a unique proxy subnet name. Overridden by anyscale_vpc_proxy_subnet_name .ex: anyscale_vpc_proxy_subnet_suffix = "proxy" |
string |
"proxy" |
no |
anyscale_vpc_public_subnet_cidr | (Optional) The public subnet to create. This VPC terraform will only create one public subnet in one region. ex: anyscale_vpc_public_subnet_cidr = "10.100.0.0/20" |
string |
null |
no |
anyscale_vpc_public_subnet_name | (Optional) The public subnet name. This VPC terraform will only create one public subnet in one region. Overrides anyscale_vpc_public_subnet_suffix if provided.ex: anyscale_vpc_public_subnet_name = "anyscale-public-subnet" |
string |
null |
no |
anyscale_vpc_public_subnet_suffix | (Optional) The public subnet suffix. Prepended with the VPC name and region to create a unique public subnet name. Overridden by anyscale_vpc_public_subnet_name .ex: anyscale_vpc_public_subnet_suffix = "public" |
string |
"public" |
no |
anyscale_workload_identity_account_id | (Optional) The AWS Account ID for Anyscale. Only use this if you are instructed to do so. This will override the sub-module variable: anyscale_aws_account_id ex: anyscale_workload_identity_account_id = "123456789012" |
string |
null |
no |
anyscale_workload_identity_pool_description | (Optional) The description of the workload identity pool. ex: anyscale_workload_identity_pool_description = "Used to provide Anyscale access from AWS." |
string |
"Used to provide Anyscale access from AWS." |
no |
anyscale_workload_identity_pool_display_name | (Optional) The display name of the workload identity pool. Must be less than or equal to 32 chars. ex: anyscale_workload_identity_pool_display_name = "Anyscale Cross Account Access" |
string |
"Anyscale Cross Account Access" |
no |
anyscale_workload_identity_pool_name | (Optional) The name of the workload identity pool. If it is not provided, the Anyscale Access role name is used. ex: anyscale_workload_identity_pool_name = "anyscale-identitypool-access" |
string |
null |
no |
anyscale_workload_identity_pool_provider_name | (Optional) The name of the workload identity pool provider. If it is not provided, the Anyscale Access role name is used. ex: anyscale_workload_identity_pool_provider_name = "anyscale-identitypool-access" |
string |
null |
no |
bucket_iam_member_additional_roles | (Optional) List of roles to grant to the Anyscale Service Accounts on the storage bucket. This allows you to append the defaults in the google-anyscale-cloudstorage module.Default is an empty list but will be populated with the following roles via the module: ["roles/storage.objectAdmin", "roles/storage.legacyBucketWriter", "roles/storage.folderAdmin"] ex: bucket_iam_member_additional_roles = ["roles/storage.objectAdmin"] |
list(string) |
[] |
no |
common_prefix | (Optional) Common Prefix for all resources. A common prefix to add to resources created (where prefixes are allowed). If paired with use_common_name , this will apply to all resources.If this is not paired with use_common_name , this applies to:- CloudStorage Buckets - IAM Resources - Security Groups Resource specific prefixes override this variable. Max length is 30 characters. ex: common_prefix = "anyscale-" |
string |
null |
no |
enable_anyscale_filestore | (Optional) Determines if the Anyscale Filestore is created. ex: enable_anyscale_filestore = true |
bool |
true |
no |
enable_anyscale_gcs | (Optional) Determines if the Anyscale Cloud Storage bucket is created. ex: enable_anyscale_gcs = true |
bool |
true |
no |
enable_anyscale_iam | (Optional) Determines if the Anyscale IAM resources are created. ex: enable_anyscale_iam = true |
bool |
true |
no |
enable_anyscale_loggingsink | (Optional) Determines if the Anyscale Logging Sink is executed. This sub-module will disable sending syslog events to the _Default Log Sink.ex: enable_anyscale_loggingsink = true |
bool |
true |
no |
enable_anyscale_memorystore | (Optional) Determines if the Anyscale Memorystore is created. ex: enable_anyscale_memorystore = true |
bool |
false |
no |
enable_anyscale_vpc_firewall | (Optional) Determines if the Anyscale VPC Firewall is created. The Anyscale VPC Firewall is a Google Cloud VPC Firewall Policy that allows access to Anyscale resources. ex: enable_anyscale_vpc_firewall = true |
bool |
true |
no |
enable_cloud_logging_monitoring | (Optional) Determines if the Google Cloud Logging and Monitoring APIs are enabled. If this is set to true , the following APIs will be enabled:- logging.googleapis.com - monitoring.googleapis.com Additionally, the Anyscale Cluster Role will be granted access to the following roles: - logging.logWriter - monitoring.metricWriter - monitoring.viewer ex: enable_cloud_logging_monitoring = true |
bool |
false |
no |
enable_google_apis | (Optional) Determines if the required Google APIs are enabled. ex: enable_google_apis = true |
bool |
true |
no |
existing_cloudstorage_bucket_name | (Optional) Existing Cloud Storage Bucket Name. The name of an existing Cloud Storage bucket that you'd like to use. Please make sure that it meets the minimum requirements for Anyscale including: - Bucket Policy - CORS Policy - Encryption configuration If provided, this will skip creating a new Cloud Storage bucket with the Anyscale Cloud Storage module. ex: existing_cloudstorage_bucket_name = "anyscale-bucket" |
string |
null |
no |
existing_filestore_instance_name | (Optional) Existing Filestore Instance Name. The name of an existing Filestore instance that you'd like to use. If provided, this will skip creating a new Filestore instance with the Anyscale Filestore module. ex: existing_filestore_instance_name = "anyscale-filestore" |
string |
null |
no |
existing_memorystore_instance_name | (Optional) The name of an existing Memorystore instance. If this is provided, the Anyscale Memorystore module will skip creating a new Memorystore instance. ex: existing_memorystore_instance_name = "anyscale-memorystore" |
string |
null |
no |
existing_project_id | (Optional) An existing GCP Project ID. If provided, this will skip creating resources with the Anyscale Project module. ex: existing_project_id = "my-project-id" |
string |
null |
no |
existing_vpc_id | (Optional) An existing VPC ID. If provided, this module will skip creating a new VPC with the Anyscale VPC module. An existing VPC Subnet Name ( existing_vpc_subnet_name ) is also required if this is provided.ex: existing_vpc_id = "projects/anyscale/global/networks/anyscale-network" |
string |
null |
no |
existing_vpc_name | (Optional) An existing VPC Name. If provided, this module will skip creating a new VPC with the Anyscale VPC module. An existing VPC Subnet Name ( existing_vpc_subnet_name ) is also required if this is provided.ex: existing_vpc_name = "anyscale-vpc" |
string |
null |
no |
existing_vpc_subnet_name | (Optional) Existing subnet name to create Anyscale resources in. If provided, this will skip creating resources with the Anyscale VPC module. An existing VPC Name ( existing_vpc_name ) is also required if this is provided.ex: existing_vpc_subnet_name = "anyscale-subnet" |
string |
null |
no |
existing_workload_identity_provider_name | (Optional) The name of an existing workload identity provider to use. If provided, will skip creating the workload identity pool and provider. The Workload Identity Provider can be in a different project. You can retrieve the name of an existing Workload Identity Provider by running the following command: gcloud iam workload-identity-pools providers list --location global --workload-identity-pool anyscale-access-poolex: existing_workload_identity_provider_name = "projects/1234567890/locations/global/workloadIdentityPools/anyscale-access-pool/providers/anyscale-access-provider" |
string |
null |
no |
ingress_from_machine_pool_cidr_ranges | (Optional) CIDR Range for Anyscale Machine Pools. If a CIDR range is provided, a firewall rule will be created to support Anyscale Machine Pools. ex: ingress_from_machine_pool_cidr_ranges = ["10.100.1.0/24","10.102.1.0/24"] |
list(string) |
[] |
no |
labels | (Optional) A map of labels. Labels to be added to all resources that accept labels. Resource dependent labels will be appended to this list. ex: labels = {Default is an empty map. |
map(string) |
{} |
no |
random_char_length | (Optional) Random suffix character length Determines the random suffix length that is used to generate a common name. Certain Google resources have a hard limit on name lengths and this will allow the ability to control how many characters are added as a suffix. Many Google resources have a limit of 28 characters in length. Keep that in mind while setting this value. Must be >= 2 and <= 12. ex: random_char_length = 4 |
number |
4 |
no |
shared_vpc_project_id | (Optional) The ID of the project that hosts the shared VPC. If provided, this will set the Project ID to the Shared VPC for the google-anyscale-vpc-firewall submodule.An existing VPC Name ( existing_vpc_name ) and VPC Subnet Name (existing_vpc_subnet_name ) are also required if this is provided.ex: shared_vpc_project_id = "anyscale-sharedvpc" |
string |
null |
no |
use_common_name | (Optional) Determines if a standard name should be used across all resources. - If set to true and common_prefix is also provided, the common_prefix will be used and prefixed to a common name.- If set to true and common_prefix is not provided, the prefix will be anyscale- - If set to true, this will also use a random suffix to avoid name collisions. ex: use_common_name = true |
bool |
false |
no |
Name | Description |
---|---|
cloudstorage_bucket_name | The Google Cloud Storage bucket name. |
cloudstorage_bucket_selflink | The Google Cloud Storage self link. |
cloudstorage_bucket_url | The Google Cloud Storage url for the bucket. Will be in the format gs://<bucket-name> . |
filestore_fileshare_name | The Google Filestore fileshare name. |
filestore_id | The Google Filestore id. |
filestore_location | The Google Filestore location. |
filestore_name | The Google Filestore name. |
iam_anyscale_access_service_acct_email | The Google IAM Anyscale Access Service Account email. |
iam_anyscale_access_service_acct_id | The Google IAM Anyscale Access Service Account ID. |
iam_anyscale_access_service_acct_name | The Google IAM Anyscale Access Service Account name. |
iam_anyscale_access_service_acct_unique_id | The Google IAM Anyscale Access Service Account unique id. |
iam_anyscale_cluster_node_service_acct_email | The Google IAM Anyscale Cluster Node Service Account email. |
iam_anyscale_cluster_node_service_acct_id | The Google IAM Anyscale Cluster Node Service Account ID. |
iam_anyscale_cluster_node_service_acct_name | The Google IAM Anyscale Cluster Node Service Accpimt name. |
iam_anyscale_cluster_node_service_acct_unique_id | The Google IAM Anyscale Cluster Node Service Account unique id. |
iam_workload_identity_pool_id | The Google IAM Anyscale Workload Identity Pool id. |
iam_workload_identity_pool_name | The Google IAM Anyscale Workload Identity Pool name. |
iam_workload_identity_provider_id | The Google IAM Anyscale Workload Identity Provider id. |
iam_workload_identity_provider_name | The Google IAM Anyscale Workload Identity Provider name. |
memorystore_current_location_id | The current zone where the Redis endpoint is placed. |
memorystore_host | The IP address of the instance. |
memorystore_id | The memorystore instance ID. |
memorystore_port | The port number of the exposed Redis endpoint. |
memorystore_region | The region the instance lives in. |
private_subnet_cidr | The Google VPC private subnet cidr. |
private_subnet_id | The Google VPC private subnet id. |
private_subnet_name | The Google VPC private subnet name. |
private_subnet_region | The Google VPC private subnet region. |
project_id | The Google Project id. |
project_name | The Google Project name. |
public_subnet_cidr | The Google VPC public subnet cidr. |
public_subnet_id | The Google VPC public subnet id. |
public_subnet_name | The Google VPC public subnet name. |
public_subnet_region | The Google VPC public subnet region. |
vpc_firewall_id | The Google VPC firewall policy id. |
vpc_firewall_policy_name | The Google VPC firewall policy name. |
vpc_firewall_selflink | The Google VPC firewall policy self link. |
vpc_id | The Google VPC id. |
vpc_name | The Google VPC network name. |
vpc_selflink | The Google VPC self link. |