Merge branch 'main' into k8s-setup-run-main

dominodatalab · Feb 25, 2025 · 4ef88eb · 4ef88eb
2 parents e63169d + dc9226b
commit 4ef88eb
Show file tree

Hide file tree

Showing 25 changed files with 254 additions and 108 deletions.
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
@@ -37,7 +37,7 @@ No resources.
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        migrate\_from\_efs = {<br/>          enabled =  When enabled, both EFS and NetApp resources will be provisioned simultaneously during the migration period.<br/>          datasync = {<br/>            enabled  = Toggle to enable AWS DataSync for automated data transfer from EFS to NetApp FSx.<br/>            schedule = Cron-style schedule for the DataSync task, specifying how often the data transfer will occur (default: hourly).<br/>            verify\_mode = One of: POINT\_IN\_TIME\_CONSISTENT, ONLY\_FILES\_TRANSFERRED, NONE.<br/>          }<br/>        }<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }<br/>        volume = {<br/>          create                     = Create a volume associated with the filesystem.<br/>          name\_suffix                = The suffix to name the volume<br/>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br/>          junction\_path              = filesystem junction path<br/>          size\_in\_megabytes          = The size of the volume<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      migrate_from_efs = optional(object({<br/>        enabled = optional(bool, false)<br/>        datasync = optional(object({<br/>          enabled     = optional(bool, false)<br/>          target      = optional(string, "netapp")<br/>          schedule    = optional(string, "cron(0 */4 * * ? *)")<br/>          verify_mode = optional(string, "ONLY_FILES_TRANSFERRED")<br/>        }), {})<br/>      }), {})<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>      volume = optional(object({<br/>        create                     = optional(bool, true)<br/>        name_suffix                = optional(string, "domino_shared_storage")<br/>        storage_efficiency_enabled = optional(bool, true)<br/>        junction_path              = optional(string, "/domino")<br/>        size_in_megabytes          = optional(number, 1099511)<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br/>      filesystem\_type = File system type(netapp\|efs\|none)<br/>      efs = {<br/>        access\_point\_path = Filesystem path for efs.<br/>        backup\_vault = {<br/>          create        = Create backup vault for EFS toggle.<br/>          force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br/>          backup = {<br/>            schedule           = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br/>            cold\_storage\_after = Move backup data to cold storage after this many days.<br/>            delete\_after       = Delete backup data after this many days.<br/>          }<br/>        }<br/>      }<br/>      netapp = {<br/>        migrate\_from\_efs = {<br/>          enabled =  When enabled, both EFS and NetApp resources will be provisioned simultaneously during the migration period.<br/>          datasync = {<br/>            enabled  = Toggle to enable AWS DataSync for automated data transfer from EFS to NetApp FSx.<br/>            schedule = Cron-style schedule for the DataSync task, specifying how often the data transfer will occur (default: hourly).<br/>            verify\_mode = One of: POINT\_IN\_TIME\_CONSISTENT, ONLY\_FILES\_TRANSFERRED, NONE.<br/>          }<br/>        }<br/>        deployment\_type = netapp ontap deployment type,('MULTI\_AZ\_1', 'MULTI\_AZ\_2', 'SINGLE\_AZ\_1', 'SINGLE\_AZ\_2')<br/>        storage\_capacity = Filesystem Storage capacity<br/>        throughput\_capacity = Filesystem throughput capacity<br/>        automatic\_backup\_retention\_days = How many days to keep backups<br/>        daily\_automatic\_backup\_start\_time = Start time in 'HH:MM' format to initiate backups<br/><br/>        storage\_capacity\_autosizing = Options for the FXN automatic storage capacity increase, cloudformation template<br/>          enabled                     = Enable automatic storage capacity increase.<br/>          threshold                  = Used storage capacity threshold.<br/>          percent\_capacity\_increase  = The percentage increase in storage capacity when used storage exceeds<br/>                                       LowFreeDataStorageCapacityThreshold. Minimum increase is 10 %.<br/>          notification\_email\_address = The email address for alarm notification.<br/>        }<br/>        volume = {<br/>          create                     = Create a volume associated with the filesystem.<br/>          name\_suffix                = The suffix to name the volume<br/>          storage\_efficiency\_enabled = Toggle storage\_efficiency\_enabled<br/>          junction\_path              = filesystem junction path<br/>          size\_in\_megabytes          = The size of the volume<br/>      }<br/>      s3 = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br/>      }<br/>      ecr = {<br/>        force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br/>      }<br/>      enable\_remote\_backup = Enable tagging required for cross-account backups<br/>      costs\_enabled = Determines whether to provision domino cost related infrastructures, ie, long term storage<br/>    }<br/>  } | <pre>object({<br/>    filesystem_type = optional(string, "efs")<br/>    efs = optional(object({<br/>      access_point_path = optional(string, "/domino")<br/>      backup_vault = optional(object({<br/>        create        = optional(bool, true)<br/>        force_destroy = optional(bool, true)<br/>        backup = optional(object({<br/>          schedule           = optional(string, "0 12 * * ? *")<br/>          cold_storage_after = optional(number, 35)<br/>          delete_after       = optional(number, 125)<br/>        }), {})<br/>      }), {})<br/>    }), {})<br/>    netapp = optional(object({<br/>      migrate_from_efs = optional(object({<br/>        enabled = optional(bool, false)<br/>        datasync = optional(object({<br/>          enabled     = optional(bool, false)<br/>          target      = optional(string, "netapp")<br/>          schedule    = optional(string, "cron(0 */4 * * ? *)")<br/>          verify_mode = optional(string, "ONLY_FILES_TRANSFERRED")<br/>        }), {})<br/>      }), {})<br/>      deployment_type                   = optional(string, "SINGLE_AZ_1")<br/>      storage_capacity                  = optional(number, 1024)<br/>      throughput_capacity               = optional(number, 128)<br/>      automatic_backup_retention_days   = optional(number, 90)<br/>      daily_automatic_backup_start_time = optional(string, "00:00")<br/>      storage_capacity_autosizing = optional(object({<br/>        enabled                    = optional(bool, false)<br/>        threshold                  = optional(number, 70)<br/>        percent_capacity_increase  = optional(number, 30)<br/>        notification_email_address = optional(string, "")<br/>      }), {})<br/>      volume = optional(object({<br/>        create                     = optional(bool, true)<br/>        name_suffix                = optional(string, "domino_shared_storage")<br/>        storage_efficiency_enabled = optional(bool, true)<br/>        junction_path              = optional(string, "/domino")<br/>        size_in_megabytes          = optional(number, 1099511)<br/>      }), {})<br/>    }), {})<br/>    s3 = optional(object({<br/>      create                    = optional(bool, true)<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {})<br/>    ecr = optional(object({<br/>      create                    = optional(bool, true)<br/>      force_destroy_on_deletion = optional(bool, true)<br/>    }), {}),<br/>    enable_remote_backup = optional(bool, false)<br/>    costs_enabled        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | n/a | yes |
 | <a name="input_use_fips_endpoint"></a> [use\_fips\_endpoint](#input\_use\_fips\_endpoint) | Use aws FIPS endpoints | `bool` | `false` | no |
 

diff --git a/examples/deploy/terraform/infra/variables.tf b/examples/deploy/terraform/infra/variables.tf
@@ -201,7 +201,7 @@ variable "additional_node_groups" {
 variable "storage" {
   description = <<EOF
     storage = {
-      filesystem_type = File system type(netapp|efs)
+      filesystem_type = File system type(netapp|efs|none)
       efs = {
         access_point_path = Filesystem path for efs.
         backup_vault = {
@@ -298,9 +298,11 @@ variable "storage" {
       }), {})
     }), {})
     s3 = optional(object({
+      create                    = optional(bool, true)
       force_destroy_on_deletion = optional(bool, true)
     }), {})
     ecr = optional(object({
+      create                    = optional(bool, true)
       force_destroy_on_deletion = optional(bool, true)
     }), {}),
     enable_remote_backup = optional(bool, false)

diff --git a/examples/tfvars/ecr_endpoint.tfvars b/examples/tfvars/ecr_endpoint.tfvars
@@ -16,5 +16,5 @@ default_node_groups = {
 
 network = {
   create_ecr_endpoint = true
-  create_s3_interface = true
+  create_s3_endpoint  = true
 }
diff --git a/examples/tfvars/only-efs-storage.tfvars b/examples/tfvars/only-efs-storage.tfvars
@@ -0,0 +1,25 @@
+deploy_id        = "plantest0012"
+region           = "us-west-2"
+ssh_pvt_key_path = "domino.pem"
+
+default_node_groups = {
+  compute = {
+    availability_zone_ids = ["usw2-az1", "usw2-az2"]
+  }
+  gpu = {
+    availability_zone_ids = ["usw2-az1", "usw2-az2"]
+  }
+  platform = {
+    "availability_zone_ids" = ["usw2-az1", "usw2-az2"]
+  }
+}
+
+bastion = {
+  enabled = false
+}
+
+storage = {
+  s3              = { "create" : false }
+  ecr             = { "create" : false }
+  filesystem_type = "efs"
+}
diff --git a/examples/tfvars/specify-vpc-cidr.tfvars b/examples/tfvars/specify-vpc-cidr.tfvars
@@ -0,0 +1,30 @@
+deploy_id        = "plantest018"
+region           = "us-west-2"
+ssh_pvt_key_path = "domino.pem"
+
+default_node_groups = {
+  compute = {
+    availability_zone_ids = ["usw2-az1", "usw2-az2"]
+  }
+  gpu = {
+    availability_zone_ids = ["usw2-az1", "usw2-az2"]
+  }
+  platform = {
+    "availability_zone_ids" = ["usw2-az1", "usw2-az2"]
+  }
+}
+
+bastion = {
+  enabled = true
+}
+network = {
+  network_bits = { ## Bits need to be less than cidrs.vpc bits
+    public  = 27
+    private = 21
+    pod     = 20
+  }
+  cidrs = {
+    vpc = "10.0.0.0/19"
+  }
+  use_pod_cidr = false
+}
diff --git a/modules/eks/iam.tf b/modules/eks/iam.tf
@@ -267,7 +267,6 @@ resource "aws_iam_role_policy_attachment" "custom_eks_nodes" {
   role       = aws_iam_role.eks_nodes.name
 }
 
-
 resource "aws_eks_identity_provider_config" "this" {
   for_each = { for idp in var.eks.identity_providers : idp.identity_provider_config_name => idp }
 

diff --git a/modules/eks/node-group.tf b/modules/eks/node-group.tf
@@ -64,7 +64,9 @@ moved {
 }
 
 resource "aws_security_group_rule" "efs" {
-  count                    = var.storage_info.efs != null ? 1 : 0
+  count = var.storage_info != null ? (
+    var.storage_info.efs != null ? 1 : 0
+  ) : 0
   security_group_id        = var.storage_info.efs.security_group_id
   protocol                 = "tcp"
   from_port                = 2049
@@ -75,7 +77,9 @@ resource "aws_security_group_rule" "efs" {
 }
 
 resource "aws_security_group_rule" "netapp" {
-  count                    = var.storage_info.netapp != null ? 1 : 0
+  count = var.storage_info != null ? (
+    var.storage_info.netapp != null ? 1 : 0
+  ) : 0
   security_group_id        = var.storage_info.netapp.filesystem.security_group_id
   protocol                 = "-1"
   from_port                = 0
-Original file line number
+Diff line change
@@ Expand Up @@
       role       = aws_iam_role.eks_nodes.name
     }
     resource "aws_eks_identity_provider_config" "this" {
       for_each = { for idp in var.eks.identity_providers : idp.identity_provider_config_name => idp }
@@ Expand Down @@