Manually resolve conflicts from cherry-pick dc954b5

dominodatalab · Feb 24, 2025 · e63169d · e63169d
1 parent a831ebd
commit e63169d
Show file tree

Hide file tree

Showing 11 changed files with 18 additions and 8 deletions.
diff --git a/examples/deploy/terraform/cluster/README.md b/examples/deploy/terraform/cluster/README.md
@@ -38,7 +38,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup      = optional(bool)<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
 | <a name="input_external_deployments_operator"></a> [external\_deployments\_operator](#input\_external\_deployments\_operator) | Config to create IRSA role for the external deployments operator. | <pre>object({<br/>    enabled                         = optional(bool, false)<br/>    namespace                       = optional(string, "domino-compute")<br/>    operator_service_account_name   = optional(string, "pham-juno-operator")<br/>    operator_role_suffix            = optional(string, "external-deployments-operator")<br/>    repository_suffix               = optional(string, "external-deployments")<br/>    bucket_suffix                   = optional(string, "external-deployments")<br/>    enable_assume_any_external_role = optional(bool, true)<br/>    enable_in_account_deployments   = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_flyte"></a> [flyte](#input\_flyte) | Config to provision the flyte infrastructure. | <pre>object({<br/>    enabled                   = optional(bool, false)<br/>    force_destroy_on_deletion = optional(bool, true)<br/>    platform_namespace        = optional(string, "domino-platform")<br/>    compute_namespace         = optional(string, "domino-compute")<br/><br/>  })</pre> | `{}` | no |
 | <a name="input_irsa_external_dns"></a> [irsa\_external\_dns](#input\_irsa\_external\_dns) | Mappings for custom IRSA configurations. | <pre>object({<br/>    enabled             = optional(bool, false)<br/>    hosted_zone_name    = optional(string, null)<br/>    namespace           = optional(string, null)<br/>    serviceaccount_name = optional(string, null)<br/>    rm_role_policy = optional(object({<br/>      remove           = optional(bool, false)<br/>      detach_from_role = optional(bool, false)<br/>      policy_name      = optional(string, "")<br/>    }), {})<br/>  })</pre> | `{}` | no |

diff --git a/examples/deploy/terraform/cluster/variables.tf b/examples/deploy/terraform/cluster/variables.tf
@@ -2,6 +2,7 @@
 
 variable "eks" {
   description = <<EOF
+    run_k8s_setup = Toggle to run the k8s setup.
     service_ipv4_cidr = CIDR for EKS cluster kubernetes_network_config.
     creation_role_name = Name of the role to import.
     k8s_version = EKS cluster k8s version.
@@ -28,6 +29,7 @@ variable "eks" {
   EOF
 
   type = object({
+    run_k8s_setup      = optional(bool)
     service_ipv4_cidr  = optional(string)
     creation_role_name = optional(string, null)
     k8s_version        = optional(string)

diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
@@ -31,7 +31,7 @@ No resources.
 | <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br/>    {<br/>      compute = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m6i.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 1000)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 1000<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      platform = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["m7i-flex.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 1)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, null)<br/>          max_unavailable            = optional(number, 1)<br/>          desired_per_az             = optional(number, 1)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "platform"<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>          })), [])<br/>          tags = optional(map(string), {})<br/>          gpu  = optional(bool, null)<br/>          volume = optional(object({<br/>            size = optional(number, 100)<br/>            type = optional(string, "gp3")<br/>            }), {<br/>            size = 100<br/>            type = "gp3"<br/>            }<br/>          )<br/>      }),<br/>      gpu = object(<br/>        {<br/>          ami                        = optional(string, null)<br/>          bootstrap_extra_args       = optional(string, "")<br/>          instance_types             = optional(list(string), ["g5.2xlarge"])<br/>          spot                       = optional(bool, false)<br/>          min_per_az                 = optional(number, 0)<br/>          max_per_az                 = optional(number, 10)<br/>          max_unavailable_percentage = optional(number, 50)<br/>          max_unavailable            = optional(number, null)<br/>          desired_per_az             = optional(number, 0)<br/>          availability_zone_ids      = list(string)<br/>          labels = optional(map(string), {<br/>            "dominodatalab.com/node-pool" = "default-gpu"<br/>            "nvidia.com/gpu"              = true<br/>          })<br/>          taints = optional(list(object({<br/>            key    = string<br/>            value  = optional(string)<br/>            effect = string<br/>            })), [{<br/>            key    = "nvidia.com/gpu"<br/>            value  = "true"<br/>            effect = "NO_SCHEDULE"<br/>            }<br/>          ])<br/>          tags = optional(map(string))<br/>          gpu  = optional(bool)<br/>          volume = optional(object({<br/>            size = optional(number)<br/>            type = optional(string)<br/>          }))<br/>      })<br/>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | n/a | yes |
 | <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br/>    provision_cost_usage_report = optional(bool, false)<br/>  })</pre> | `{}` | no |
-| <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
+| <a name="input_eks"></a> [eks](#input\_eks) | run\_k8s\_setup = Toggle to run the k8s setup.<br/>    service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br/>    creation\_role\_name = Name of the role to import.<br/>    k8s\_version = EKS cluster k8s version.<br/>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br/>    kubeconfig = {<br/>      extra\_args = Optional extra args when generating kubeconfig.<br/>      path       = Fully qualified path name to write the kubeconfig file.<br/>    }<br/>    public\_access = {<br/>      enabled = Enable EKS API public endpoint.<br/>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br/>    }<br/>    Custom role maps for aws auth configmap<br/>    custom\_role\_maps = {<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    }<br/>    master\_role\_names  = IAM role names to be added as masters in eks.<br/>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br/>    vpc\_cni            = Configuration for AWS VPC CNI<br/>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br/>    identity\_providers = Configuration for IDP(Identity Provider).<br/>  } | <pre>object({<br/>    run_k8s_setup      = optional(bool)<br/>    service_ipv4_cidr  = optional(string)<br/>    creation_role_name = optional(string, null)<br/>    k8s_version        = optional(string)<br/>    nodes_master       = optional(bool, false)<br/>    kubeconfig = optional(object({<br/>      extra_args = optional(string)<br/>      path       = optional(string)<br/>    }), {})<br/>    public_access = optional(object({<br/>      enabled = optional(bool)<br/>      cidrs   = optional(list(string))<br/>    }), {})<br/>    custom_role_maps = optional(list(object({<br/>      rolearn  = string<br/>      username = string<br/>      groups   = list(string)<br/>    })))<br/>    master_role_names  = optional(list(string))<br/>    cluster_addons     = optional(list(string))<br/>    ssm_log_group_name = optional(string)<br/>    vpc_cni = optional(object({<br/>      prefix_delegation = optional(bool)<br/>      annotate_pod_ip   = optional(bool)<br/>    }))<br/>    identity_providers = optional(list(object({<br/>      client_id                     = string<br/>      groups_claim                  = optional(string)<br/>      groups_prefix                 = optional(string)<br/>      identity_provider_config_name = string<br/>      issuer_url                    = optional(string)<br/>      required_claims               = optional(map(string))<br/>      username_claim                = optional(string)<br/>      username_prefix               = optional(string)<br/>    })))<br/>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br/>    key\_id  = optional(string, null) | <pre>object({<br/>    enabled = optional(bool)<br/>    key_id  = optional(string)<br/>  })</pre> | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br/>      id = Existing vpc id, it will bypass creation by this module.<br/>      subnets = {<br/>        private = Existing private subnets.<br/>        public  = Existing public subnets.<br/>        pod     = Existing pod subnets.<br/>      }), {})<br/>    }), {})<br/>    network\_bits = {<br/>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br/>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br/>    }<br/>    cidrs = {<br/>      vpc     = The IPv4 CIDR block for the VPC.<br/>      pod     = The IPv4 CIDR block for the Pod subnets.<br/>    }<br/>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br/>    vpc = optional(object({<br/>      id = optional(string, null)<br/>      subnets = optional(object({<br/>        private = optional(list(string), [])<br/>        public  = optional(list(string), [])<br/>        pod     = optional(list(string), [])<br/>      }), {})<br/>    }), {})<br/>    network_bits = optional(object({<br/>      public  = optional(number, 27)<br/>      private = optional(number, 19)<br/>      pod     = optional(number, 19)<br/>      }<br/>    ), {})<br/>    cidrs = optional(object({<br/>      vpc = optional(string, "10.0.0.0/16")<br/>      pod = optional(string, "100.64.0.0/16")<br/>    }), {})<br/>    use_pod_cidr = optional(bool, true)<br/>  })</pre> | `{}` | no |