upd: Support latest changes for Anyscale Operator on GCP

On branch brent/gke-standard-public Changes to be committed: modified: README.md modified: main.tf modified: outputs.tf
anyscale · Nov 8, 2024 · fe4f3f5 · fe4f3f5
1 parent e52abb7
commit fe4f3f5
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/examples/gcp/gke-existing_cluster/README.md b/examples/gcp/gke-existing_cluster/README.md
@@ -41,8 +41,8 @@ existing_gke_cluster_region  = "..."
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.44.1 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.32.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 5.44.2 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 

diff --git a/examples/gcp/gke-existing_cluster/main.tf b/examples/gcp/gke-existing_cluster/main.tf
@@ -21,16 +21,22 @@ locals {
   )
 }
 
+#trivy:ignore:AVD-GCP-0011
 module "anyscale_iam" {
   #checkov:skip=CKV_TF_1: Example code should use the latest version of the module
   #checkov:skip=CKV_TF_2: Example code should use the latest version of the module
   source         = "github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules//modules/google-anyscale-iam"
   module_enabled = true
 
   anyscale_org_id                           = var.anyscale_org_id
-  create_anyscale_access_role               = true
+  create_anyscale_access_role               = false
+  create_anyscale_access_service_acct       = true
   create_anyscale_cluster_node_service_acct = true # Set to true to bind to a GKE Service Account
-  anyscale_cluster_node_service_acct_name   = "anyscale-cluster-node"
+  anyscale_cluster_node_service_acct_name   = "anyscale-dataplane-node"
+  anyscale_cluster_node_service_acct_permissions = [
+    "roles/iam.serviceAccountTokenCreator",
+    "roles/artifactregistry.reader"
+  ]
 
   anyscale_project_id = var.google_project_id
 }
@@ -42,7 +48,7 @@ module "anyscale_cloudstorage" {
   module_enabled = true
 
   bucket_iam_members = [
-    module.anyscale_iam.iam_anyscale_access_service_acct_member,
+    # module.anyscale_iam.iam_anyscale_access_service_acct_member,
     module.anyscale_iam.iam_anyscale_cluster_node_service_acct_member
   ]
 

diff --git a/examples/gcp/gke-existing_cluster/outputs.tf b/examples/gcp/gke-existing_cluster/outputs.tf
@@ -10,10 +10,7 @@ output "anyscale_registration_command" {
     --cloud-storage-bucket-name ${module.anyscale_cloudstorage.cloudstorage_bucket_name} \
     --filestore-instance-id ${module.anyscale_filestore.anyscale_filestore_name} \
     --filestore-location ${module.anyscale_filestore.anyscale_filestore_location} \
-    --anyscale-service-account-email ${module.anyscale_iam.iam_anyscale_access_service_acct_email} \
     --provider-name ${module.anyscale_iam.iam_workload_identity_provider_name} \
-    --kubernetes-namespaces ${var.anyscale_k8s_namespace} \
-    --kubernetes-ingress-external-address ${module.anyscale_k8s_helm.nginx_ingress_lb_ips[0]} \
     --kubernetes-zones ${join(",", data.google_container_cluster.anyscale.node_locations)} \
     --anyscale-operator-iam-identity ${module.anyscale_iam.iam_anyscale_cluster_node_service_acct_email}
   EOT