Optimize CI (#303)

* upgrade machineType * pinned workload-identity module to fix for sa bug * Modified all occurances of WI module * remove automount_service_account_token from kuberay-operator
GoogleCloudPlatform · Mar 7, 2024 · 6b844bc · artemvmin · Mar 9, 2024 · 6b844bc
1 parent 9f53668
commit 6b844bc
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/applications/rag/frontend/main.tf b/applications/rag/frontend/main.tf
@@ -63,6 +63,7 @@ module "iap_auth" {
 
 module "frontend-workload-identity" {
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "30.0.0" # Pinning to a previous version as current version (30.1.0) showed inconsitent behaviour with workload identity service accounts
   use_existing_gcp_sa = !var.create_service_account
   name                = var.google_service_account
   namespace           = var.namespace

diff --git a/cloudbuild.yaml b/cloudbuild.yaml
@@ -363,4 +363,4 @@ substitutions:
   _USER_NAME: github
 options:
   substitutionOption: 'ALLOW_LOOSE'
-
+  machineType: 'E2_HIGHCPU_8'
diff --git a/modules/jupyter/main.tf b/modules/jupyter/main.tf
@@ -67,6 +67,7 @@ module "iap_auth" {
 
 module "jupyterhub-workload-identity" {
   source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version    = "30.0.0" # Pinning to a previous version as current version (30.1.0) showed inconsitent behaviour with workload identity service accounts
   name       = var.workload_identity_service_account
   namespace  = var.namespace
   project_id = var.project_id

diff --git a/modules/kuberay-operator/kuberay.tf b/modules/kuberay-operator/kuberay.tf
@@ -25,14 +25,13 @@ resource "helm_release" "kuberay-operator" {
 
 module "kuberay-workload-identity" {
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "30.0.0" # Pinning to a previous version as current version (30.1.0) showed inconsitent behaviour with workload identity service accounts
   use_existing_gcp_sa = !var.create_service_account
   name                = var.google_service_account
   namespace           = var.namespace
   project_id          = var.project_id
   roles               = ["roles/cloudsql.client", "roles/monitoring.viewer"]
 
-  automount_service_account_token = true
-
   depends_on = [helm_release.kuberay-operator]
 }