使用 Terraform 创建环境

Cloud Composer 1 | Cloud Composer 2 | Cloud Composer 3

本页是介绍创建环境的主页面的补充内容。它演示了如何设置 Cloud Composer 环境和用户代管式服务账号 并在现有 Google Cloud 项目中针对此环境创建 Terraform:您可以先从此页面开始,然后再添加更多内容 根据需要配置环境的配置参数。


  • 本指南假定您有一个 Google Cloud 项目, 配置的结算信息:

    • 您可以使用现有项目。
    • 你可以创建新项目 使用 Google Cloud 控制台、Google Cloud CLI、API 或 Python 客户端库。
    • 您可以使用 Terraform 创建和管理项目。有关 请参阅 Terraform 文档 google_project 资源。
  • 安装 gcloud CLI

向 Google Cloud 进行身份验证

如需进行 Google Cloud 身份验证,请运行以下命令:

gcloud auth application-default login

如需详细了解此命令,请参阅 gcloud auth application-default

在 Terraform 中配置 Google 提供程序

指定现有的项目 ID 以及资源的默认区域您的 Cloud Composer 环境使用此区域。

provider "google-beta" {
  project = "example-project"
  region  = "us-central1"

启用 Cloud Composer API

在您的项目中启用 Cloud Composer API:

resource "google_project_service" "composer_api" {
  provider = google-beta
  project = "example-project"
  service = "composer.googleapis.com"
  // Disabling Cloud Composer API might irreversibly break all other
  // environments in your project.
  // This parameter prevents automatic disabling
  // of the API when the resource is destroyed.
  // We recommend to disable the API only after all environments are deleted.
  disable_on_destroy = false
  // this flag is introduced in 5.39.0 version of Terraform. If set to true it will
  //prevent you from disabling composer_api through Terraform if any environment was
  //there in the last 30 days
  check_if_service_has_usage_on_destroy = true


默认情况下,Cloud Composer 环境使用默认 Compute Engine 账号。本指南介绍了另一种方法, 创建一个新的服务账号,该账号拥有运行 Cloud Composer 环境。

使用以下角色和权限定义自定义服务账号。对于 有关环境服务账号权限的更多信息,请参阅 使用 IAM 进行访问权限控制

resource "google_service_account" "custom_service_account" {
  provider = google-beta
  account_id   = "custom-service-account"
  display_name = "Example Custom Service Account"

resource "google_project_iam_member" "custom_service_account" {
  provider = google-beta
  project  = "example-project"
  member   = format("serviceAccount:%s", google_service_account.custom_service_account.email)
  // Role for Public IP environments
  role     = "roles/composer.worker"


使用 Terraform 创建环境。

此示例演示了如何创建使用自定义 服务账号。您可以添加更多参数来定义其他配置 您的环境参数,例如自定义规模和性能 参数或其他 PyPI 软件包中。


resource "google_composer_environment" "example_environment" {
  provider = google-beta
  name = "example-environment"

  config {

    software_config {
      image_version = "composer-3-airflow-2.9.1-build.8"

    node_config {
      service_account = google_service_account.custom_service_account.email


完整的 Terraform 脚本(默认参数)

provider "google-beta" {
  project = "example-project"
  region  = "us-central1"

resource "google_project_service" "composer_api" {
  provider = google-beta
  project = "example-project"
  service = "composer.googleapis.com"
  // Disabling Cloud Composer API might irreversibly break all other
  // environments in your project.
  disable_on_destroy = false
  // this flag is introduced in 5.39.0 version of Terraform. If set to true it will
  //prevent you from disabling composer_api through Terraform if any environment was
  //there in the last 30 days
  check_if_service_has_usage_on_destroy = true

resource "google_composer_environment" "example_environment" {
  provider = google-beta
  name = "example-environment"

  config {

    // Add your environment configuration here

    software_config {
      image_version = "composer-3-airflow-2.9.1-build.8"


完整的 Terraform 脚本(自定义服务账号)

provider "google-beta" {
  project = "example-project"
  region  = "us-central1"

resource "google_project_service" "composer_api" {
  provider = google-beta
  project = "example-project"
  service = "composer.googleapis.com"
  // Disabling Cloud Composer API might irreversibly break all other
  // environments in your project.
  disable_on_destroy = false
  // this flag is introduced in 5.39.0 version of Terraform. If set to true it will
  //prevent you from disabling composer_api through Terraform if any environment was
  //there in the last 30 days
  check_if_service_has_usage_on_destroy = true

resource "google_service_account" "custom_service_account" {
  provider = google-beta
  account_id   = "custom-service-account"
  display_name = "Example Custom Service Account"

resource "google_project_iam_member" "custom_service_account" {
  provider = google-beta
  project  = "example-project"
  member   = format("serviceAccount:%s", google_service_account.custom_service_account.email)
  // Role for Public IP environments
  role     = "roles/composer.worker"

resource "google_composer_environment" "example_environment" {
  provider = google-beta
  name = "example-environment"

  config {

    software_config {
      image_version = "composer-3-airflow-2.9.1-build.8"

    node_config {
      service_account = google_service_account.custom_service_account.email



如需了解如何使用 Terraform 配置环境,请参阅其他文档页面。例如: