Home Original page

GitHub - IndicoDataSolutions/tf_cod: Terraform repository for Clusters on Demand (COD)

acm_arn arn of a pre-existing acm certificate string "" no additional_tags Additonal tags to add to each resource map(string) null no alerting_email_enabled enable alerts via email bool false no alerting_email_from alerting_email_from. string "blank" no alerting_email_host alerting_email_host string "blank" no alerting_email_password alerting_email_password string "blank" no alerting_email_to alerting_email_to string "blank" no alerting_email_username alerting_email_username string "blank" no alerting_enabled enable alerts bool false no alerting_pagerduty_enabled enable alerts via pagerduty bool false no alerting_pagerduty_integration_key Secret pagerduty_integration_key. string "blank" no alerting_slack_channel Slack channel for sending notifications from alertmanager. string "blank" no alerting_slack_enabled enable alerts via slack bool false no alerting_slack_token Secret url with embedded token needed for slack webhook delivery. string "blank" no applications n/a 
map(object({
    name            = string
    repo            = string
    chart           = string
    version         = string
    values          = string,
    namespace       = string,
    createNamespace = bool,
    vaultPath       = string
  }))
{} no argo_branch Branch to use on argo_repo string "" no argo_enabled n/a bool true no argo_github_team_owner The GitHub Team that has owner-level access to this Argo Project string "devops-core-admins" no argo_host n/a string "argo.devops.indico.io" no argo_namespace n/a string "argo" no argo_password n/a string "not used" no argo_path Path within the argo_repo containing yaml string "." no argo_repo Argo Github Repository containing the IPA Application string "" no argo_username n/a string "admin" no aws_access_key The AWS access key to use for deployment string n/a yes aws_account The Name of the AWS Acccount this cluster lives in string n/a yes aws_primary_dns_role_arn The AWS arn for the role needed to manage route53 DNS in a different account. string "" no aws_secret_key The AWS secret key to use for deployment string n/a yes aws_session_token The AWS session token to use for deployment string null no az_count Number of availability zones for nodes number 2 no azure_indico_io_client_id Old provider configuration to remove orphaned readapi resources string "" no azure_indico_io_client_secret n/a string "" no azure_indico_io_subscription_id n/a string "" no azure_indico_io_tenant_id n/a string "" no azure_readapi_client_id n/a string "" no azure_readapi_client_secret n/a string "" no azure_readapi_subscription_id n/a string "" no azure_readapi_tenant_id n/a string "" no bucket_versioning Enable bucket object versioning bool true no cluster_api_endpoint_public If enabled this allow public access to the cluster api endpoint. bool true no cluster_name Name of the EKS cluster string "indico-cluster" no cluster_node_policies Additonal IAM policies to add to the cluster IAM role list(any) 
[
  "IAMReadOnlyAccess"
]
no crds-values-yaml-b64 n/a string "Cg==" no create_guardduty_vpc_endpoint If true this will create a vpc endpoint for guardduty. bool true no csi_driver_nfs_version Version of csi-driver-nfs helm chart string "v4.0.9" no default_tags Default tags to add to each resource map(string) null no deletion_protection_enabled Enable deletion protection if set to true bool true no devops_tools_cluster_ca_certificate n/a string "provided from the varset devops-tools-cluster" no devops_tools_cluster_host n/a string "provided from the varset devops-tools-cluster" no direct_connect Sets up the direct connect configuration if true; else use public subnets bool false no dns_zone_name Name of the dns zone used to control DNS string "" no domain_host domain host name. string "" no domain_suffix Domain suffix string "indico.io" no efs_filesystem_name The filesystem name of an existing efs instance string "" no efs_type n/a string "create" no eks_addon_version_guardduty enable guardduty bool true no eks_cluster_iam_role Name of the IAM role to assign to the EKS cluster; will be created if not supplied string null no eks_cluster_nodes_iam_role Name of the IAM role to assign to the EKS cluster nodes; will be created if not supplied string null no enable_firewall If enabled this will create firewall and internet gateway bool false no enable_k8s_dashboard n/a bool true no enable_readapi ReadAPI stuff bool true no enable_s3_access_logging If true this will enable access logging on the s3 buckets bool true no enable_s3_backup Allow backing up data bucket on s3 bool true no enable_vpc_flow_logs If enabled this will create flow logs for the VPC bool true no enable_waf enables aws alb controller for app-edge, also creates waf rules. bool false no enable_weather_station whether or not to enable the weather station internal metrics collection service bool false no environment The environment of the cluster, determines which account readapi to use, options production/development string "development" no existing_kms_key Name of kms key if it exists in the account (eg. 'alias/') string "" no external_secrets_version Version of external-secrets helm chart string "0.10.5" no firewall_allow_list n/a list(string) 
[
  ".cognitiveservices.azure.com"
]
no firewall_subnet_cidrs CIDR ranges for the firewall subnets list(string) [] no fsx_deployment_type The deployment type to launch string "PERSISTENT_1" no fsx_rox_arn ARN of the ROX FSx Lustre file system string null no fsx_rox_id ID of the existing FSx Lustre file system for ROX string null no fsx_rwx_arn ARN of the RWX FSx Lustre file system string null no fsx_rwx_dns_name DNS name for the RWX FSx Lustre file system string null no fsx_rwx_id ID of the existing FSx Lustre file system for RWX string null no fsx_rwx_mount_name Mount name for the RWX FSx Lustre file system string null no fsx_rwx_security_group_ids Security group IDs for the RWX FSx Lustre file system list(string) [] no fsx_rwx_subnet_ids Subnet IDs for the RWX FSx Lustre file system list(string) [] no fsx_type n/a string "create" no git_pat n/a string "" no harbor_pull_secret_b64 Harbor pull secret from Vault string n/a yes harness_delegate n/a bool false no harness_delegate_replicas n/a number 1 no harness_mount_path n/a string "harness" no hibernation_enabled n/a bool false no image_registry docker image registry to use for pulling images. string "harbor.devops.indico.io" no include_efs Create efs bool true no include_fsx Create a fsx file system(s) bool false no include_pgbackup Create a read only FSx file system bool true no include_rox Create a read only FSx file system bool false no indico_aws_access_key_id The AWS access key for controlling dns in an alternate account string "" no indico_aws_secret_access_key The AWS secret key for controlling dns in an alternate account string "" no indico_aws_session_token The AWS session token to use for deployment in an alternate account string null no indico_devops_aws_access_key_id The Indico-Devops account access key string "" no indico_devops_aws_region The Indico-Devops devops cluster region string "" no indico_devops_aws_secret_access_key The Indico-Devops account secret string "" no indico_devops_aws_session_token Indico-Devops account AWS session token to use for deployment string null no instance_volume_size The size of EBS volume to attach to the cluster nodes number 60 no instance_volume_type The type of EBS volume to attach to the cluster nodes string "gp2" no internal_elb_use_public_subnets If enabled, this will use public subnets for the internal elb. Otherwise use the private subnets bool true no ipa_crds_version n/a string "0.2.1" no ipa_enabled n/a bool true no ipa_pre_reqs_version n/a string "0.4.0" no ipa_repo n/a string "https://harbor.devops.indico.io/chartrepo/indico-charts" no ipa_smoketest_enabled n/a bool true no ipa_smoketest_repo n/a string "https://harbor.devops.indico.io/chartrepo/indico-charts" no ipa_smoketest_values n/a string "Cg==" no ipa_smoketest_version n/a string "0.1.8" no ipa_values n/a string "" no ipa_version n/a string "0.12.1" no is_alternate_account_domain domain name is controlled by a different aws account string "false" no is_aws n/a bool true no is_azure n/a bool false no k8s_version The EKS version to use string "1.32" no keda_version n/a string "2.15.2" no keycloak_enabled n/a bool true no kms_encrypt_secrets Encrypt EKS secrets with KMS bool true no label The unique string to be prepended to resources names string "indico" no lambda_sns_forwarder_destination_endpoint destination URL for the lambda sns forwarder string "" no lambda_sns_forwarder_enabled If enabled a lamda will be provisioned to forward sns messages to an external endpoint. bool false no lambda_sns_forwarder_function_variables A map of variables for the lambda_sns_forwarder code to use map(any) {} no lambda_sns_forwarder_github_branch The github branch / tag containing the lambda_sns_forwarder code to use string "main" no lambda_sns_forwarder_github_organization The github organization containing the lambda_sns_forwarder code to use string "IndicoDataSolutions" no lambda_sns_forwarder_github_repository The github repository containing the lambda_sns_forwarder code to use string "" no lambda_sns_forwarder_github_zip_path Full path to the lambda zip file string "zip/lambda.zip" no lambda_sns_forwarder_topic_arn SNS topic to triger lambda forwarder. string "" no load_vpc_id This is required if loading a network rather than creating one. string "" no local_registry_enabled n/a bool false no local_registry_version n/a string "unused" no message The commit message for updates string "Managed by Terraform" no monitoring_enabled n/a bool true no monitoring_version n/a string "3.0.0" no name Name to use in all cluster resources names string "indico" no network_allow_public If enabled this will create public subnets, IGW, and NAT gateway. bool true no network_module n/a string "networking" no network_type n/a string "create" no nfs_subdir_external_provisioner_version Version of nfs_subdir_external_provisioner_version helm chart string "4.0.18" no node_bootstrap_arguments Additional arguments when bootstrapping the EKS node. string "" no node_disk_size The root device size for the worker nodes. string "150" no node_groups n/a any n/a yes node_user_data Additional user data used when bootstrapping the EC2 instance. string "" no oidc_client_id n/a string "kube-oidc-proxy" no oidc_config_name n/a string "indico-google-ws" no oidc_enabled Enable OIDC Auhentication bool true no oidc_groups_claim n/a string "groups" no oidc_groups_prefix n/a string "oidcgroup:" no oidc_issuer_url n/a string "https://keycloak.devops.indico.io/auth/realms/GoogleAuth" no oidc_username_claim n/a string "sub" no oidc_username_prefix n/a string "oidcuser:" no on_prem_test n/a bool false no opentelemetry_collector_version n/a string "0.108.0" no per_unit_storage_throughput Throughput for each 1 TiB or storage (max 200) for RWX FSx number 100 no performance_bucket Add permission to connect to indico-locust-benchmark-test-results bool false no pre-reqs-values-yaml-b64 n/a string "Cg==" no private_subnet_cidrs CIDR ranges for the private subnets list(string) n/a yes private_subnet_tag_name n/a string "Name" no private_subnet_tag_value n/a string "*private*" no public_ip Should the cluster manager have a public IP assigned bool true no public_subnet_cidrs CIDR ranges for the public subnets list(string) n/a yes public_subnet_tag_name n/a string "Name" no public_subnet_tag_value n/a string "*public*" no readapi_customer Name of the customer readapi is being deployed in behalf. string null no region The AWS region in which to launch the indico stack string "us-east-1" no restore_snapshot_enabled Flag for restoring cluster from snapshot bool false no restore_snapshot_name Name of snapshot in account's s3 bucket string "" no s3_endpoint_enabled If set to true, an S3 VPC endpoint will be created. If this variable is set, the region variable must also be set bool false no secrets_operator_enabled Use to enable the secrets operator which is used for maintaining thanos connection bool true no sg_tag_name n/a string "Name" no sg_tag_value n/a string "*-allow-subnets" no skip_final_snapshot Skip taking a final snapshot before deletion; not recommended to enable bool false no snapshot_id The ebs snapshot of read-only data to use string "" no sqs_sns Flag for enabling SQS/SNS bool true no ssl_static_secret_name secret_name for static ssl certificate string "indico-ssl-static-cert" no storage_capacity Storage capacity in GiB for RWX FSx number 1200 no storage_gateway_size The size of the storage gateway VM string "m5.xlarge" no submission_expiry The number of days to retain submissions number 30 no subnet_az_zones Availability zones for the subnets list(string) n/a yes terraform_smoketests_enabled n/a bool true no terraform_vault_mount_path n/a string "terraform" no thanos_cluster_ca_certificate n/a string "provided from the varset thanos" no thanos_cluster_host n/a string "provided from the varset thanos" no thanos_cluster_name n/a string "thanos" no thanos_enabled n/a bool true no thanos_grafana_admin_password n/a string "provided from the varset thanos" no thanos_grafana_admin_username n/a string "provided from the varset devops-tools-cluster" no uploads_expiry The number of days to retain uploads number 30 no use_acm create cluster that will use acm bool false no use_nlb If true this will create a NLB loadbalancer instead of a classic VPC ELB bool false no use_static_ssl_certificates use static ssl certificates for clusters which cannot use certmanager and external dns. bool false no vault_address n/a string "https://vault.devops.indico.io" no vault_mount_path n/a string "terraform" no vault_password n/a any n/a yes vault_secrets_operator_version n/a string "0.7.0" no vault_username n/a any n/a yes vpc_cidr The VPC for the entire indico stack string n/a yes vpc_flow_logs_iam_role_arn The IAM role to use for the flow logs string "" no vpc_name The VPC name string "indico_vpc" no