deflax/k8s-cluster
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
k8s-cluster/terraform/testbed/modules/main/variables.tf

718 lines
19 KiB
Terraform
Raw Normal View History

import from rtg
2024-05-17 22:03:38 -04:00
########## MAIN VARIABLES ##########
variable "aws_region" {
description = "Set AWS region"
type = string
default = "eu-west-1"
}
variable "prefix" {
description = "Set prefix for environment (EXAMPLE:test/dev/prod)"
type = string
default = "test"
}
variable "def_tags" {
description = "Tags related to all AWS resources created"
type = map(string)
default = {
"Environment" = "Test"
}
}
######### ALB VARIABLES #########
variable "alb_name" {
description = "The name of the Application load balancer"
type = string
default = "fargate-alb"
}
# variable "acm_cert_arn" {
# description = "The ACM certificate arn to be used with the ALB"
# type = string
# }
######### ECS VARIABLES #########
variable "efs_name" {
description = "The name of the EFS"
type = string
default = "efs"
}
variable "ecs_cluster_name" {
description = "The name of the ecs_cluster"
type = string
default = "ecs-cluster-fargate"
}
variable "container_insights" {
description = "Value for container insights, accepts enabled or disabled"
type = string
default = "enabled"
}
variable "ecs_fargate_name" {
description = "The name of ecs_fargate"
type = string
default = "ecs-fargate"
}
variable "tg_name" {
description = "Name of the target group"
type = string
default = "ecs-fargate-tg"
}
variable "logs_retention_days" {
description = "Number of days that logs will be kept. Accepted values: (1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653)"
type = number
default = 14
}
variable "task_definition_cpu" {
description = "The CPU value of the task. Accepted values: 256 (.25 vCPU),512 (.5 vCPU),1024 (1 vCPU), 2048 (2 vCPU), 4096 (4 vCPU),8192 (8 vCPU)"
type = number
default = 256
}
variable "task_definition_memory" {
description = "The memory value of the task. Values depend on task_definition_cpu values. Accepted values can be found at https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html"
type = number
default = 512
}
variable "task_container_port" {
description = "The port number on the container that is bound to the user-specified or automatically assigned host port"
type = number
default = 80
}
variable "task_desired_count" {
description = "The number of instances of the task definitions to place and keep running"
type = number
default = 1
}
########## KMS VARIABLES ##########
variable "create_kms_module" {
description = "Should it create the KMS module or not"
type = bool
default = true
}
variable "k_usage" {
description = "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. Defaults to `ENCRYPT_DECRYPT`"
type = string
default = "ENCRYPT_DECRYPT"
}
variable "days_of_deletion" {
description = "Waiting period, after which the AWS KMS key is deleted. Valid values are days(number) between: `7` and `30` days inclusive"
type = number
default = 30
}
variable "enabled_rotation" {
description = "Enables key rotation. Default is `true`"
type = bool
default = true
}
variable "key_enabled" {
description = "Specifies whether the key is enabled. Defaults to `true`"
type = bool
default = true
}
variable "key_specs" {
description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`"
type = string
default = "SYMMETRIC_DEFAULT"
}
variable "k_owners" {
description = "List of IAM ARNs, which have kms:* permissions"
type = list(string)
default = []
}
variable "key_admins" {
description = "List of IAM ARNs, which have `kms:Create*`, `kms:Describe*`, `kms:Enable`, `kms:List*`, `kms:Put*`, `kms:Update*`, `kms:Revoke*`, `kms:Disable*`, `kms:Get*`, `kms:Delete*`, `kms:TagResource`, `kms:UntagResource`, `kms:ScheduleKeyDeletion`, `kms:CancelKeyDeletion` permissions"
type = list(string)
default = []
}
variable "k_users" {
description = "A list of IAM ARNs, which have `kms:Encrypt`, `kms:Decrypt`, `kms:ReEncrypt*`, `kms:GenerateDataKey*`, `kms:DescribeKey` permissions"
type = list(string)
default = []
}
variable "key_service_principals" {
description = "A list of AWS service principals (https://gist.github.com/shortjared/4c1e3fe52bdfa47522cfe5b41e5d6f22)"
type = list(string)
default = ["sns.amazonaws.com", "events.amazonaws.com"]
}
variable "k_service_users" {
description = "A list of IAM ARNs, which have `kms:CreateGrant, `kms:ListGrants`, `kms:RevokeGrant` permissions"
type = list(string)
default = []
}
variable "alias" {
description = "List of key aliases"
type = list(string)
default = ["terraform-key1"]
}
variable "tags" {
description = "Map of strings/tags to add to the key resource"
type = map(string)
default = {
Created = "True"
}
}
########## EVENTBRIDGE VARIABLES ##########
variable "create_eventbridge_module" {
description = "Should it create the EventBridge module or not"
type = bool
default = true
}
variable "event_role_enabled" {
description = "Controls whether IAM roles should be created"
type = bool
default = false
}
variable "event_bus_enabled" {
description = "Controls whether EventBridge Bus resource should be created. When, `false`, the default bus will be used for the rules"
type = bool
default = false
}
variable "event_rule_description" {
description = "Description for the event rule"
type = string
default = "Detects KMS Deletion and Key disabled state"
}
variable "event_sources" {
description = "List of evvent sources for the Event Rule, services, etc."
type = list(string)
default = ["kms.amazonaws.com"]
}
variable "event_name" {
description = "List of events to detect"
type = list(string)
default = ["DisableKey", "ScheduleKeyDeletion"]
}
variable "target_name" {
description = "Name of the Target rule of the event"
type = string
default = "SNS target"
}
########## SNS VARIABLES ##########
variable "create_sns_module" {
description = "Should it create the SNS module or not"
type = bool
default = true
}
variable "name_of_topic" {
description = "The name of the SNS topic to create"
type = string
default = "sns-topic"
}
variable "encryption_key" {
description = "Defines the key to encrypt the SNS topic"
type = string
default = null
}
variable "principles_for_policy_1" {
description = "Principals for Policy 1"
type = list(string)
default = ["events.amazonaws.com", "s3.amazonaws.com", "rds.amazonaws.com", "budgets.amazonaws.com"]
}
variable "principles_for_policy_2" {
description = "Principals for Policy 2"
type = list(string)
default = ["cloudwatch.amazonaws.com", "elasticache.amazonaws.com", "elasticbeanstalk.amazonaws.com", "autoscaling.amazonaws.com"]
}
variable "principles_for_policy_3" {
description = "Principals for Policy 3"
type = list(string)
default = ["ses.amazonaws.com", "events.amazonaws.com"]
}
########## VPC VARIABLES ##########
variable "create_vpc_module" {
description = "Should it create the VPC module or not"
type = bool
default = true
}
variable "vpc_name" {
description = "Name of the VPC"
type = string
default = "VPC"
}
variable "cidr" {
description = "CIDR of the VPC"
type = string
default = "10.0.0.0/16"
}
variable "azs" {
description = "A list of availability zones names or ids in the region"
type = list(string)
default = ["eu-west-1a", "eu-west-1b", "eu-west-1c",]
}
variable "private_subnets" {
description = " A list of private subnets inside the VPC"
type = list(string)
default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
}
variable "public_subnets" {
description = " A list of public subnets inside the VPC"
type = list(string)
default = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
}
variable "database_subnets" {
description = " A list of private subnets inside the VPC"
type = list(string)
default = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
}
variable "enable_nat_gateway" {
description = "Should be true if you want to provision NAT Gateways for each of your private networks"
type = bool
default = true
}
variable "create_database_subnet_group" {
description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
type = bool
default = true
}
variable "private_acl_dedicated" {
description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
type = bool
default = true
}
variable "public_acl_dedicated" {
description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
type = bool
default = true
}
variable "pub_inbound_acl" {
description = "Public subnets inbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "pub_outbound_acl" {
description = "Public subnets outbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "private_inbound_acl" {
description = "Private subnets inbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "private_outbound_acl" {
description = "Private subnets outbound network ACLs"
type = list(map(string))
default = [
{
rule_number = 100
rule_action = "allow"
from_port = 0
to_port = 0
protocol = "-1"
cidr_block = "0.0.0.0/0"
},
]
}
variable "vpc_tags" {
description = "Map of strings/tags to add to the VPCresource"
type = map(string)
default = {
Created = "True"
}
}
########## ECR VARIABLES ##########
variable "create_ecr_module" {
description = "Should it create the ECR module or not"
type = bool
default = true
}
variable "is_image_mutable" {
description = "The tag mutability setting for the repo. Values <IMMUTABLE> or <MUTABLE>"
type = string
default = "MUTABLE"
}
variable "ecr_encryption" {
description = "The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256`"
type = string
default = "KMS"
}
variable "repository_kms_key" {
description = "The ARN of the KMS key to use when encryption_type is `KMS`. If not specified, uses the default AWS managed key for ECR"
type = string
default = null
}
variable "repo_name" {
description = "Name of the repo to be created"
type = string
default = "ecr-repo"
}
variable "ecr_tags" {
description = "Tags to set on the ecr repo"
type = map(string)
default = {
Creation = "True"
}
}
variable "scan_enabled" {
description = "Whether images are scanned after being pushed to the repo"
type = bool
default = true
}
variable "delete_enabled" {
description = "Whether the repository can be forcefully removed while having images stored inside"
type = bool
default = true
}
variable "ecr_policy" {
description = "ECR Lifecycle Policy (json string) to manage the image lifecycles in the ECR repo"
type = string
default = <<L_POLICY
{
"rules": [
{
"action": {
"type": "expire"
},
"selection": {
"countType": "imageCountMoreThan",
"countNumber": 50,
"tagStatus": "any"
},
"description": "Only keep 50 images",
"rulePriority": 10
}
]
}
L_POLICY
}
########## RDS VARIABLES ##########
variable "engine_version" {
description = "The Version of the DB engine"
type = string
default = "5.7"
}
variable "cluster_name" {
description = "Cluster Name"
type = string
default = "clusterdb"
}
variable "num_of_instances" {
description = "The number of instances that you wish to be in the cluster"
type = number
default = 1
}
variable "instance_type" {
description = "Type of instance- number of CPU's and RAM that will be provided to the instance (example: db.t3.small).Keep in mind that some types are not supported in different regions and versions of engine"
type = string
default = "db.t3.small"
}
variable "cloud_watch_exports" {
description = "Which parameters to export to cloudwatch"
type = list(string)
default = ["error", "slowquery"]
}
variable "parameter_group_name" {
description = "Parameter group name"
type = string
default = "sqlvpcparamgroupname"
}
variable "parameter_group_family" {
description = "Parameter group family"
type = string
default = "aurora-mysql5.7"
}
variable "create_db_cluster_parameter_group" {
description = "To create the parameter group or not, default is true"
type = bool
default = true
}
variable "db_master_username" {
description = "DB master username"
type = string
default = "rootuser"
}
variable "database_name" {
description = "Name of the database"
type = string
default = "testdb"
}
########## WAF VARIABLES ##########
variable "waf_scope" {
description = "The scope of the WAF. Region for lb association or cloudfront for cloudfront cdn association. Accepted values: (REGIONAL, CLOUDFRONT)."
type = string
default = "CLOUDFRONT"
}
########## CLOUDFRONT VARIABLES ##########
# variable "cdn_alias" {
# description = "Extra CNAMEs (alternate domain names), if any, for this distribution."
# type = list(string)
# }
# variable "us_east_cert_arn" {
# description = "The ACM certificate available in us-east-1 to be used with Cloudfront"
# type = string
# }
variable "cdn_comment" {
description = "Comment for the Cloudfront distribution"
type = string
default = "Cloudfront CDN for Wordpress"
}
variable "cdn_price_class" {
description = "Price class for the Clodufront distribution. Accepted values: (PriceClass_100, PriceClass_200, PriceClass_All)"
type = string
default = "PriceClass_100"
}
variable "origin_protocol_policy" {
description = "The origin protocol policy for Cloudfront. Accepted values are (https-only, http-only and match-viewer)"
type = string
default = "match-viewer"
}
variable "origin_ssl_protocols" {
description = "A list of accepted SSL origin protocols"
type = list(string)
default = ["TLSv1.2"]
}
variable "cdn_allowed_methods" {
description = "List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront"
type = list(string)
default = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
}
variable "cdn_cached_methods" {
description = "List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD)"
type = list(string)
default = ["GET", "HEAD"]
}
variable "enable_cdn" {
description = "Enable or disable the Cloudfront modules. Allowed values: (true or false)"
type = bool
default = true
}
variable "cdn_is_ipv6_enabled" {
description = "Enable or disable ipv6 on Cloudfront"
type = bool
default = true
}
variable "cdn_retain_on_delete" {
description = "Enable or disable retention after delete of the CDN. Allowed values: (true or false)"
type = bool
default = false
}
variable "cdn_wait_for_deployment" {
description = "If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process."
type = bool
default = false
}
######### AUTO SCALING VARIABLES ############
variable "as_max_cpu_threshold" {
description = "Threshold for max CPU usage"
type = string
default = "85"
}
variable "as_min_cpu_threshold" {
description = "Threshold for min CPU usage"
type = string
default = "10"
}
variable "as_max_cpu_evaluation_period" {
description = "The number of periods over which data is compared to the specified threshold for max cpu metric alarm"
type = string
default = "3"
}
variable "as_min_cpu_evaluation_period" {
description = "The number of periods over which data is compared to the specified threshold for min cpu metric alarm"
type = string
default = "3"
}
variable "as_max_cpu_period" {
description = "The period in seconds over which the specified statistic is applied for max cpu metric alarm"
type = string
default = "60"
}
variable "as_min_cpu_period" {
description = "The period in seconds over which the specified statistic is applied for min cpu metric alarm"
type = string
default = "60"
}
variable "as_scale_target_max_capacity" {
description = "The max capacity of the scalable target"
type = number
default = 5
}
variable "as_scale_target_min_capacity" {
description = "The min capacity of the scalable target"
type = number
default = 1
}
#### EFS ####
variable "app_labels" {
type = map
description = "List of the labels for Deployment"
default = {
"app" = "wordpress"
"tier" = "frontend"
}
}
variable "deployment_replicas" {
type = string
description = "Number of replicas for the Deployment"
default = 3
}
variable "deployment_name" {
type = string
description = "Name of the Deployment"
default = "wordpress"
}
variable "kubernetes_namespace" {
type = string
description = "Kubernetes namespace for selection"
default = "wordpress-rds"
}
variable "fargate_profile_name" {
type = string
description = "Name of the Fargate Profile"
default = "eks_fargate"
}
variable "desired_nodes" {
description = "Desired number of worker nodes"
default = 2
}
variable "max_nodes" {
description = "Maximum number of worker nodes"
default = 2
}
variable "min_nodes" {
description = "Minimum number of worker nodes"
default = 1
}
variable "ng_instance_types" {
type = list(string)
description = "List of instance types associated with the EKS Node Group"
default = ["t2.micro"]
}
variable "disk_size" {
description = "Disk Size for Worker Nodes in GiB"
default = 10
}
variable "eks_cluster_name" {
description = "Name of the EKS Cluster"
default = "k8s"
}
variable "node_group_name" {
type = string
description = "Name of the EKS Node Group"
default = "k8s"
}
Reference in a new issue Copy permalink