-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
148 lines (134 loc) · 4.17 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
variable "stack_name" {
type = string
default = "foundation-stack"
description = "Name of the stack"
}
variable "stack_create" {
type = bool
default = true
description = "should resources be created"
}
variable "stack_tags" {
type = map(any)
default = {
Owner = "pelotech"
Environment = "prod"
}
description = "tags to be added to the stack, should at least have Owner and Environment"
}
variable "stack_vpc_block" {
type = object({
cidr = string
azs = list(string)
private_subnets = list(string)
public_subnets = list(string)
database_subnets = list(string)
})
default = {
cidr = "172.16.0.0/16"
azs = ["us-west-2a", "us-west-2b", "us-west-2c"]
private_subnets = ["172.16.0.0/24", "172.16.1.0/24", "172.16.2.0/24"]
public_subnets = ["172.16.100.0/24", "172.16.101.0/24", "172.16.102.0/24"]
database_subnets = ["172.16.200.0/24", "172.16.201.0/24", "172.16.202.0/24"]
}
description = "Variables for defining the vpc for the stack"
}
variable "extra_access_entries" {
type = list(object({
principal_arn = string
kubernetes_groups = optional(list(string))
policy_arn = string
access_scope_type = string
access_scope_namespaces = optional(list(string))
}))
description = "EKS access entries needed by IAM roles interacting with this cluster"
default = []
validation {
error_message = "Access scope type can only be 'namespace' or 'cluster'"
condition = alltrue([
for v in var.extra_access_entries : contains(["namespace", "cluster"], v.access_scope_type)
])
}
validation {
error_message = "The access scope type 'namespace' requires 'access_scope_namespaces', namespaces can't be set otherwise."
condition = alltrue([
for v in var.extra_access_entries : ((v.access_scope_type == "namespace" && v.access_scope_namespaces != null) || (v.access_scope_type != "namespace" && v.access_scope_namespaces == null))
])
}
}
variable "stack_ci_admin_arn" {
type = string
description = "arn to the ci role"
}
# TODO: find a cleaner way for KMS access to be able to run plans on the module
variable "stack_ci_ro_arn" {
type = string
description = "arn to the ci role for planning on PRs"
}
variable "stack_admin_arns" {
type = list(string)
default = []
description = "arn to the roles for the cluster admins role"
}
variable "stack_ro_arns" {
type = list(string)
default = []
description = "arn to the roles for the cluster read only role"
}
variable "initial_node_taints" {
type = list(object({ key = string, value = string, effect = string }))
default = [
{
key = "CriticalAddonsOnly"
value = "true"
effect = "NO_SCHEDULE"
},
{
key = "nidhogg.uswitch.com/kube-system.kube-multus-ds"
value = "true"
effect = "NO_SCHEDULE"
}
]
description = "taints for the initial managed node group"
}
variable "initial_node_labels" {
type = map(string)
default = {
"kube-ovn/role" = "master"
}
description = "labels for the initial managed node group"
}
variable "initial_instance_types" {
type = list(string)
description = "instance types of the initial managed node group"
}
variable "initial_node_min_size" {
type = number
default = 2
description = "minimum size of the initial managed node group"
}
variable "initial_node_max_size" {
type = number
default = 6
description = "max size of the initial managed node group"
}
variable "initial_node_desired_size" {
type = number
default = 3
description = "desired size of the initial managed node group"
}
variable "s3_csi_driver_create_bucket" {
type = bool
default = true
description = "create a new bucket for use with the s3 CSI driver"
}
variable "s3_csi_driver_bucket_arns" {
type = list(string)
default = []
description = "existing buckets the s3 CSI driver should have access to"
}
variable "vpc_endpoints" {
type = list(string)
description = "vpc endpoints within the cluster vpc network"
default = []
}