Skip to content

Commit

Permalink
Add dropped addons, rm defaults from submods (#70)
Browse files Browse the repository at this point in the history 
* Add dropped addons, rm defaults from submods

* set default kubeconfig path
  • Loading branch information
@miguelhar
miguelhar authored Apr 6, 2023
1 parent 2304650 commit 7fae06b
Show file tree
Hide file tree
Showing 10 changed files with 14 additions and 22 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,14 +114,14 @@ aws s3 rb s3://"${AWS_TERRAFORM_REMOTE_STATE_BUCKET}" --force
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = list(string)<br> spot = optional(bool, false)<br> min_per_az = number<br> max_per_az = number<br> desired_per_az = number<br> availability_zone_ids = list(string)<br> labels = map(string)<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = object({<br> size = string<br> type = string<br> })<br> }))</pre> | `{}` | no |
| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled = Create bastion host.<br> ami = Ami id. Defaults to latest 'amazon\_linux\_2' ami.<br> instance\_type = Instance type.<br> authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br> username = Bastion user.<br> install\_binaries = Toggle to install required Domino binaries in the bastion. | <pre>object({<br> enabled = optional(bool, true)<br> ami_id = optional(string, null) # default will use the latest 'amazon_linux_2' ami<br> instance_type = optional(string, "t2.micro")<br> authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br> username = optional(string, "ec2-user")<br> install_binaries = optional(bool, false)<br> })</pre> | `null` | no |
| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled = Create bastion host.<br> ami = Ami id. Defaults to latest 'amazon\_linux\_2' ami.<br> instance\_type = Instance type.<br> authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br> username = Bastion user.<br> install\_binaries = Toggle to install required Domino binaries in the bastion. | <pre>object({<br> enabled = optional(bool, true)<br> ami_id = optional(string, null) # default will use the latest 'amazon_linux_2' ami<br> instance_type = optional(string, "t2.micro")<br> authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br> username = optional(string, "ec2-user")<br> install_binaries = optional(bool, false)<br> })</pre> | `{}` | no |
| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br> {<br> compute = object(<br> {<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = optional(list(string), ["m5.2xlarge"])<br> spot = optional(bool, false)<br> min_per_az = optional(number, 0)<br> max_per_az = optional(number, 10)<br> desired_per_az = optional(number, 0)<br> availability_zone_ids = list(string)<br> labels = optional(map(string), {<br> "dominodatalab.com/node-pool" = "default"<br> })<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = optional(object({<br> size = optional(number, 1000)<br> type = optional(string, "gp3")<br> }), {<br> size = 1000<br> type = "gp3"<br> }<br> )<br> }),<br> platform = object(<br> {<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = optional(list(string), ["m5.2xlarge"])<br> spot = optional(bool, false)<br> min_per_az = optional(number, 1)<br> max_per_az = optional(number, 10)<br> desired_per_az = optional(number, 1)<br> availability_zone_ids = list(string)<br> labels = optional(map(string), {<br> "dominodatalab.com/node-pool" = "platform"<br> })<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = optional(object({<br> size = optional(number, 100)<br> type = optional(string, "gp3")<br> }), {<br> size = 100<br> type = "gp3"<br> }<br> )<br> }),<br> gpu = object(<br> {<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = optional(list(string), ["g4dn.xlarge"])<br> spot = optional(bool, false)<br> min_per_az = optional(number, 0)<br> max_per_az = optional(number, 10)<br> desired_per_az = optional(number, 0)<br> availability_zone_ids = list(string)<br> labels = optional(map(string), {<br> "dominodatalab.com/node-pool" = "default-gpu"<br> "nvidia.com/gpu" = true<br> })<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [{<br> key = "nvidia.com/gpu"<br> value = "true"<br> effect = "NO_SCHEDULE"<br> }<br> ])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = optional(object({<br> size = optional(number, 1000)<br> type = optional(string, "gp3")<br> }), {<br> size = 1000<br> type = "gp3"<br> }<br> )<br> })<br> })</pre> | n/a | yes |
| <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | `"domino-eks"` | no |
| <a name="input_eks"></a> [eks](#input\_eks) | k8s\_version = "EKS cluster k8s version."<br> kubeconfig = {<br> extra\_args = "Optional extra args when generating kubeconfig."<br> path = "Fully qualified path name to write the kubeconfig file."<br> }<br> public\_access = {<br> enabled = "Enable EKS API public endpoint."<br> cidrs = "List of CIDR ranges permitted for accessing the EKS public endpoint."<br> }<br> "Custom role maps for aws auth configmap"<br> custom\_role\_maps = {<br> rolearn = string<br> username = string<br> groups = list(string)<br> }<br> master\_role\_names = "IAM role names to be added as masters in eks."<br> cluster\_addons = "EKS cluster addons. vpc-cni is installed separately."<br> ssm\_log\_group\_name = "CloudWatch log group to send the SSM session logs to."<br> } | <pre>object({<br> k8s_version = optional(string, "1.25")<br> kubeconfig = optional(object({<br> extra_args = optional(string, "")<br> path = optional(string)<br> }), {})<br> public_access = optional(object({<br> enabled = optional(bool, false)<br> cidrs = optional(list(string), [])<br> }), {})<br> custom_role_maps = optional(list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> })), [])<br> master_role_names = optional(list(string), [])<br> cluster_addons = optional(list(string), [])<br> ssm_log_group_name = optional(string, "session-manager")<br> })</pre> | `{}` | no |
| <a name="input_eks"></a> [eks](#input\_eks) | k8s\_version = "EKS cluster k8s version."<br> kubeconfig = {<br> extra\_args = "Optional extra args when generating kubeconfig."<br> path = "Fully qualified path name to write the kubeconfig file."<br> }<br> public\_access = {<br> enabled = "Enable EKS API public endpoint."<br> cidrs = "List of CIDR ranges permitted for accessing the EKS public endpoint."<br> }<br> "Custom role maps for aws auth configmap"<br> custom\_role\_maps = {<br> rolearn = string<br> username = string<br> groups = list(string)<br> }<br> master\_role\_names = "IAM role names to be added as masters in eks."<br> cluster\_addons = "EKS cluster addons. vpc-cni is installed separately."<br> ssm\_log\_group\_name = "CloudWatch log group to send the SSM session logs to."<br> } | <pre>object({<br> k8s_version = optional(string, "1.25")<br> kubeconfig = optional(object({<br> extra_args = optional(string, "")<br> path = optional(string, "kubeconfig")<br> }), {})<br> public_access = optional(object({<br> enabled = optional(bool, false)<br> cidrs = optional(list(string), [])<br> }), {})<br> custom_role_maps = optional(list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> })), [])<br> master_role_names = optional(list(string), [])<br> cluster_addons = optional(list(string), ["kube-proxy", "coredns"])<br> ssm_log_group_name = optional(string, "session-manager")<br> })</pre> | `{}` | no |
| <a name="input_kms"></a> [kms](#input\_kms) | enabled = "Toggle,if set use either the specified KMS key\_id or a Domino-generated one"<br> key\_id = optional(string, null) | <pre>object({<br> enabled = optional(bool, true)<br> key_id = optional(string, null)<br> })</pre> | `{}` | no |
| <a name="input_network"></a> [network](#input\_network) | vpc = {<br> id = Existing vpc id, it will bypass creation by this module.<br> subnets = {<br> private = Existing private subnets.<br> public = Existing public subnets.<br> pod = Existing pod subnets.<br> }), {})<br> }), {})<br> network\_bits = {<br> public = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br> private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br> pod = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br> }<br> cidrs = {<br> vpc = The IPv4 CIDR block for the VPC.<br> pod = The IPv4 CIDR block for the Pod subnets.<br> }<br> use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br> vpc = optional(object({<br> id = optional(string, null)<br> subnets = optional(object({<br> private = optional(list(string), [])<br> public = optional(list(string), [])<br> pod = optional(list(string), [])<br> }), {})<br> }), {})<br> network_bits = optional(object({<br> public = optional(number, 27)<br> private = optional(number, 19)<br> pod = optional(number, 19)<br> }<br> ), {})<br> cidrs = optional(object({<br> vpc = optional(string, "10.0.0.0/16")<br> pod = optional(string, "100.64.0.0/16")<br> }), {})<br> use_pod_cidr = optional(bool, true)<br> })</pre> | `{}` | no |
| <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
| <a name="input_route53_hosted_zone_name"></a> [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | Optional hosted zone for External DNSone. | `string` | `null` | no |
| <a name="input_route53_hosted_zone_name"></a> [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | Optional hosted zone for External DNS zone. | `string` | `null` | no |
| <a name="input_ssh_pvt_key_path"></a> [ssh\_pvt\_key\_path](#input\_ssh\_pvt\_key\_path) | SSH private key filepath. | `string` | n/a | yes |
| <a name="input_storage"></a> [storage](#input\_storage) | storage = {<br> efs = {<br> access\_point\_path = Filesystem path for efs.<br> backup\_vault = {<br> create = Create backup vault for EFS toggle.<br> force\_destroy = Toggle to allow automatic destruction of all backups when destroying.<br> backup = {<br> schedule = Cron-style schedule for EFS backup vault (default: once a day at 12pm).<br> cold\_storage\_after = Move backup data to cold storage after this many days.<br> delete\_after = Delete backup data after this many days.<br> }<br> }<br> }<br> s3 = {<br> force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the s3 buckets. if 'false' terraform will NOT be able to delete non-empty buckets.<br> }<br> ecr = {<br> force\_destroy\_on\_deletion = Toogle to allow recursive deletion of all objects in the ECR repositories. if 'false' terraform will NOT be able to delete non-empty repositories.<br> }<br> }<br> } | <pre>object({<br> efs = optional(object({<br> access_point_path = optional(string, "/domino")<br> backup_vault = optional(object({<br> create = optional(bool, true)<br> force_destroy = optional(bool, false)<br> backup = optional(object({<br> schedule = optional(string, "0 12 * * ? *")<br> cold_storage_after = optional(number, 35)<br> delete_after = optional(number, 125)<br> }), {})<br> }), {})<br> }), {})<br> s3 = optional(object({<br> force_destroy_on_deletion = optional(bool, true)<br> }), {})<br> ecr = optional(object({<br> force_destroy_on_deletion = optional(bool, true)<br> }), {})<br> })</pre> | `{}` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Deployment tags. | `map(string)` | `{}` | no |
Expand Down
2 changes: 1 addition & 1 deletion submodules/bastion/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ No modules.
| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled = Create bastion host.<br> ami = Ami id. Defaults to latest 'amazon\_linux\_2' ami.<br> instance\_type = Instance type.<br> authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br> username = Bastion user.<br> install\_binaries = Toggle to install required Domino binaries in the bastion. | <pre>object({<br> enabled = bool<br> ami_id = optional(string) # default will use the latest 'amazon_linux_2' ami<br> instance_type = optional(string)<br> authorized_ssh_ip_ranges = optional(list(string))<br> username = optional(string)<br> install_binaries = optional(bool)<br> })</pre> | n/a | yes |
| <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
| <a name="input_k8s_version"></a> [k8s\_version](#input\_k8s\_version) | K8s version used to download/install the kubectl binary | `string` | n/a | yes |
| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id = KMS key id.<br> key\_arn = KMS key arn. | <pre>object({<br> key_id = string<br> key_arn = string<br> })</pre> | `null` | no |
| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id = KMS key id.<br> key\_arn = KMS key arn. | <pre>object({<br> key_id = string<br> key_arn = string<br> })</pre> | n/a | yes |
| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br> subnets = {<br> public = List of public Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> private = List of private Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> pod = List of pod Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> } | <pre>object({<br> vpc_id = string<br> subnets = object({<br> public = list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> }))<br> private = optional(list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> })), [])<br> pod = optional(list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> })), [])<br> })<br> })</pre> | n/a | yes |
| <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
| <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | path = SSH private key filepath.<br> key\_pair\_name = AWS key\_pair name. | <pre>object({<br> path = string<br> key_pair_name = string<br> })</pre> | n/a | yes |
Expand Down
1 change: 0 additions & 1 deletion submodules/bastion/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ variable "kms_info" {
key_id = string
key_arn = string
})
default = null
}

variable "bastion" {
Expand Down
Loading

0 comments on commit 7fae06b

Please sign in to comment.