Fix bastion vars (#212)

dominodatalab · Feb 2, 2024 · a5d1971 · a5d1971
1 parent a19b8fb
commit a5d1971
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 8 deletions.
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
@@ -27,9 +27,10 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string)<br>    bootstrap_extra_args       = optional(string)<br>    instance_types             = list(string)<br>    spot                       = optional(bool)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })))<br>    tags = optional(map(string))<br>    gpu  = optional(bool)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `{}` | no |
-| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'amazon\_linux\_2' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool)<br>    ami_id                   = optional(string)<br>    instance_type            = optional(string)<br>    authorized_ssh_ip_ranges = optional(list(string))<br>    username                 = optional(string)<br>    install_binaries         = optional(bool)<br>  })</pre> | n/a | yes |
+| <a name="input_bastion"></a> [bastion](#input\_bastion) | enabled                  = Create bastion host.<br>    ami                      = Ami id. Defaults to latest 'amazon\_linux\_2' ami.<br>    instance\_type            = Instance type.<br>    authorized\_ssh\_ip\_ranges = List of CIDR ranges permitted for the bastion ssh access.<br>    username                 = Bastion user.<br>    install\_binaries         = Toggle to install required Domino binaries in the bastion. | <pre>object({<br>    enabled                  = optional(bool, true)<br>    ami_id                   = optional(string)<br>    instance_type            = optional(string)<br>    authorized_ssh_ip_ranges = optional(list(string))<br>    username                 = optional(string)<br>    install_binaries         = optional(bool)<br>  })</pre> | n/a | yes |
 | <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      })<br>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | n/a | yes |
+| <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
 | <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(string)<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
 | <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null) | <pre>object({<br>    enabled = optional(bool)<br>    key_id  = optional(string)<br>  })</pre> | n/a | yes |

diff --git a/examples/deploy/terraform/infra/main.tf b/examples/deploy/terraform/infra/main.tf
@@ -16,6 +16,7 @@ module "infra" {
   ssh_pvt_key_path            = var.ssh_pvt_key_path
   tags                        = var.tags
   ignore_tags                 = var.ignore_tags
+  domino_cur                  = var.domino_cur
 }
 
 

diff --git a/examples/deploy/terraform/infra/outputs.tf b/examples/deploy/terraform/infra/outputs.tf
@@ -5,7 +5,7 @@ output "infra" {
 
 output "ssh_bastion_command" {
   description = "Command used in order to ssh to bastion."
-  value       = module.infra.bastion.ssh_bastion_command
+  value       = var.bastion.enabled ? module.infra.bastion.ssh_bastion_command : null
 }
 
 output "domino_config_values" {

diff --git a/examples/deploy/terraform/infra/variables.tf b/examples/deploy/terraform/infra/variables.tf
@@ -355,11 +355,21 @@ variable "bastion" {
   EOF
 
   type = object({
-    enabled                  = optional(bool)
+    enabled                  = optional(bool, true)
     ami_id                   = optional(string)
     instance_type            = optional(string)
     authorized_ssh_ip_ranges = optional(list(string))
     username                 = optional(string)
     install_binaries         = optional(bool)
   })
 }
+
+
+variable "domino_cur" {
+  description = "Determines whether to provision domino cost related infrastructures, ie, long term storage"
+  type = object({
+    provision_cost_usage_report = optional(bool, false)
+  })
+
+  default = {}
+}
diff --git a/examples/tfvars/minimal-wo-bastion.tfvars b/examples/tfvars/minimal-wo-bastion.tfvars
@@ -12,11 +12,10 @@ default_node_groups = {
   platform = {
     "availability_zone_ids" = ["usw2-az1", "usw2-az2"]
   }
-
-  ## bastion is enabled by default
-  bastion = {
-    enabled = false
-  }
 }
 
 route53_hosted_zone_name = "deploys-delta.domino.tech"
+
+bastion = {
+  enabled = false
+}
diff --git a/examples/tfvars/public-access.tfvars b/examples/tfvars/public-access.tfvars
@@ -21,3 +21,7 @@ default_node_groups = {
     }
   }
 }
+
+bastion = {
+  enabled = false
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,3 +21,7 @@ default_node_groups = { @@
         }
       }
     }
+    bastion = {
+      enabled = false
+    }