Name | Version |
---|---|
terraform | >= 0.13.5 |
argocd | 6.0.2 |
aws | 5.68.0 |
github | 5.34.0 |
helm | >= 2.15.0 |
htpasswd | 1.0.4 |
keycloak | 4.3.1 |
kubectl | 1.14.0 |
kubernetes | >= 2.33.0 |
random | ~>3.5.1 |
time | 0.9.1 |
vault | 3.22.0 |
Name | Version |
---|---|
argocd | 6.0.2 |
aws | 5.68.0 |
aws.aws-indico-devops | 5.68.0 |
aws.dns-control | 5.68.0 |
external | 2.3.4 |
github | 5.34.0 |
helm | 2.16.1 |
htpasswd | 1.0.4 |
kubectl | 1.14.0 |
kubernetes | 2.33.0 |
local | 2.5.2 |
null | 3.2.3 |
random | 3.5.1 |
time | 0.9.1 |
tls | 4.0.6 |
vault | 3.22.0 |
Name | Source | Version |
---|---|---|
argo-registration | app.terraform.io/indico/indico-argo-registration/mod | 1.2.2 |
cluster | app.terraform.io/indico/indico-aws-eks-cluster/mod | 8.2.3 |
efs-storage | app.terraform.io/indico/indico-aws-efs/mod | 2.0.0 |
efs-storage-local-registry | app.terraform.io/indico/indico-aws-efs/mod | 0.0.1 |
fsx-storage | app.terraform.io/indico/indico-aws-fsx/mod | 2.0.0 |
harness_delegate | ./modules/harness | n/a |
k8s_dashboard | ./modules/aws/k8s_dashboard | n/a |
keycloak | ./modules/aws/keycloak | n/a |
kms_key | app.terraform.io/indico/indico-aws-kms/mod | 2.1.2 |
lambda-sns-forwarder | app.terraform.io/indico/indico-lambda-sns-forwarder/mod | 2.0.0 |
networking | app.terraform.io/indico/indico-aws-network/mod | 2.1.0 |
public_networking | app.terraform.io/indico/indico-aws-network/mod | 1.2.2 |
s3-storage | app.terraform.io/indico/indico-aws-buckets/mod | 3.3.1 |
secrets-operator-setup | ./modules/common/vault-secrets-operator-setup | n/a |
security-group | app.terraform.io/indico/indico-aws-security-group/mod | 3.0.0 |
sqs_sns | app.terraform.io/indico/indico-aws-sqs-sns/mod | 1.2.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
acm_arn | arn of a pre-existing acm certificate | string |
"" |
no |
additional_tags | Additonal tags to add to each resource | map(string) |
null |
no |
alerting_email_enabled | enable alerts via email | bool |
false |
no |
alerting_email_from | alerting_email_from. | string |
"blank" |
no |
alerting_email_host | alerting_email_host | string |
"blank" |
no |
alerting_email_password | alerting_email_password | string |
"blank" |
no |
alerting_email_to | alerting_email_to | string |
"blank" |
no |
alerting_email_username | alerting_email_username | string |
"blank" |
no |
alerting_enabled | enable alerts | bool |
false |
no |
alerting_pagerduty_enabled | enable alerts via pagerduty | bool |
false |
no |
alerting_pagerduty_integration_key | Secret pagerduty_integration_key. | string |
"blank" |
no |
alerting_slack_channel | Slack channel for sending notifications from alertmanager. | string |
"blank" |
no |
alerting_slack_enabled | enable alerts via slack | bool |
false |
no |
alerting_slack_token | Secret url with embedded token needed for slack webhook delivery. | string |
"blank" |
no |
applications | n/a | map(object({ |
{} |
no |
argo_branch | Branch to use on argo_repo | string |
"" |
no |
argo_enabled | n/a | bool |
true |
no |
argo_github_team_owner | The GitHub Team that has owner-level access to this Argo Project | string |
"devops-core-admins" |
no |
argo_host | n/a | string |
"argo.devops.indico.io" |
no |
argo_namespace | n/a | string |
"argo" |
no |
argo_password | n/a | string |
"not used" |
no |
argo_path | Path within the argo_repo containing yaml | string |
"." |
no |
argo_repo | Argo Github Repository containing the IPA Application | string |
"" |
no |
argo_username | n/a | string |
"admin" |
no |
aws_access_key | The AWS access key to use for deployment | string |
n/a | yes |
aws_account | The Name of the AWS Acccount this cluster lives in | string |
n/a | yes |
aws_primary_dns_role_arn | The AWS arn for the role needed to manage route53 DNS in a different account. | string |
"" |
no |
aws_secret_key | The AWS secret key to use for deployment | string |
n/a | yes |
aws_session_token | The AWS session token to use for deployment | string |
null |
no |
az_count | Number of availability zones for nodes | number |
2 |
no |
azure_indico_io_client_id | Old provider configuration to remove orphaned readapi resources | string |
"" |
no |
azure_indico_io_client_secret | n/a | string |
"" |
no |
azure_indico_io_subscription_id | n/a | string |
"" |
no |
azure_indico_io_tenant_id | n/a | string |
"" |
no |
azure_readapi_client_id | n/a | string |
"" |
no |
azure_readapi_client_secret | n/a | string |
"" |
no |
azure_readapi_subscription_id | n/a | string |
"" |
no |
azure_readapi_tenant_id | n/a | string |
"" |
no |
bucket_versioning | Enable bucket object versioning | bool |
true |
no |
cluster_api_endpoint_public | If enabled this allow public access to the cluster api endpoint. | bool |
true |
no |
cluster_name | Name of the EKS cluster | string |
"indico-cluster" |
no |
cluster_node_policies | Additonal IAM policies to add to the cluster IAM role | list(any) |
[ |
no |
crds-values-yaml-b64 | n/a | string |
"Cg==" |
no |
create_guardduty_vpc_endpoint | If true this will create a vpc endpoint for guardduty. | bool |
true |
no |
csi_driver_nfs_version | Version of csi-driver-nfs helm chart | string |
"v4.0.9" |
no |
default_tags | Default tags to add to each resource | map(string) |
null |
no |
deletion_protection_enabled | Enable deletion protection if set to true | bool |
true |
no |
devops_tools_cluster_ca_certificate | n/a | string |
"provided from the varset devops-tools-cluster" |
no |
devops_tools_cluster_host | n/a | string |
"provided from the varset devops-tools-cluster" |
no |
direct_connect | Sets up the direct connect configuration if true; else use public subnets | bool |
false |
no |
dns_zone_name | Name of the dns zone used to control DNS | string |
"" |
no |
domain_host | domain host name. | string |
"" |
no |
domain_suffix | Domain suffix | string |
"indico.io" |
no |
efs_filesystem_name | The filesystem name of an existing efs instance | string |
"" |
no |
efs_type | n/a | string |
"create" |
no |
eks_addon_version_guardduty | enable guardduty | bool |
true |
no |
eks_cluster_iam_role | Name of the IAM role to assign to the EKS cluster; will be created if not supplied | string |
null |
no |
eks_cluster_nodes_iam_role | Name of the IAM role to assign to the EKS cluster nodes; will be created if not supplied | string |
null |
no |
enable_firewall | If enabled this will create firewall and internet gateway | bool |
false |
no |
enable_k8s_dashboard | n/a | bool |
true |
no |
enable_readapi | ReadAPI stuff | bool |
true |
no |
enable_s3_access_logging | If true this will enable access logging on the s3 buckets | bool |
true |
no |
enable_s3_backup | Allow backing up data bucket on s3 | bool |
true |
no |
enable_vpc_flow_logs | If enabled this will create flow logs for the VPC | bool |
true |
no |
enable_waf | enables aws alb controller for app-edge, also creates waf rules. | bool |
false |
no |
enable_weather_station | whether or not to enable the weather station internal metrics collection service | bool |
false |
no |
environment | The environment of the cluster, determines which account readapi to use, options production/development | string |
"development" |
no |
existing_kms_key | Name of kms key if it exists in the account (eg. 'alias/') | string |
"" |
no |
external_secrets_version | Version of external-secrets helm chart | string |
"0.10.5" |
no |
firewall_allow_list | n/a | list(string) |
[ |
no |
firewall_subnet_cidrs | CIDR ranges for the firewall subnets | list(string) |
[] |
no |
fsx_deployment_type | The deployment type to launch | string |
"PERSISTENT_1" |
no |
fsx_rox_arn | ARN of the ROX FSx Lustre file system | string |
null |
no |
fsx_rox_id | ID of the existing FSx Lustre file system for ROX | string |
null |
no |
fsx_rwx_arn | ARN of the RWX FSx Lustre file system | string |
null |
no |
fsx_rwx_dns_name | DNS name for the RWX FSx Lustre file system | string |
null |
no |
fsx_rwx_id | ID of the existing FSx Lustre file system for RWX | string |
null |
no |
fsx_rwx_mount_name | Mount name for the RWX FSx Lustre file system | string |
null |
no |
fsx_rwx_security_group_ids | Security group IDs for the RWX FSx Lustre file system | list(string) |
[] |
no |
fsx_rwx_subnet_ids | Subnet IDs for the RWX FSx Lustre file system | list(string) |
[] |
no |
fsx_type | n/a | string |
"create" |
no |
git_pat | n/a | string |
"" |
no |
harbor_pull_secret_b64 | Harbor pull secret from Vault | string |
n/a | yes |
harness_delegate | n/a | bool |
false |
no |
harness_delegate_replicas | n/a | number |
1 |
no |
harness_mount_path | n/a | string |
"harness" |
no |
hibernation_enabled | n/a | bool |
false |
no |
image_registry | docker image registry to use for pulling images. | string |
"harbor.devops.indico.io" |
no |
include_efs | Create efs | bool |
true |
no |
include_fsx | Create a fsx file system(s) | bool |
false |
no |
include_pgbackup | Create a read only FSx file system | bool |
true |
no |
include_rox | Create a read only FSx file system | bool |
false |
no |
indico_aws_access_key_id | The AWS access key for controlling dns in an alternate account | string |
"" |
no |
indico_aws_secret_access_key | The AWS secret key for controlling dns in an alternate account | string |
"" |
no |
indico_aws_session_token | The AWS session token to use for deployment in an alternate account | string |
null |
no |
indico_devops_aws_access_key_id | The Indico-Devops account access key | string |
"" |
no |
indico_devops_aws_region | The Indico-Devops devops cluster region | string |
"" |
no |
indico_devops_aws_secret_access_key | The Indico-Devops account secret | string |
"" |
no |
indico_devops_aws_session_token | Indico-Devops account AWS session token to use for deployment | string |
null |
no |
instance_volume_size | The size of EBS volume to attach to the cluster nodes | number |
60 |
no |
instance_volume_type | The type of EBS volume to attach to the cluster nodes | string |
"gp2" |
no |
internal_elb_use_public_subnets | If enabled, this will use public subnets for the internal elb. Otherwise use the private subnets | bool |
true |
no |
ipa_crds_version | n/a | string |
"0.2.1" |
no |
ipa_enabled | n/a | bool |
true |
no |
ipa_pre_reqs_version | n/a | string |
"0.4.0" |
no |
ipa_repo | n/a | string |
"https://harbor.devops.indico.io/chartrepo/indico-charts" |
no |
ipa_smoketest_enabled | n/a | bool |
true |
no |
ipa_smoketest_repo | n/a | string |
"https://harbor.devops.indico.io/chartrepo/indico-charts" |
no |
ipa_smoketest_values | n/a | string |
"Cg==" |
no |
ipa_smoketest_version | n/a | string |
"0.1.8" |
no |
ipa_values | n/a | string |
"" |
no |
ipa_version | n/a | string |
"0.12.1" |
no |
is_alternate_account_domain | domain name is controlled by a different aws account | string |
"false" |
no |
is_aws | n/a | bool |
true |
no |
is_azure | n/a | bool |
false |
no |
k8s_version | The EKS version to use | string |
"1.31" |
no |
keda_version | n/a | string |
"2.15.2" |
no |
keycloak_enabled | n/a | bool |
true |
no |
kms_encrypt_secrets | Encrypt EKS secrets with KMS | bool |
true |
no |
label | The unique string to be prepended to resources names | string |
"indico" |
no |
lambda_sns_forwarder_destination_endpoint | destination URL for the lambda sns forwarder | string |
"" |
no |
lambda_sns_forwarder_enabled | If enabled a lamda will be provisioned to forward sns messages to an external endpoint. | bool |
false |
no |
lambda_sns_forwarder_function_variables | A map of variables for the lambda_sns_forwarder code to use | map(any) |
{} |
no |
lambda_sns_forwarder_github_branch | The github branch / tag containing the lambda_sns_forwarder code to use | string |
"main" |
no |
lambda_sns_forwarder_github_organization | The github organization containing the lambda_sns_forwarder code to use | string |
"IndicoDataSolutions" |
no |
lambda_sns_forwarder_github_repository | The github repository containing the lambda_sns_forwarder code to use | string |
"" |
no |
lambda_sns_forwarder_github_zip_path | Full path to the lambda zip file | string |
"zip/lambda.zip" |
no |
lambda_sns_forwarder_topic_arn | SNS topic to triger lambda forwarder. | string |
"" |
no |
load_vpc_id | This is required if loading a network rather than creating one. | string |
"" |
no |
local_registry_enabled | n/a | bool |
false |
no |
local_registry_version | n/a | string |
"unused" |
no |
message | The commit message for updates | string |
"Managed by Terraform" |
no |
monitoring_enabled | n/a | bool |
true |
no |
monitoring_version | n/a | string |
"3.0.0" |
no |
name | Name to use in all cluster resources names | string |
"indico" |
no |
network_allow_public | If enabled this will create public subnets, IGW, and NAT gateway. | bool |
true |
no |
network_module | n/a | string |
"networking" |
no |
network_type | n/a | string |
"create" |
no |
nfs_subdir_external_provisioner_version | Version of nfs_subdir_external_provisioner_version helm chart | string |
"4.0.18" |
no |
node_bootstrap_arguments | Additional arguments when bootstrapping the EKS node. | string |
"" |
no |
node_disk_size | The root device size for the worker nodes. | string |
"150" |
no |
node_groups | n/a | any |
n/a | yes |
node_user_data | Additional user data used when bootstrapping the EC2 instance. | string |
"" |
no |
oidc_client_id | n/a | string |
"kube-oidc-proxy" |
no |
oidc_config_name | n/a | string |
"indico-google-ws" |
no |
oidc_enabled | Enable OIDC Auhentication | bool |
true |
no |
oidc_groups_claim | n/a | string |
"groups" |
no |
oidc_groups_prefix | n/a | string |
"oidcgroup:" |
no |
oidc_issuer_url | n/a | string |
"https://keycloak.devops.indico.io/auth/realms/GoogleAuth" |
no |
oidc_username_claim | n/a | string |
"sub" |
no |
oidc_username_prefix | n/a | string |
"oidcuser:" |
no |
on_prem_test | n/a | bool |
false |
no |
opentelemetry_collector_version | n/a | string |
"0.108.0" |
no |
per_unit_storage_throughput | Throughput for each 1 TiB or storage (max 200) for RWX FSx | number |
100 |
no |
performance_bucket | Add permission to connect to indico-locust-benchmark-test-results | bool |
false |
no |
pre-reqs-values-yaml-b64 | n/a | string |
"Cg==" |
no |
private_subnet_cidrs | CIDR ranges for the private subnets | list(string) |
n/a | yes |
private_subnet_tag_name | n/a | string |
"Name" |
no |
private_subnet_tag_value | n/a | string |
"*private*" |
no |
public_ip | Should the cluster manager have a public IP assigned | bool |
true |
no |
public_subnet_cidrs | CIDR ranges for the public subnets | list(string) |
n/a | yes |
public_subnet_tag_name | n/a | string |
"Name" |
no |
public_subnet_tag_value | n/a | string |
"*public*" |
no |
readapi_customer | Name of the customer readapi is being deployed in behalf. | string |
null |
no |
region | The AWS region in which to launch the indico stack | string |
"us-east-1" |
no |
restore_snapshot_enabled | Flag for restoring cluster from snapshot | bool |
false |
no |
restore_snapshot_name | Name of snapshot in account's s3 bucket | string |
"" |
no |
s3_endpoint_enabled | If set to true, an S3 VPC endpoint will be created. If this variable is set, the region variable must also be set |
bool |
false |
no |
secrets_operator_enabled | Use to enable the secrets operator which is used for maintaining thanos connection | bool |
true |
no |
sg_tag_name | n/a | string |
"Name" |
no |
sg_tag_value | n/a | string |
"*-allow-subnets" |
no |
skip_final_snapshot | Skip taking a final snapshot before deletion; not recommended to enable | bool |
false |
no |
snapshot_id | The ebs snapshot of read-only data to use | string |
"" |
no |
sqs_sns | Flag for enabling SQS/SNS | bool |
true |
no |
ssl_static_secret_name | secret_name for static ssl certificate | string |
"indico-ssl-static-cert" |
no |
storage_capacity | Storage capacity in GiB for RWX FSx | number |
1200 |
no |
storage_gateway_size | The size of the storage gateway VM | string |
"m5.xlarge" |
no |
submission_expiry | The number of days to retain submissions | number |
30 |
no |
subnet_az_zones | Availability zones for the subnets | list(string) |
n/a | yes |
terraform_smoketests_enabled | n/a | bool |
true |
no |
terraform_vault_mount_path | n/a | string |
"terraform" |
no |
thanos_cluster_ca_certificate | n/a | string |
"provided from the varset thanos" |
no |
thanos_cluster_host | n/a | string |
"provided from the varset thanos" |
no |
thanos_cluster_name | n/a | string |
"thanos" |
no |
thanos_enabled | n/a | bool |
true |
no |
thanos_grafana_admin_password | n/a | string |
"provided from the varset thanos" |
no |
thanos_grafana_admin_username | n/a | string |
"provided from the varset devops-tools-cluster" |
no |
uploads_expiry | The number of days to retain uploads | number |
30 |
no |
use_acm | create cluster that will use acm | bool |
false |
no |
use_nlb | If true this will create a NLB loadbalancer instead of a classic VPC ELB | bool |
false |
no |
use_static_ssl_certificates | use static ssl certificates for clusters which cannot use certmanager and external dns. | bool |
false |
no |
vault_address | n/a | string |
"https://vault.devops.indico.io" |
no |
vault_mount_path | n/a | string |
"terraform" |
no |
vault_password | n/a | any |
n/a | yes |
vault_secrets_operator_version | n/a | string |
"0.7.0" |
no |
vault_username | n/a | any |
n/a | yes |
vpc_cidr | The VPC for the entire indico stack | string |
n/a | yes |
vpc_flow_logs_iam_role_arn | The IAM role to use for the flow logs | string |
"" |
no |
vpc_name | The VPC name | string |
"indico_vpc" |
no |
Name | Description |
---|---|
acm_arn | arn of the acm |
api_models_s3_bucket_name | Name of the api-models s3 bucket |
argo_branch | n/a |
argo_path | n/a |
argo_repo | n/a |
cluster_name | n/a |
cluster_region | n/a |
data_s3_bucket_name | Name of the data s3 bucket |
dns_name | n/a |
efs_filesystem_id | ID of the EFS filesystem |
fsx_rox_id | Read only filesystem |
fsx_rwx_id | Read write filesystem |
fsx_storage_fsx_rwx_dns_name | n/a |
fsx_storage_fsx_rwx_mount_name | n/a |
fsx_storage_fsx_rwx_subnet_id | n/a |
fsx_storage_fsx_rwx_volume_handle | n/a |
git_branch | n/a |
git_sha | n/a |
harbor-api-token | n/a |
harness_delegate_name | n/a |
ipa_version | n/a |
key_pem | Generated private key for key pair |
kube_ca_certificate | n/a |
kube_host | n/a |
kube_token | n/a |
local_registry_password | n/a |
local_registry_username | n/a |
monitoring-password | n/a |
monitoring-username | n/a |
monitoring_enabled | n/a |
ns | n/a |
s3_role_id | ID of the S3 role |
smoketest_chart_version | n/a |
wafv2_arn | arn of the wafv2 acl |
zerossl | n/a |