Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/terraform/variables.tf
Robert Fairburn 42b1fc7e30
Tf software installers fix (#19715) 
Fixed a typo in the name of the software installers bucket prefix env
var in terraform modules and removed the default prefix as the code
seems to create this prefix automatically. An additional prefix is still
supported for configuration, but can be left empty and will be so as the
default.
2024-06-13 10:07:48 -05:00

432 lines
16 KiB
HCL
Raw Blame History

variable "vpc" {
type = object({
name = optional(string, "fleet")
cidr = optional(string, "10.10.0.0/16")
azs = optional(list(string), ["us-east-2a", "us-east-2b", "us-east-2c"])
private_subnets = optional(list(string), ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"])
public_subnets = optional(list(string), ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"])
database_subnets = optional(list(string), ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"])
elasticache_subnets = optional(list(string), ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"])
create_database_subnet_group = optional(bool, false)
create_database_subnet_route_table = optional(bool, true)
create_elasticache_subnet_group = optional(bool, true)
create_elasticache_subnet_route_table = optional(bool, true)
enable_vpn_gateway = optional(bool, false)
one_nat_gateway_per_az = optional(bool, false)
single_nat_gateway = optional(bool, true)
enable_nat_gateway = optional(bool, true)
enable_dns_hostnames = optional(bool, false)
enable_dns_support = optional(bool, true)
enable_flow_log = optional(bool, false)
create_flow_log_cloudwatch_log_group = optional(bool, false)
create_flow_log_cloudwatch_iam_role = optional(bool, false)
flow_log_max_aggregation_interval = optional(number, 600)
flow_log_cloudwatch_log_group_name_prefix = optional(string, "/aws/vpc-flow-log/")
flow_log_cloudwatch_log_group_name_suffix = optional(string, "")
vpc_flow_log_tags = optional(map(string), {})
})
default = {
name = "fleet"
cidr = "10.10.0.0/16"
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
public_subnets = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"]
database_subnets = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]
elasticache_subnets = ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"]
create_database_subnet_group = false
create_database_subnet_route_table = true
create_elasticache_subnet_group = true
create_elasticache_subnet_route_table = true
enable_vpn_gateway = false
one_nat_gateway_per_az = false
single_nat_gateway = true
enable_nat_gateway = true
enable_dns_hostnames = false
enable_dns_support = true
enable_flow_log = false
create_flow_log_cloudwatch_log_group = false
create_flow_log_cloudwatch_iam_role = false
flow_log_max_aggregation_interval = 600
flow_log_cloudwatch_log_group_name_prefix = "/aws/vpc-flow-log/"
flow_log_cloudwatch_log_group_name_suffix = ""
vpc_flow_log_tags = {}
}
}
variable "certificate_arn" {
type = string
}
variable "rds_config" {
type = object({
name = optional(string, "fleet")
engine_version = optional(string, "8.0.mysql_aurora.3.04.2")
instance_class = optional(string, "db.t4g.large")
subnets = optional(list(string), [])
allowed_security_groups = optional(list(string), [])
allowed_cidr_blocks = optional(list(string), [])
apply_immediately = optional(bool, true)
monitoring_interval = optional(number, 10)
db_parameter_group_name = optional(string)
db_parameters = optional(map(string), {})
db_cluster_parameter_group_name = optional(string)
db_cluster_parameters = optional(map(string), {})
enabled_cloudwatch_logs_exports = optional(list(string), [])
master_username = optional(string, "fleet")
snapshot_identifier = optional(string)
cluster_tags = optional(map(string), {})
})
default = {
name = "fleet"
engine_version = "8.0.mysql_aurora.3.04.2"
instance_class = "db.t4g.large"
subnets = []
allowed_security_groups = []
allowed_cidr_blocks = []
apply_immediately = true
monitoring_interval = 10
db_parameter_group_name = null
db_parameters = {}
db_cluster_parameter_group_name = null
db_cluster_parameters = {}
enabled_cloudwatch_logs_exports = []
master_username = "fleet"
snapshot_identifier = null
cluster_tags = {}
}
description = "The config for the terraform-aws-modules/rds-aurora/aws module"
nullable = false
}
variable "redis_config" {
type = object({
name = optional(string, "fleet")
replication_group_id = optional(string)
elasticache_subnet_group_name = optional(string)
allowed_security_group_ids = optional(list(string), [])
subnets = optional(list(string))
availability_zones = optional(list(string))
cluster_size = optional(number, 3)
instance_type = optional(string, "cache.m5.large")
apply_immediately = optional(bool, true)
automatic_failover_enabled = optional(bool, false)
engine_version = optional(string, "6.x")
family = optional(string, "redis6.x")
at_rest_encryption_enabled = optional(bool, true)
transit_encryption_enabled = optional(bool, true)
parameter = optional(list(object({
name = string
value = string
})), [])
log_delivery_configuration = optional(list(map(any)), [])
tags = optional(map(string), {})
})
default = {
name = "fleet"
replication_group_id = null
elasticache_subnet_group_name = null
allowed_security_group_ids = []
subnets = null
availability_zones = null
cluster_size = 3
instance_type = "cache.m5.large"
apply_immediately = true
automatic_failover_enabled = false
engine_version = "6.x"
family = "redis6.x"
at_rest_encryption_enabled = true
transit_encryption_enabled = true
parameter = []
log_delivery_configuration = []
tags = {}
}
}
variable "ecs_cluster" {
type = object({
autoscaling_capacity_providers = optional(any, {})
cluster_configuration = optional(any, {
execute_command_configuration = {
logging = "OVERRIDE"
log_configuration = {
cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
}
}
})
cluster_name = optional(string, "fleet")
cluster_settings = optional(map(string), {
"name" : "containerInsights",
"value" : "enabled",
})
create = optional(bool, true)
default_capacity_provider_use_fargate = optional(bool, true)
fargate_capacity_providers = optional(any, {
FARGATE = {
default_capacity_provider_strategy = {
weight = 100
}
}
FARGATE_SPOT = {
default_capacity_provider_strategy = {
weight = 0
}
}
})
tags = optional(map(string))
})
default = {
autoscaling_capacity_providers = {}
cluster_configuration = {
execute_command_configuration = {
logging = "OVERRIDE"
log_configuration = {
cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
}
}
}
cluster_name = "fleet"
cluster_settings = {
"name" : "containerInsights",
"value" : "enabled",
}
create = true
default_capacity_provider_use_fargate = true
fargate_capacity_providers = {
FARGATE = {
default_capacity_provider_strategy = {
weight = 100
}
}
FARGATE_SPOT = {
default_capacity_provider_strategy = {
weight = 0
}
}
}
tags = {}
}
description = "The config for the terraform-aws-modules/ecs/aws module"
nullable = false
}
variable "fleet_config" {
type = object({
task_mem = optional(number, null)
task_cpu = optional(number, null)
mem = optional(number, 4096)
cpu = optional(number, 512)
pid_mode = optional(string, null)
image = optional(string, "fleetdm/fleet:v4.51.1")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
mount_points = optional(list(any), [])
volumes = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
extra_iam_policies = optional(list(string), [])
extra_execution_iam_policies = optional(list(string), [])
extra_secrets = optional(map(string), {})
security_groups = optional(list(string), null)
security_group_name = optional(string, "fleet")
iam_role_arn = optional(string, null)
repository_credentials = optional(string, "")
private_key_secret_name = optional(string, "fleet-server-private-key")
service = optional(object({
name = optional(string, "fleet")
}), {
name = "fleet"
})
database = optional(object({
password_secret_arn = string
user = string
database = string
address = string
rr_address = optional(string, null)
}), {
password_secret_arn = null
user = null
database = null
address = null
rr_address = null
})
redis = optional(object({
address = string
use_tls = optional(bool, true)
}), {
address = null
use_tls = true
})
awslogs = optional(object({
name = optional(string, null)
region = optional(string, null)
create = optional(bool, true)
prefix = optional(string, "fleet")
retention = optional(number, 5)
}), {
name = null
region = null
prefix = "fleet"
retention = 5
})
loadbalancer = optional(object({
arn = string
}), {
arn = null
})
extra_load_balancers = optional(list(any), [])
networking = optional(object({
subnets = list(string)
security_groups = optional(list(string), null)
}), {
subnets = null
security_groups = null
})
autoscaling = optional(object({
max_capacity = optional(number, 5)
min_capacity = optional(number, 1)
memory_tracking_target_value = optional(number, 80)
cpu_tracking_target_value = optional(number, 80)
}), {
max_capacity = 5
min_capacity = 1
memory_tracking_target_value = 80
cpu_tracking_target_value = 80
})
iam = optional(object({
role = optional(object({
name = optional(string, "fleet-role")
policy_name = optional(string, "fleet-iam-policy")
}), {
name = "fleet-role"
policy_name = "fleet-iam-policy"
})
execution = optional(object({
name = optional(string, "fleet-execution-role")
policy_name = optional(string, "fleet-execution-role")
}), {
name = "fleet-execution-role"
policy_name = "fleet-iam-policy-execution"
})
}), {
name = "fleetdm-execution-role"
})
software_installers = optional(object({
create_bucket = optional(bool, true)
bucket_name = optional(string, null)
bucket_prefix = optional(string, "fleet-software-installers-")
s3_object_prefix = optional(string, "")
}), {
create_bucket = true
bucket_name = null
bucket_prefix = "fleet-software-installers-"
s3_object_prefix = ""
})
})
default = {
task_mem = null
task_cpu = null
mem = 512
cpu = 256
pid_mode = null
image = "fleetdm/fleet:v4.51.1"
family = "fleet"
sidecars = []
depends_on = []
volumes = []
mount_points = []
extra_environment_variables = {}
extra_iam_policies = []
extra_execution_iam_policies = []
extra_secrets = {}
security_groups = null
security_group_name = "fleet"
iam_role_arn = null
repository_credentials = ""
private_key_secret_name = "fleet-server-private-key"
service = {
name = "fleet"
}
database = {
password_secret_arn = null
user = null
database = null
address = null
rr_address = null
}
redis = {
address = null
use_tls = true
}
awslogs = {
name = null
region = null
create = true
prefix = "fleet"
retention = 5
}
loadbalancer = {
arn = null
}
extra_load_balancers = []
networking = {
subnets = null
security_groups = null
}
autoscaling = {
max_capacity = 5
min_capacity = 1
memory_tracking_target_value = 80
cpu_tracking_target_value = 80
}
iam = {
role = {
name = "fleet-role"
policy_name = "fleet-iam-policy"
}
execution = {
name = "fleet-execution-role"
policy_name = "fleet-iam-policy-execution"
}
}
software_installers = {
create_bucket = true
bucket_name = null
bucket_prefix = "fleet-software-installers-"
s3_object_prefix = ""
}
}
description = "The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified."
nullable = false
}
variable "migration_config" {
type = object({
mem = number
cpu = number
})
description = "The configuration object for Fleet's migration task."
nullable = false
default = {
mem = 2048
cpu = 1024
}
}
variable "alb_config" {
type = object({
name = optional(string, "fleet")
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
allowed_ipv6_cidrs = optional(list(string), ["::/0"])
egress_cidrs = optional(list(string), ["0.0.0.0/0"])
egress_ipv6_cidrs = optional(list(string), ["::/0"])
extra_target_groups = optional(any, [])
https_listener_rules = optional(any, [])
tls_policy = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")
idle_timeout = optional(number, 60)
})
default = {}
}
Reference in a new issue View git blame Copy permalink