-
Notifications
You must be signed in to change notification settings - Fork 17
/
variables.tf
344 lines (287 loc) · 11.6 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
# Copyright (c) 2023 Oracle Corporation and/or affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
// OCI Identity Variables
variable "user_id" {
type = string
description = "The OCID of the user that will be used by terraform to create OCI resources. To get the value, see Where to Get the Tenancy's OCID and User's OCID."
}
variable "region" {
type = string
description = "The OCI region where resources will be created. To get the value, See Regions and Availability Domains - https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm#top"
default = ""
}
variable "tenancy_id" {
type = string
description = "The OCID of your tenancy. To get the value, see Where to Get the Tenancy's OCID and User's OCID - https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five."
}
variable "api_private_key_path" {
type = string
description = "The path to the private key used by the OCI user to authenticate with OCI API's. OCI plugin for the HashiCorp Vault allows only the 4096 key size for the OCI API signing key (RSA key pair in PEM format). So please use the 4096 key size when creating the RSA key pair. For details on how to create and configure keys see How to Generate an API Signing Key (https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#two) and How to Upload the Public Key (https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#three)"
default = ""
}
variable "private_key_password" {
type = string
description = "The password used to decrypt the OCI user's private key. (Optional) Passphrase used for the api_private_key, if it is encrypted."
default = ""
}
variable "fingerprint" {
type = string
description = "Fingerprint for the key pair being used. To get the value, see How to Get the Key's Fingerprint. https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#four"
}
// Common OCI resource variables
variable "availability_domain_id" {
type = string
description = "The ID of the availability domain inside the `region` in which to create this deployment"
}
variable "compartment_id" {
type = string
description = "The OCID of the compartment."
}
variable "prefix" {
type = string
description = "A unique prefix to attach to the name of all cloud resources that are created as a part of this deployment"
}
variable "instance_shape" {
type = map(any)
description = "The OCI instance shape to use for all compute resources that are created as part of this deployment"
default = {
shape = "VM.Standard.E4.Flex", ocpus = 2, memory = 32
}
}
variable "image_ocid" {
type = string
description = "The OCID of the OS image to use when creating all compute resources that are part of this deployment"
default = ""
}
variable "os_version" {
type = string
description = "The version of Oracle Linux to use as the base image for all compute resources that are part of this deployemnt"
default = "8"
}
variable "kernel_version" {
type = string
description = "Kernel version to be installed"
default = "ol8_UEKR6"
}
variable "compute_user" {
type = string
description = "A user configured with sudo access and authenticated with ssh_public_key and ssh_private_key on each compute resource"
default = "opc"
}
variable "node_ocids" {
description = "Comma separated list of Kubernetes nodes (both control plane and worker nodes) with their Oracle Cloud Identifiers (OCIDs). The format for the list is: FQDN=OCID,..."
default = ""
}
// Compute instance specific variables
variable "ssh_public_key_path" {
type = string
description = "The SSH public key path to use when configuring access to any compute resources created as part of this deployment"
}
variable "ssh_private_key_path" {
type = string
description = "The SSH private key path that goes with the SSH public key that is used when accessing compute resources that are created as part of this deployment"
}
// Instance pool specific variables
variable "vault_pool_size" {
type = number
description = "The initial number of Vault instances to spawn as part of this deployment"
default = "1"
}
variable "load_balancer_shape" {
type = map(string)
description = "The OCI load balancer shape to use when creating load balancers for this deployment"
default = {
shape = "flexible"
flex_min = "10"
flex_max = "50"
}
}
variable "load_balancer_policy" {
type = string
description = "The traffic policy to apply to any load balancers that are created as part of this deployment"
default = "LEAST_CONNECTIONS"
}
variable "vault_namespace" {
type = string
description = "OCI Object storage bucket namespace string used to create the OCI Object Storage Bucket to support the [HashiCorp Vault OCI Object Storage Backend](https://www.vaultproject.io/docs/configuration/storage/oci-object-storage). To get the namespace string see [Understanding Object Storage Namespaces](https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/understandingnamespaces.htm]."
default = ""
}
variable "vault_version" {
type = string
description = "The version of Vault to deploy"
default = "1.3.4"
}
variable "proxy" {
type = string
description = "A proxy server to use for https and http communication when downloading or otherwise fetching data from external networks"
default = ""
}
variable "no_proxy" {
type = string
description = "No proxy setting, if used"
default = ""
}
variable "ocne_version" {
type = string
description = "The version and release of OCNE to deploy. For more details on the versions, please see the [OCNE Release Notes](https://docs.oracle.com/en/operating-systems/olcne/1.7/relnotes/components.html#components). The default value '1.7' is to install the latest patch version of 1.7. To install a specific patch version, please set the value to `<major.minor.patch>` or `<major.minor.patch>-<release>`."
default = "1.7"
}
variable "yum_repo_url" {
type = string
description = "The URI of the yum repository that hosts all OCNE packages"
default = "http://yum.oracle.com/repo/OracleLinux/OL8/olcne16/x86_64"
}
variable "control_plane_node_count" {
type = number
description = "The number of Kubernetes control plane nodes to deploy"
default = 3
}
variable "worker_node_count" {
type = number
description = "The number of Kubernetes worker nodes to deploy"
default = 3
}
variable "standalone_api_server" {
type = bool
description = "If true, a dedicated compute instance is allocated for the OCNE API Server. Otherwise, it will be deployed onto one of the Kubernetes control plane nodes"
default = true
}
variable "environment_name" {
type = string
description = "The name of the OCNE Environment that is created by this module to deploy module instances into"
default = "myenvironment"
}
variable "kubernetes_name" {
type = string
description = "The name of the instance of the OCNE Kubernetes module that is installed as part of this deployment"
default = "mycluster"
}
variable "kube_apiserver_port" {
type = string
description = "The port to use for the Kubernetes API server that is created as part of this deployment"
default = "6443"
}
variable "container_registry" {
type = string
description = "The container image registry that contains all container images that are consumed by this deployment"
default = "container-registry.oracle.com/olcne"
}
variable "extra_cas" {
type = list(any)
description = "Any extra trusted certificates for compute resources"
default = []
}
// Networking variables
variable "vcn_id" {
type = string
description = "The OCID of the OCI Virtual Cloud Network in which to create any subnets that might be generated as part of this deployment"
default = ""
}
variable "subnet_id" {
type = string
description = "The OCID of a pre-existing subnet that all newly created cloud resources will be configured to use. If this variable to set to the empty string, a network configuration will be generated automatically"
default = ""
}
variable "ig_route_id" {
type = string
default = ""
}
variable "nat_route_id" {
type = string
default = ""
}
variable "deploy_networking" {
type = bool
description = "Decides if VCN is installed."
default = true
}
// Vault variables
variable "use_vault" {
type = bool
description = "Decides if Vault is used to requisition certificates for OCNE daemons. If true, then certificates are allocated using a Vault instance. Otherwise, this module will generate certificates and distribute them to each node"
default = false
}
variable "vault_ocid" {
type = string
description = "The OCID of the OCI KMS Vault to use with the Hashicorp Vault automatic unsealing feature"
default = ""
}
variable "key_ocid" {
type = string
description = "The OCID of the OCI KMS Vault Key to use with the Hashicorp Vault automatic unsealing feature"
default = ""
}
variable "secret_name" {
type = string
description = "The name of the vault secret"
default = "vault_keys"
}
variable "ocne_secret_name" {
type = string
description = "The name of the ocne vault secret"
default = "ocne_keys"
}
variable "enable_bastion" {
type = bool
description = "Decides if bastion is installed. Intended for internal use. Set to false."
default = true
}
variable "bastion_shape" {
type = map(any)
description = "The shape of bastion instance."
default = {
shape = "VM.Standard.E3.Flex", ocpus = 1, memory = 4
}
}
variable "bastion_public_ip" {
type = string
description = "Public IP address of an existing Bastion host. This is set when we are not creating a bastion but need to use an existing one."
default = ""
}
variable "bastion_user" {
type = string
description = "User name on the Bastion host"
default = "opc"
}
variable "bastion_private_key_path" {
type = string
description = "The SSH private key path that goes with the SSH public key that is used when accessing the bastion host. Must be set if enable_bastion is set to true."
default = ""
}
variable "enable_notification" {
description = "Whether to enable ONS notification for the bastion host."
default = false
type = bool
}
# The three tags, department, environment, and role, were moved
# from modules/terraform-oci-bastion/variables.tf
variable "freeform_tags" {
description = "Freeform tags with useful miscellaneous information."
type = map(any)
default = {}
}
variable "restrict_service_externalip_cidrs" {
type = string
description = "A set of CIDR blocks to allow for the externalIp field in Kubernetes Services"
default = ""
}
variable "debug" {
type = bool
description = "Enable provision debug logging"
default = false
}
variable "provision_mode" {
type = string
description = "Specifies the provision mode."
default = "OCNE"
}
variable "virtual_ip" {
type = bool
description = "Setup Kubernetes API server endpoint on a virtual IP address representing all the Kubernetes control plane nodes"
default = false
}
variable "config_file_path" {
type = string
description = "The path to the OCNE configuration file - https://docs.oracle.com/en/operating-systems/olcne/1.7/olcnectl/config.html"
default = ""
}