Cluster Module Examples#
Each module type uses both backend.tf and variable.tfvar files.
backend.tf example#
region="us-west-2"
bucket="example-bucket"
key="use-west-2/external/cluster/my-env"
variable.tfvar example#
argocd_repos = [
"edge-manageability-framework"
]
aurora_availability_zones = ""
aurora_dev_mode = true
aurora_instance_availability_zones = ""
aurora_max_acus = 2
aurora_min_acus = "0.5"
aurora_postgres_ver_major = "14"
aurora_postgres_ver_minor = "9"
auto_cert = false
aws_account_number = ""
aws_region = ""
aws_roles = [
"AWSReservedSSO_AWSAdministratorAccess_933fc287558617cc",
"AWSReservedSSO_Developer_EKS_054305100460_52b02cdf70e84917"
]
ca_cert = ""
cache_registry = ""
cluster_fqdn = ""
customer_tag = ""
ec2log_cw_expire = 7
ec2log_file_list = "/var/log/messages* /var/log/aws-routed-eni/* /var/log/dmesg /tmp/kubelet.log /tmp/free.log /tmp/df.log /tmp/top.log"
ec2log_s3_expire = 30
ec2log_script = "sudo journalctl -xeu kubelet >/tmp/kubelet.log; free >/tmp/free.log; df -h >/tmp/df.log; top -b -n 3 >/tmp/top.log"
efs_policy_name = "EFS_CSI_Driver_Policy"
efs_policy_source = "https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.5.4/docs/iam-policy-example.json"
efs_role_name = "EFS_CSI_DriverRole"
efs_sg_name = "efs-nfs"
efs_throughput_mode = "bursting"
efs_transition_to_ia = "AFTER_7_DAYS"
efs_transition_to_primary_storage_class = "AFTER_1_ACCESS"
eks_additional_iam_policies = [
"secret_read_release-service-token",
"secret_read_sre-secret"
]
eks_additional_node_groups = {
"observability": {
"desired_size": 1,
"instance_type": "t3.2xlarge",
"labels": {
"node.kubernetes.io/custom-rule": "observability"
},
"max_size": 1,
"min_size": 1,
"taints": {
"node.kubernetes.io/custom-rule": {
"effect": "NO_SCHEDULE",
"value": "observability"
}
},
"volume_size": 20,
"volume_type": "gp3"
}
}
eks_addons = [
{
"name": "aws-ebs-csi-driver",
"version": "v1.39.0-eksbuild.1"
},
{
"configuration_values": "{\"enableNetworkPolicy\": \"true\", \"nodeAgent\": {\"healthProbeBindAddr\": \"8163\", \"metricsBindAddr\": \"8162\"}}",
"name": "vpc-cni",
"version": "v1.19.2-eksbuild.1"
},
{
"name": "aws-efs-csi-driver",
"version": "v2.1.4-eksbuild.1"
}
]
eks_cluster_dns_ip = ""
eks_cluster_name = ""
eks_desired_size = 1
eks_http_proxy = ""
eks_https_proxy = ""
eks_max_pods = 58
eks_max_size = 1
eks_min_size = 1
eks_no_proxy = ""
eks_node_ami_id = "ami-09ea311630482acd7"
eks_node_instance_type = "t3.2xlarge"
eks_user_script_post_cloud_init = ""
eks_user_script_pre_cloud_init = ""
eks_version = "1.32"
eks_volume_size = 20
eks_volume_type = "gp3"
enable_cache_registry = "false"
enable_ec2log = true
enable_eks_auth = false
enable_orch_init = true
import_s3_buckets = false
istio_namespaces = [
"orch-infra",
"orch-app",
"orch-cluster",
"orch-ui",
"orch-platform",
"orch-gateway"
]
needed_namespaces = [
"orch-sre",
"cattle-system",
"orch-boots",
"fleet-default",
"argocd",
"orch-secret"
]
orch_databases = {
"alerting": {
"namespace": "orch-infra",
"user": "orch-infra-system-alerting_user"
},
"app-orch-catalog": {
"namespace": "orch-app",
"user": "app-orch-catalog_user"
},
"inventory": {
"namespace": "orch-infra",
"user": "orch-infra-system-inventory_user"
},
"platform-keycloak": {
"namespace": "orch-platform",
"user": "orch-platform-system-platform-keycloak_user"
},
"vault": {
"namespace": "orch-platform",
"user": "orch-platform-system-vault_user"
}
}
public_cloud = true
release_service_refresh_token = ""
s3_create_tracing = false
s3_prefix = ""
smtp_from = ""
smtp_pass = ""
smtp_port = 587
smtp_url = ""
smtp_user = ""
sre_basic_auth_password = ""
sre_basic_auth_username = "nexsre"
sre_secret_string = ""
tls_cert = ""
tls_key = ""
vpc_terraform_backend_bucket = ""
vpc_terraform_backend_key = ""
vpc_terraform_backend_region = ""
webhook_github_netrc = ""