mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
714a628908
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
49 lines
11 KiB
Markdown
49 lines
11 KiB
Markdown
## Requirements
|
|
|
|
No requirements.
|
|
|
|
## Providers
|
|
|
|
| Name | Version |
|
|
|------|---------|
|
|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.42.0 |
|
|
| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
|
|
|
|
## Modules
|
|
|
|
| Name | Source | Version |
|
|
|------|--------|---------|
|
|
| <a name="module_byo-db"></a> [byo-db](#module\_byo-db) | ./byo-db | n/a |
|
|
| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | 7.6.0 |
|
|
| <a name="module_redis"></a> [redis](#module\_redis) | cloudposse/elasticache-redis/aws | 0.48.0 |
|
|
| <a name="module_secrets-manager-1"></a> [secrets-manager-1](#module\_secrets-manager-1) | lgallard/secrets-manager/aws | 0.6.1 |
|
|
|
|
## Resources
|
|
|
|
| Name | Type |
|
|
|------|------|
|
|
| [aws_db_parameter_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
|
|
| [aws_rds_cluster_parameter_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource |
|
|
| [random_password.rds](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
|
|
| [aws_subnet.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
|
|
|
|
## Inputs
|
|
|
|
| Name | Description | Type | Default | Required |
|
|
|------|-------------|------|---------|:--------:|
|
|
| <a name="input_alb_config"></a> [alb\_config](#input\_alb\_config) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> subnets = list(string)<br> security_groups = optional(list(string), [])<br> access_logs = optional(map(string), {})<br> certificate_arn = string<br> allowed_cidrs = optional(list(string), ["0.0.0.0/0"])<br> })</pre> | n/a | yes |
|
|
| <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | <pre>object({<br> autoscaling_capacity_providers = any<br> cluster_configuration = any<br> cluster_name = string<br> cluster_settings = map(string)<br> create = bool<br> default_capacity_provider_use_fargate = bool<br> fargate_capacity_providers = any<br> tags = map(string)<br> })</pre> | <pre>{<br> "autoscaling_capacity_providers": {},<br> "cluster_configuration": {<br> "execute_command_configuration": {<br> "log_configuration": {<br> "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"<br> },<br> "logging": "OVERRIDE"<br> }<br> },<br> "cluster_name": "fleet",<br> "cluster_settings": {<br> "name": "containerInsights",<br> "value": "enabled"<br> },<br> "create": true,<br> "default_capacity_provider_use_fargate": true,<br> "fargate_capacity_providers": {<br> "FARGATE": {<br> "default_capacity_provider_strategy": {<br> "weight": 100<br> }<br> },<br> "FARGATE_SPOT": {<br> "default_capacity_provider_strategy": {<br> "weight": 0<br> }<br> }<br> },<br> "tags": {}<br>}</pre> | no |
|
|
| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> image = optional(string, "fleetdm/fleet:v4.22.1")<br> family = optional(string, "fleet")<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> })<br> redis = object({<br> address = string<br> use_tls = optional(bool, true)<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = object({<br> arn = string<br> })<br> networking = object({<br> subnets = list(string)<br> security_groups = optional(list(string), null)<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.22.1",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "networking": {<br> "security_groups": null,<br> "subnets": null<br> },<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> }<br>}</pre> | no |
|
|
| <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br> mem = number<br> cpu = number<br> })</pre> | <pre>{<br> "cpu": 1024,<br> "mem": 2048<br>}</pre> | no |
|
|
| <a name="input_rds_config"></a> [rds\_config](#input\_rds\_config) | The config for the terraform-aws-modules/rds-aurora/aws module | <pre>object({<br> name = optional(string, "fleet")<br> engine_version = optional(string, "8.0.mysql_aurora.3.02.2")<br> instance_class = optional(string, "db.t4g.large")<br> subnets = optional(list(string), [])<br> allowed_security_groups = optional(list(string), [])<br> allowed_cidr_blocks = optional(list(string), [])<br> apply_immediately = optional(bool, true)<br> monitoring_interval = optional(number, 10)<br> db_parameter_group_name = optional(string)<br> db_cluster_parameter_group_name = optional(string)<br> enabled_cloudwatch_logs_exports = optional(list(string), [])<br> master_username = optional(string, "fleet")<br> snapshot_identifier = optional(string)<br> })</pre> | <pre>{<br> "allowed_cidr_blocks": [],<br> "allowed_security_groups": [],<br> "apply_immediately": true,<br> "db_cluster_parameter_group_name": null,<br> "db_parameter_group_name": null,<br> "enabled_cloudwatch_logs_exports": [],<br> "engine_version": "8.0.mysql_aurora.3.02.2",<br> "instance_class": "db.t4g.large",<br> "master_username": "fleet",<br> "monitoring_interval": 10,<br> "name": "fleet",<br> "snapshot_identifier": null,<br> "subnets": []<br>}</pre> | no |
|
|
| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> replication_group_id = optional(string)<br> elasticache_subnet_group_name = optional(string)<br> allowed_security_group_ids = optional(list(string), [])<br> subnets = list(string)<br> availability_zones = list(string)<br> cluster_size = optional(number, 3)<br> instance_type = optional(string, "cache.m5.large")<br> apply_immediately = optional(bool, true)<br> automatic_failover_enabled = optional(bool, false)<br> engine_version = optional(string, "6.x")<br> family = optional(string, "redis6.x")<br> at_rest_encryption_enabled = optional(bool, true)<br> transit_encryption_enabled = optional(bool, true)<br> parameter = optional(list(object({<br> name = string<br> value = string<br> })), [])<br> })</pre> | <pre>{<br> "allowed_security_group_ids": [],<br> "apply_immediately": true,<br> "at_rest_encryption_enabled": true,<br> "automatic_failover_enabled": false,<br> "availability_zones": null,<br> "cluster_size": 3,<br> "elasticache_subnet_group_name": null,<br> "engine_version": "6.x",<br> "family": "redis6.x",<br> "instance_type": "cache.m5.large",<br> "name": "fleet",<br> "parameter": [],<br> "replication_group_id": null,<br> "subnets": null,<br> "transit_encryption_enabled": true<br>}</pre> | no |
|
|
| <a name="input_vpc_config"></a> [vpc\_config](#input\_vpc\_config) | n/a | <pre>object({<br> vpc_id = string<br> networking = object({<br> subnets = list(string)<br> })<br> })</pre> | n/a | yes |
|
|
|
|
## Outputs
|
|
|
|
| Name | Description |
|
|
|------|-------------|
|
|
| <a name="output_byo-db"></a> [byo-db](#output\_byo-db) | n/a |
|
|
| <a name="output_rds"></a> [rds](#output\_rds) | n/a |
|
|
| <a name="output_redis"></a> [redis](#output\_redis) | n/a |
|