mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00

History

Benjamin Edwards 9c594fba21 feat(terraform): add zone_id variable to ses module (#11196 ) The zone_id variable is added to the ses module to allow the module to be used with different Route53 zones. The variable is used in the aws_route53_record resource to set the zone_id attribute. The aws_route53_zone data source is removed from the module and the zone_id attribute is set directly. The count attribute is added to the aws_route53_record resource to allow for multiple DKIM records to be created.		2023-04-17 17:04:51 -04:00
..
addons	feat(terraform): add zone_id variable to ses module (#11196 )	2023-04-17 17:04:51 -04:00
byo-vpc	Use proper name for ALB policy (#10889 )	2023-03-30 11:15:30 -07:00
example	create vuln processing addon (#10526 )	2023-03-29 08:57:10 -04:00
.gitignore	Add ability to use sidecars (#10287 )	2023-03-03 13:50:48 -05:00
.header.md	Add migration code for Dogfood to module. (#9648 )	2023-02-03 13:05:57 -05:00
.terraform-docs.yml	Customer terraform (#9136 )	2022-12-29 16:28:50 -05:00
main.tf	Add terraform version constraints (#11146 )	2023-04-11 12:39:56 -04:00
outputs.tf	create vuln processing addon (#10526 )	2023-03-29 08:57:10 -04:00
README.md	Add terraform version constraints (#11146 )	2023-04-11 12:39:56 -04:00
variables.tf	create vuln processing addon (#10526 )	2023-03-29 08:57:10 -04:00

README.md

This module provides a basic Fleet setup. This assumes that you bring nothing to the installation. If you want to bring your own VPC/database/cache nodes/ECS cluster, then use one of the submodules provided.

The following is the module layout so you can navigate to the module that you want:

Root module (use this to get a Fleet instance ASAP with minimal setup)
- BYO-VPC (use this if you want to install Fleet inside an existing VPC)
  - BYO-database (use this if you want to use an existing database and cache node)
    - BYO-ECS (use this if you want to bring your own everything but Fleet ECS services)

Migrating from existing Dogfood code

The below code describes how to migrate from existing Dogfood code

moved {
  from = module.vpc
  to   = module.main.module.vpc
}

moved {
  from = module.aurora_mysql
  to = module.main.module.byo-vpc.module.rds
}

moved {
  from = aws_elasticache_replication_group.default
  to = module.main.module.byo-vpc.module.redis.aws_elasticache_replication_group.default
}

This focuses on the resources that are "heavy" or store data. Note that the ALB cannot be moved like this because Dogfood uses the aws_alb resource and the module uses the aws_lb resource. The resources are aliases of eachother, but Terraform can't recognize that.

How to improve this module

If this module somehow doesn't fit your needs, feel free to contact us by opening a ticket, or contacting your contact at Fleet. Our goal is to make this module fit all needs within AWS, so we will try to find a solution so that this module fits your needs.

If you want to make the changes yourself, simply make a PR into main with your additions. We would ask that you make sure that variables are defined as null if there is no default that makes sense and that variable changes are reflected all the way up the stack.

How to update this readme

Edit .header.md and run terraform-docs markdown . > README.md

Requirements

Name	Version
terraform	>= 1.3.8

Providers

No providers.

Modules

Name	Source	Version
byo-vpc	./byo-vpc	n/a
vpc	terraform-aws-modules/vpc/aws	3.18.1

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
alb_config	n/a	object({ name = optional(string, "fleet") security_groups = optional(list(string), []) access_logs = optional(map(string), {}) allowed_cidrs = optional(list(string), ["0.0.0.0/0"]) })	`{}`	no
certificate_arn	n/a	`string`	n/a	yes
ecs_cluster	The config for the terraform-aws-modules/ecs/aws module	object({ autoscaling_capacity_providers = optional(any, {}) cluster_configuration = optional(any, { execute_command_configuration = { logging = "OVERRIDE" log_configuration = { cloud_watch_log_group_name = "/aws/ecs/aws-ec2" } } }) cluster_name = optional(string, "fleet") cluster_settings = optional(map(string), { "name" : "containerInsights", "value" : "enabled", }) create = optional(bool, true) default_capacity_provider_use_fargate = optional(bool, true) fargate_capacity_providers = optional(any, { FARGATE = { default_capacity_provider_strategy = { weight = 100 } } FARGATE_SPOT = { default_capacity_provider_strategy = { weight = 0 } } }) tags = optional(map(string)) })	{ "autoscaling_capacity_providers": {}, "cluster_configuration": { "execute_command_configuration": { "log_configuration": { "cloud_watch_log_group_name": "/aws/ecs/aws-ec2" }, "logging": "OVERRIDE" } }, "cluster_name": "fleet", "cluster_settings": { "name": "containerInsights", "value": "enabled" }, "create": true, "default_capacity_provider_use_fargate": true, "fargate_capacity_providers": { "FARGATE": { "default_capacity_provider_strategy": { "weight": 100 } }, "FARGATE_SPOT": { "default_capacity_provider_strategy": { "weight": 0 } } }, "tags": {} }	no
fleet_config	The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified.	object({ mem = optional(number, 4096) cpu = optional(number, 512) image = optional(string, "fleetdm/fleet:v4.22.1") family = optional(string, "fleet") sidecars = optional(list(any), []) extra_environment_variables = optional(map(string), {}) extra_iam_policies = optional(list(string), []) extra_execution_iam_policies = optional(list(string), []) extra_secrets = optional(map(string), {}) security_groups = optional(list(string), null) security_group_name = optional(string, "fleet") iam_role_arn = optional(string, null) service = optional(object({ name = optional(string, "fleet") }), { name = "fleet" }) database = optional(object({ password_secret_arn = string user = string database = string address = string rr_address = optional(string, null) }), { password_secret_arn = null user = null database = null address = null rr_address = null }) redis = optional(object({ address = string use_tls = optional(bool, true) }), { address = null use_tls = true }) awslogs = optional(object({ name = optional(string, null) region = optional(string, null) create = optional(bool, true) prefix = optional(string, "fleet") retention = optional(number, 5) }), { name = null region = null prefix = "fleet" retention = 5 }) loadbalancer = optional(object({ arn = string }), { arn = null }) networking = optional(object({ subnets = list(string) security_groups = optional(list(string), null) }), { subnets = null security_groups = null }) autoscaling = optional(object({ max_capacity = optional(number, 5) min_capacity = optional(number, 1) memory_tracking_target_value = optional(number, 80) cpu_tracking_target_value = optional(number, 80) }), { max_capacity = 5 min_capacity = 1 memory_tracking_target_value = 80 cpu_tracking_target_value = 80 }) iam = optional(object({ role = optional(object({ name = optional(string, "fleet-role") policy_name = optional(string, "fleet-iam-policy") }), { name = "fleet-role" policy_name = "fleet-iam-policy" }) execution = optional(object({ name = optional(string, "fleet-execution-role") policy_name = optional(string, "fleet-execution-role") }), { name = "fleet-execution-role" policy_name = "fleet-iam-policy-execution" }) }), { name = "fleetdm-execution-role" }) })	{ "autoscaling": { "cpu_tracking_target_value": 80, "max_capacity": 5, "memory_tracking_target_value": 80, "min_capacity": 1 }, "awslogs": { "create": true, "name": null, "prefix": "fleet", "region": null, "retention": 5 }, "cpu": 256, "database": { "address": null, "database": null, "password_secret_arn": null, "rr_address": null, "user": null }, "extra_environment_variables": {}, "extra_execution_iam_policies": [], "extra_iam_policies": [], "extra_secrets": {}, "family": "fleet", "iam": { "execution": { "name": "fleet-execution-role", "policy_name": "fleet-iam-policy-execution" }, "role": { "name": "fleet-role", "policy_name": "fleet-iam-policy" } }, "iam_role_arn": null, "image": "fleetdm/fleet:v4.22.1", "loadbalancer": { "arn": null }, "mem": 512, "networking": { "security_groups": null, "subnets": null }, "redis": { "address": null, "use_tls": true }, "security_group_name": "fleet", "security_groups": null, "service": { "name": "fleet" }, "sidecars": [] }	no
migration_config	The configuration object for Fleet's migration task.	object({ mem = number cpu = number })	{ "cpu": 1024, "mem": 2048 }	no
rds_config	The config for the terraform-aws-modules/rds-aurora/aws module	object({ name = optional(string, "fleet") engine_version = optional(string, "8.0.mysql_aurora.3.02.2") instance_class = optional(string, "db.t4g.large") subnets = optional(list(string), []) allowed_security_groups = optional(list(string), []) allowed_cidr_blocks = optional(list(string), []) apply_immediately = optional(bool, true) monitoring_interval = optional(number, 10) db_parameter_group_name = optional(string) db_parameters = optional(map(string), {}) db_cluster_parameter_group_name = optional(string) db_cluster_parameters = optional(map(string), {}) enabled_cloudwatch_logs_exports = optional(list(string), []) master_username = optional(string, "fleet") snapshot_identifier = optional(string) cluster_tags = optional(map(string), {}) })	{ "allowed_cidr_blocks": [], "allowed_security_groups": [], "apply_immediately": true, "cluster_tags": {}, "db_cluster_parameter_group_name": null, "db_cluster_parameters": {}, "db_parameter_group_name": null, "db_parameters": {}, "enabled_cloudwatch_logs_exports": [], "engine_version": "8.0.mysql_aurora.3.02.2", "instance_class": "db.t4g.large", "master_username": "fleet", "monitoring_interval": 10, "name": "fleet", "snapshot_identifier": null, "subnets": [] }	no
redis_config	n/a	object({ name = optional(string, "fleet") replication_group_id = optional(string) elasticache_subnet_group_name = optional(string) allowed_security_group_ids = optional(list(string), []) subnets = optional(list(string)) availability_zones = optional(list(string)) cluster_size = optional(number, 3) instance_type = optional(string, "cache.m5.large") apply_immediately = optional(bool, true) automatic_failover_enabled = optional(bool, false) engine_version = optional(string, "6.x") family = optional(string, "redis6.x") at_rest_encryption_enabled = optional(bool, true) transit_encryption_enabled = optional(bool, true) parameter = optional(list(object({ name = string value = string })), []) tags = optional(map(string), {}) })	{ "allowed_security_group_ids": [], "apply_immediately": true, "at_rest_encryption_enabled": true, "automatic_failover_enabled": false, "availability_zones": null, "cluster_size": 3, "elasticache_subnet_group_name": null, "engine_version": "6.x", "family": "redis6.x", "instance_type": "cache.m5.large", "name": "fleet", "parameter": [], "replication_group_id": null, "subnets": null, "tags": {}, "transit_encryption_enabled": true }	no
vpc	n/a	object({ name = optional(string, "fleet") cidr = optional(string, "10.10.0.0/16") azs = optional(list(string), ["us-east-2a", "us-east-2b", "us-east-2c"]) private_subnets = optional(list(string), ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]) public_subnets = optional(list(string), ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"]) database_subnets = optional(list(string), ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]) elasticache_subnets = optional(list(string), ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"]) create_database_subnet_group = optional(bool, false) create_database_subnet_route_table = optional(bool, true) create_elasticache_subnet_group = optional(bool, true) create_elasticache_subnet_route_table = optional(bool, true) enable_vpn_gateway = optional(bool, false) one_nat_gateway_per_az = optional(bool, false) single_nat_gateway = optional(bool, true) enable_nat_gateway = optional(bool, true) enable_dns_hostnames = optional(bool, false) enable_dns_support = optional(bool, true) enable_flow_log = optional(bool, false) create_flow_log_cloudwatch_log_group = optional(bool, false) create_flow_log_cloudwatch_iam_role = optional(bool, false) flow_log_max_aggregation_interval = optional(number, 600) flow_log_cloudwatch_log_group_name_prefix = optional(string, "/aws/vpc-flow-log/") flow_log_cloudwatch_log_group_name_suffix = optional(string, "") vpc_flow_log_tags = optional(map(string), {}) })	{ "azs": [ "us-east-2a", "us-east-2b", "us-east-2c" ], "cidr": "10.10.0.0/16", "create_database_subnet_group": false, "create_database_subnet_route_table": true, "create_elasticache_subnet_group": true, "create_elasticache_subnet_route_table": true, "create_flow_log_cloudwatch_iam_role": false, "create_flow_log_cloudwatch_log_group": false, "database_subnets": [ "10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24" ], "elasticache_subnets": [ "10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24" ], "enable_dns_hostnames": false, "enable_dns_support": true, "enable_flow_log": false, "enable_nat_gateway": true, "enable_vpn_gateway": false, "flow_log_cloudwatch_log_group_name_prefix": "/aws/vpc-flow-log/", "flow_log_cloudwatch_log_group_name_suffix": "", "flow_log_max_aggregation_interval": 600, "name": "fleet", "one_nat_gateway_per_az": false, "private_subnets": [ "10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24" ], "public_subnets": [ "10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24" ], "single_nat_gateway": true, "vpc_flow_log_tags": {} }	no

Outputs

Name	Description
byo-vpc	n/a
vpc	n/a