empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8dbe690026
fleet/terraform/byo-vpc/README.md
Benjamin Edwards 7e85292d67
introduce variables to restrict ipv6 access by cidr block for alb config (#14836) 
# Checklist for submitter
- [X] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [X] Manual QA for all new/changed functionality
2023-10-31 15:21:22 -04:00

50 lines
14 KiB
Markdown
Raw Blame History

## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.23.1 |
| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_byo-db"></a> [byo-db](#module\_byo-db) | ./byo-db | n/a |
| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | 7.6.0 |
| <a name="module_redis"></a> [redis](#module\_redis) | cloudposse/elasticache-redis/aws | 0.48.0 |
| <a name="module_secrets-manager-1"></a> [secrets-manager-1](#module\_secrets-manager-1) | lgallard/secrets-manager/aws | 0.6.1 |
## Resources
| Name | Type |
|------|------|
| [aws_db_parameter_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
| [aws_rds_cluster_parameter_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource |
| [random_password.rds](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [aws_subnet.redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_alb_config"></a> [alb\_config](#input\_alb\_config) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> subnets = list(string)<br> security_groups = optional(list(string), [])<br> access_logs = optional(map(string), {})<br> certificate_arn = string<br> allowed_cidrs = optional(list(string), ["0.0.0.0/0"])<br> allowed_ipv6_cidrs = optional(list(string), ["::/0"])<br> egress_cidrs = optional(list(string), ["0.0.0.0/0"])<br> egress_ipv6_cidrs = optional(list(string), ["::/0"])<br> extra_target_groups = optional(any, [])<br> https_listener_rules = optional(any, [])<br> tls_policy = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")<br> })</pre> | n/a | yes |
| <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | <pre>object({<br> autoscaling_capacity_providers = optional(any, {})<br> cluster_configuration = optional(any, {<br> execute_command_configuration = {<br> logging = "OVERRIDE"<br> log_configuration = {<br> cloud_watch_log_group_name = "/aws/ecs/aws-ec2"<br> }<br> }<br> })<br> cluster_name = optional(string, "fleet")<br> cluster_settings = optional(map(string), {<br> "name" : "containerInsights",<br> "value" : "enabled",<br> })<br> create = optional(bool, true)<br> default_capacity_provider_use_fargate = optional(bool, true)<br> fargate_capacity_providers = optional(any, {<br> FARGATE = {<br> default_capacity_provider_strategy = {<br> weight = 100<br> }<br> }<br> FARGATE_SPOT = {<br> default_capacity_provider_strategy = {<br> weight = 0<br> }<br> }<br> })<br> tags = optional(map(string))<br> })</pre> | <pre>{<br> "autoscaling_capacity_providers": {},<br> "cluster_configuration": {<br> "execute_command_configuration": {<br> "log_configuration": {<br> "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"<br> },<br> "logging": "OVERRIDE"<br> }<br> },<br> "cluster_name": "fleet",<br> "cluster_settings": {<br> "name": "containerInsights",<br> "value": "enabled"<br> },<br> "create": true,<br> "default_capacity_provider_use_fargate": true,<br> "fargate_capacity_providers": {<br> "FARGATE": {<br> "default_capacity_provider_strategy": {<br> "weight": 100<br> }<br> },<br> "FARGATE_SPOT": {<br> "default_capacity_provider_strategy": {<br> "weight": 0<br> }<br> }<br> },<br> "tags": {}<br>}</pre> | no |
| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> image = optional(string, "fleetdm/fleet:v4.39.0")<br> family = optional(string, "fleet")<br> sidecars = optional(list(any), [])<br> depends_on = optional(list(any), [])<br> mount_points = optional(list(any), [])<br> volumes = optional(list(any), [])<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = optional(object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> }), {<br> password_secret_arn = null<br> user = null<br> database = null<br> address = null<br> rr_address = null<br> })<br> redis = optional(object({<br> address = string<br> use_tls = optional(bool, true)<br> }), {<br> address = null<br> use_tls = true<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = optional(object({<br> arn = string<br> }), {<br> arn = null<br> })<br> extra_load_balancers = optional(list(any), [])<br> networking = optional(object({<br> subnets = list(string)<br> security_groups = optional(list(string), null)<br> }), {<br> subnets = null<br> security_groups = null<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "depends_on": [],<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_load_balancers": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.31.1",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "mount_points": [],<br> "networking": {<br> "security_groups": null,<br> "subnets": null<br> },<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> },<br> "sidecars": [],<br> "volumes": []<br>}</pre> | no |
| <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br> mem = number<br> cpu = number<br> })</pre> | <pre>{<br> "cpu": 1024,<br> "mem": 2048<br>}</pre> | no |
| <a name="input_rds_config"></a> [rds\_config](#input\_rds\_config) | The config for the terraform-aws-modules/rds-aurora/aws module | <pre>object({<br> name = optional(string, "fleet")<br> engine_version = optional(string, "8.0.mysql_aurora.3.02.2")<br> instance_class = optional(string, "db.t4g.large")<br> subnets = optional(list(string), [])<br> allowed_security_groups = optional(list(string), [])<br> allowed_cidr_blocks = optional(list(string), [])<br> apply_immediately = optional(bool, true)<br> monitoring_interval = optional(number, 10)<br> db_parameter_group_name = optional(string)<br> db_parameters = optional(map(string), {})<br> db_cluster_parameter_group_name = optional(string)<br> db_cluster_parameters = optional(map(string), {})<br> enabled_cloudwatch_logs_exports = optional(list(string), [])<br> master_username = optional(string, "fleet")<br> snapshot_identifier = optional(string)<br> cluster_tags = optional(map(string), {})<br> })</pre> | <pre>{<br> "allowed_cidr_blocks": [],<br> "allowed_security_groups": [],<br> "apply_immediately": true,<br> "cluster_tags": {},<br> "db_cluster_parameter_group_name": null,<br> "db_cluster_parameters": {},<br> "db_parameter_group_name": null,<br> "db_parameters": {},<br> "enabled_cloudwatch_logs_exports": [],<br> "engine_version": "8.0.mysql_aurora.3.02.2",<br> "instance_class": "db.t4g.large",<br> "master_username": "fleet",<br> "monitoring_interval": 10,<br> "name": "fleet",<br> "snapshot_identifier": null,<br> "subnets": []<br>}</pre> | no |
| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | n/a | <pre>object({<br> name = optional(string, "fleet")<br> replication_group_id = optional(string)<br> elasticache_subnet_group_name = optional(string, "")<br> allowed_security_group_ids = optional(list(string), [])<br> subnets = list(string)<br> allowed_cidrs = list(string)<br> availability_zones = optional(list(string), [])<br> cluster_size = optional(number, 3)<br> instance_type = optional(string, "cache.m5.large")<br> apply_immediately = optional(bool, true)<br> automatic_failover_enabled = optional(bool, false)<br> engine_version = optional(string, "6.x")<br> family = optional(string, "redis6.x")<br> at_rest_encryption_enabled = optional(bool, true)<br> transit_encryption_enabled = optional(bool, true)<br> parameter = optional(list(object({<br> name = string<br> value = string<br> })), [])<br> log_delivery_configuration = optional(list(map(any)), [])<br> tags = optional(map(string), {})<br> })</pre> | <pre>{<br> "allowed_cidrs": null,<br> "allowed_security_group_ids": [],<br> "apply_immediately": true,<br> "at_rest_encryption_enabled": true,<br> "automatic_failover_enabled": false,<br> "availability_zones": [],<br> "cluster_size": 3,<br> "elasticache_subnet_group_name": "",<br> "engine_version": "6.x",<br> "family": "redis6.x",<br> "instance_type": "cache.m5.large",<br> "log_delivery_configuration": [],<br> "name": "fleet",<br> "parameter": [],<br> "replication_group_id": null,<br> "subnets": null,<br> "tags": {},<br> "transit_encryption_enabled": true<br>}</pre> | no |
| <a name="input_vpc_config"></a> [vpc\_config](#input\_vpc\_config) | n/a | <pre>object({<br> vpc_id = string<br> networking = object({<br> subnets = list(string)<br> })<br> })</pre> | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_byo-db"></a> [byo-db](#output\_byo-db) | n/a |
| <a name="output_rds"></a> [rds](#output\_rds) | n/a |
| <a name="output_redis"></a> [redis](#output\_redis) | n/a |
| <a name="output_secrets"></a> [secrets](#output\_secrets) | n/a |
Reference in New Issue View Git Blame Copy Permalink