https://github.com/statcan/terraform-statcan-aaw-platform
Terraform module for the Advanced Analytics Workspaces (AAW) platform
https://github.com/statcan/terraform-statcan-aaw-platform
aaw cns daaas terraform
Last synced: 2 months ago
JSON representation
Terraform module for the Advanced Analytics Workspaces (AAW) platform
- Host: GitHub
- URL: https://github.com/statcan/terraform-statcan-aaw-platform
- Owner: StatCan
- License: other
- Created: 2022-03-24T15:52:12.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-09-11T17:06:24.000Z (9 months ago)
- Last Synced: 2025-02-01T10:44:06.759Z (4 months ago)
- Topics: aaw, cns, daaas, terraform
- Language: HCL
- Homepage:
- Size: 104 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Security: SECURITY.md
Awesome Lists containing this project
README
## terraform-statcan-aaw-platform
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [azurerm](#requirement\_azurerm) | >= 2.0.0, < 3.0.0 |
| [helm](#requirement\_helm) | >= 2.0.0, < 3.0.0 |
| [kubernetes](#requirement\_kubernetes) | >= 2.0.0, < 3.0.0 |
## Providers
| Name | Version |
|------|---------|
| [kubernetes](#provider\_kubernetes) | >= 2.0.0, < 3.0.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [app\_platform](#module\_app\_platform) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-statcan-kubernetes-app-platform.git | v4.3.0 |
| [core\_platform](#module\_core\_platform) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-statcan-kubernetes-core-platform.git | v2.18.0 |
| [namespace\_daaas\_system](#module\_namespace\_daaas\_system) | git::https://github.com/canada-ca-terraform-modules/terraform-kubernetes-namespace.git | v2.2.0 |
| [platform\_infrastructure](#module\_platform\_infrastructure) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-azure-statcan-cloud-native-platform-infrastructure.git | n/a |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [administrative\_groups](#input\_administrative\_groups) | List of administrative groups | `list(string)` | n/a | yes |
| [aks\_system\_subnet\_id](#input\_aks\_system\_subnet\_id) | AKS System subnet ID | `any` | n/a | yes |
| [argo\_workflows\_client\_id](#input\_argo\_workflows\_client\_id) | The Client ID for Argo Workflows | `any` | n/a | yes |
| [argo\_workflows\_client\_secret](#input\_argo\_workflows\_client\_secret) | The Client Secret for Argo Workflows | `any` | n/a | yes |
| [azure\_region](#input\_azure\_region) | Region to deploy Azure resources in | `any` | n/a | yes |
| [azure\_tags](#input\_azure\_tags) | Tags to apply to Azure resources | `map(string)` | n/a | yes |
| [cluster\_node\_resource\_group\_name](#input\_cluster\_node\_resource\_group\_name) | Name of resource group containing the AKS cluster nodes | `any` | n/a | yes |
| [cluster\_resource\_group\_name](#input\_cluster\_resource\_group\_name) | Name of resource group containing the AKS cluster | `any` | n/a | yes |
| [dns\_zone\_id](#input\_dns\_zone\_id) | Azure DNS Zone ID | `any` | n/a | yes |
| [dns\_zone\_name](#input\_dns\_zone\_name) | Name of the dns zone | `any` | n/a | yes |
| [dns\_zone\_resource\_group\_name](#input\_dns\_zone\_resource\_group\_name) | Azure DNS Zone ID | `any` | n/a | yes |
| [dns\_zone\_subscription\_id](#input\_dns\_zone\_subscription\_id) | Azure DNS Zone ID | `any` | n/a | yes |
| [gk\_audit\_limits\_cpu](#input\_gk\_audit\_limits\_cpu) | n/a | `any` | n/a | yes |
| [gk\_audit\_limits\_memory](#input\_gk\_audit\_limits\_memory) | n/a | `any` | n/a | yes |
| [gk\_audit\_requests\_cpu](#input\_gk\_audit\_requests\_cpu) | n/a | `any` | n/a | yes |
| [gk\_audit\_requests\_memory](#input\_gk\_audit\_requests\_memory) | n/a | `any` | n/a | yes |
| [gk\_limits\_cpu](#input\_gk\_limits\_cpu) | n/a | `any` | n/a | yes |
| [gk\_limits\_memory](#input\_gk\_limits\_memory) | n/a | `any` | n/a | yes |
| [gk\_replicas](#input\_gk\_replicas) | n/a | `any` | n/a | yes |
| [gk\_requests\_cpu](#input\_gk\_requests\_cpu) | n/a | `any` | n/a | yes |
| [gk\_requests\_memory](#input\_gk\_requests\_memory) | n/a | `any` | n/a | yes |
| [grafana\_client\_id](#input\_grafana\_client\_id) | n/a | `any` | n/a | yes |
| [grafana\_client\_secret](#input\_grafana\_client\_secret) | n/a | `any` | n/a | yes |
| [kubecost\_client\_id](#input\_kubecost\_client\_id) | n/a | `any` | n/a | yes |
| [kubecost\_client\_secret](#input\_kubecost\_client\_secret) | n/a | `any` | n/a | yes |
| [kubecost\_cluster\_profile](#input\_kubecost\_cluster\_profile) | n/a | `any` | n/a | yes |
| [kubecost\_product\_key](#input\_kubecost\_product\_key) | n/a | `any` | n/a | yes |
| [kubecost\_shared\_namespaces](#input\_kubecost\_shared\_namespaces) | n/a | `any` | n/a | yes |
| [kubecost\_slack\_token](#input\_kubecost\_slack\_token) | n/a | `any` | n/a | yes |
| [kubecost\_storage\_access\_key](#input\_kubecost\_storage\_access\_key) | n/a | `any` | n/a | yes |
| [kubecost\_storage\_account](#input\_kubecost\_storage\_account) | n/a | `any` | n/a | yes |
| [kubecost\_storage\_container](#input\_kubecost\_storage\_container) | n/a | `any` | n/a | yes |
| [kubecost\_token](#input\_kubecost\_token) | n/a | `any` | n/a | yes |
| [kubernetes\_identity\_object\_id](#input\_kubernetes\_identity\_object\_id) | Kubernetes identity object ID | `any` | n/a | yes |
| [logging\_elasticsearch\_url](#input\_logging\_elasticsearch\_url) | URL to elasticsearch for logging | `any` | n/a | yes |
| [prefix](#input\_prefix) | Prefix for Azure resources | `any` | n/a | yes |
| [subscription\_id](#input\_subscription\_id) | Azure Subscription ID | `any` | n/a | yes |
| [tenant\_id](#input\_tenant\_id) | Azure Tenant ID | `any` | n/a | yes |
| [vault\_address](#input\_vault\_address) | n/a | `any` | n/a | yes |
| [additional\_alertmanagers](#input\_additional\_alertmanagers) | List of additional Alertmanager targets for the Platform Prometheus | `list(string)` | `[]` | no |
| [global\_fluentd\_config](#input\_global\_fluentd\_config) | Global Fluentd config, usually used to define the default plugin | `string` | `"\n @type null\n\n"` | no |
| [infrastructure\_pipeline\_subnet\_ids](#input\_infrastructure\_pipeline\_subnet\_ids) | Subnet ID of infrastructure pipeline | `list(string)` | `[]` | no |
| [kiali\_grafana\_token](#input\_kiali\_grafana\_token) | The token used to authentiate Kiali to Grafana. | `string` | `""` | no |
| [kiali\_resources](#input\_kiali\_resources) | The limits and requests to set on the Kiali pod. |
object({
limits = optional(object({
cpu = optional(string, "50m"),
memory = optional(string, "256Mi"),
}), {
cpu = "50m",
memory = "256Mi",
}),
requests = optional(object({
cpu = optional(string, "10m"),
memory = optional(string, "128Mi"),
}), {
cpu = "10m",
memory = "128Mi",
}),
}) | `{}` | no |
| [kubecost\_additional\_alert\_config](#input\_kubecost\_additional\_alert\_config) | Additional alerts for kubecost to pick up. Default should never trigger | `string` | `"- type: budget\n threshold: 100000000000000\n window: 1d\n aggregation: namespace\n filter: default\n"` | no |
| [kubecost\_alert\_slack\_webhook\_url](#input\_kubecost\_alert\_slack\_webhook\_url) | Kubecost global url for reporting alerts | `string` | `"https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"` | no |
| [kubecost\_prometheus\_node\_selector](#input\_kubecost\_prometheus\_node\_selector) | The nodeSelector to apply to the Prometheus instance backing Kubecost. | `map(string)` | `{}` | no |
| [load\_balancer\_subnet](#input\_load\_balancer\_subnet) | Load balancer subnet | `any` | `null` | no |
| [logging\_elasticsearch\_password](#input\_logging\_elasticsearch\_password) | Elasticsearch password for logging | `string` | `""` | no |
| [logging\_elasticsearch\_username](#input\_logging\_elasticsearch\_username) | Elasticsearch username for logging | `string` | `""` | no |
| [meshconfig\_enable\_tracing](#input\_meshconfig\_enable\_tracing) | Flag to control generation of trace spans and request IDs. | `bool` | `false` | no |
| [meshconfig\_zipkin\_address](#input\_meshconfig\_zipkin\_address) | The URL to send zipkin compatible traces to | `string` | `"zipkin.istio-system:9411"` | no |
| [prometheus\_additional\_scrape\_config](#input\_prometheus\_additional\_scrape\_config) | Default additional scrape configuration for prometheus | `string` | `"- job_name: kubecost\n honor_labels: true\n scrape_interval: 1m\n scrape_timeout: 10s\n metrics_path: /metrics\n scheme: http\n dns_sd_configs:\n - names:\n - kubecost-cost-analyzer.kubecost-system\n type: 'A'\n port: 9003\n metric_relabel_configs:\n - source_labels: [persistentvolumeclaim]\n separator: ;\n regex: (aaw-unclassified|aaw-protected-b|aaw-unclassified-ro|fdi.*unclassified|fdi.*protected-b)\n replacement: $1\n action: drop\n - source_labels: [persistentvolume]\n separator: ;\n regex: (.*aaw-unclassified|.*aaw-protected-b|.*aaw-unclassified-ro|.*fdi-protected-b.*|.*fdi-unclassified.*)\n replacement: $1\n action: drop\n"` | no |
| [prometheus\_disk\_size](#input\_prometheus\_disk\_size) | n/a | `string` | `"80Gi"` | no |
| [prometheus\_resources](#input\_prometheus\_resources) | The limits and requests to set on the Prometheus pod. | object({
limits = optional(map(string), {}),
requests = optional(map(string), {}),
}) | {
"limits": {},
"requests": {}
} | no |