https://github.com/statcan/terraform-statcan-kubernetes-core-platform

Terraform module for Statistics Canada Core Kubernetes Platform
https://github.com/statcan/terraform-statcan-kubernetes-core-platform
Last synced: 5 months ago
JSON representation
Terraform module for Statistics Canada Core Kubernetes Platform
Host: GitHub
URL: https://github.com/statcan/terraform-statcan-kubernetes-core-platform
Owner: StatCan
License: other
Created: 2022-03-24T16:12:55.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-09-11T14:05:15.000Z (over 1 year ago)
Last Synced: 2025-02-01T10:44:05.423Z (over 1 year ago)
Language: HCL
Size: 157 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Security: SECURITY.md
Awesome Lists containing this project

README

          ## terraform-statcan-kubernetes-core-platform

## Requirements

| Name | Version |

|------|---------|

|  [helm](#requirement\_helm) | >= 2.0.0 |

|  [kubernetes](#requirement\_kubernetes) | >= 2.0.0 |

## Providers

| Name | Version |

|------|---------|

|  [helm](#provider\_helm) | >= 2.0.0 |

|  [kubernetes](#provider\_kubernetes) | >= 2.0.0 |

|  [random](#provider\_random) | n/a |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [aad\_pod\_identity](#module\_aad\_pod\_identity) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-aad-pod-identity.git | v3.0.0 |

|  [cert\_manager](#module\_cert\_manager) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-cert-manager.git | v5.5.0 |

|  [cert\_manager\_identity](#module\_cert\_manager\_identity) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-aad-pod-identity-template.git | v2.x |

|  [cert\_manager\_letsencrypt](#module\_cert\_manager\_letsencrypt) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-cert-manager-issuer.git | v1.3.0 |

|  [cert\_manager\_letsencrypt\_staging](#module\_cert\_manager\_letsencrypt\_staging) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-cert-manager-issuer.git | v1.3.0 |

|  [fluentd](#module\_fluentd) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-fluentd.git | v3.0.1 |

|  [gatekeeper](#module\_gatekeeper) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-open-policy-agent.git | v4.3.0 |

|  [kubecost](#module\_kubecost) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-kubecost.git | v3.2.0 |

|  [namespace\_aad\_pod\_identity\_system](#module\_namespace\_aad\_pod\_identity\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_cert\_manager\_system](#module\_namespace\_cert\_manager\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_event\_logging\_system](#module\_namespace\_event\_logging\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.10.1 |

|  [namespace\_fluentd\_system](#module\_namespace\_fluentd\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_gatekeeper\_system](#module\_namespace\_gatekeeper\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_kubecost\_system](#module\_namespace\_kubecost\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_prometheus\_system](#module\_namespace\_prometheus\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_statcan\_system](#module\_namespace\_statcan\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_vault\_agent\_system](#module\_namespace\_vault\_agent\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [namespace\_velero\_system](#module\_namespace\_velero\_system) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-namespace.git | v2.2.0 |

|  [prometheus](#module\_prometheus) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-kube-prometheus-stack | v3.8.3 |

|  [vault\_agent](#module\_vault\_agent) | git::http://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-vault-agent.git | v1.0.1 |

|  [velero](#module\_velero) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-velero.git | v5.2.1 |

|  [velero\_identity](#module\_velero\_identity) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-aad-pod-identity-template.git | v2.x |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [administrative\_groups](#input\_administrative\_groups) | List of groups who have administrative access to system namespaces. | `list(string)` | n/a | yes |

|  [backup\_resource\_group\_name](#input\_backup\_resource\_group\_name) | n/a | `any` | n/a | yes |

|  [cert\_manager\_hosted\_zone\_name](#input\_cert\_manager\_hosted\_zone\_name) | n/a | `any` | n/a | yes |

|  [cert\_manager\_identity\_client\_id](#input\_cert\_manager\_identity\_client\_id) | Client ID associated with the Azure Managed Identity for cert-manager | `any` | n/a | yes |

|  [cert\_manager\_identity\_id](#input\_cert\_manager\_identity\_id) | ID of the Azure Managed Identity for cert-manager | `any` | n/a | yes |

|  [cert\_manager\_resource\_group\_name](#input\_cert\_manager\_resource\_group\_name) | n/a | `any` | n/a | yes |

|  [cert\_manager\_subscription\_id](#input\_cert\_manager\_subscription\_id) | n/a | `any` | n/a | yes |

|  [cluster\_name](#input\_cluster\_name) | Name of the cluster | `any` | n/a | yes |

|  [cluster\_node\_resource\_group\_name](#input\_cluster\_node\_resource\_group\_name) | n/a | `any` | n/a | yes |

|  [cluster\_resource\_group\_name](#input\_cluster\_resource\_group\_name) | n/a | `any` | n/a | yes |

|  [grafana\_client\_id](#input\_grafana\_client\_id) | n/a | `any` | n/a | yes |

|  [grafana\_client\_secret](#input\_grafana\_client\_secret) | n/a | `any` | n/a | yes |

|  [ingress\_domain](#input\_ingress\_domain) | n/a | `any` | n/a | yes |

|  [kubecost\_client\_id](#input\_kubecost\_client\_id) | n/a | `any` | n/a | yes |

|  [kubecost\_client\_secret](#input\_kubecost\_client\_secret) | n/a | `any` | n/a | yes |

|  [kubecost\_cluster\_profile](#input\_kubecost\_cluster\_profile) | n/a | `any` | n/a | yes |

|  [kubecost\_product\_key](#input\_kubecost\_product\_key) | n/a | `any` | n/a | yes |

|  [kubecost\_shared\_namespaces](#input\_kubecost\_shared\_namespaces) | n/a | `any` | n/a | yes |

|  [kubecost\_slack\_token](#input\_kubecost\_slack\_token) | n/a | `any` | n/a | yes |

|  [kubecost\_storage\_access\_key](#input\_kubecost\_storage\_access\_key) | n/a | `any` | n/a | yes |

|  [kubecost\_storage\_account](#input\_kubecost\_storage\_account) | n/a | `any` | n/a | yes |

|  [kubecost\_storage\_container](#input\_kubecost\_storage\_container) | n/a | `any` | n/a | yes |

|  [kubecost\_token](#input\_kubecost\_token) | n/a | `any` | n/a | yes |

|  [logging\_elasticsearch\_url](#input\_logging\_elasticsearch\_url) | URL to elasticsearch for logging | `any` | n/a | yes |

|  [subscription\_id](#input\_subscription\_id) | n/a | `any` | n/a | yes |

|  [tenant\_id](#input\_tenant\_id) | n/a | `any` | n/a | yes |

|  [vault\_address](#input\_vault\_address) | n/a | `any` | n/a | yes |

|  [velero\_identity\_client\_id](#input\_velero\_identity\_client\_id) | n/a | `any` | n/a | yes |

|  [velero\_identity\_id](#input\_velero\_identity\_id) | n/a | `any` | n/a | yes |

|  [velero\_storage\_account](#input\_velero\_storage\_account) | n/a | `any` | n/a | yes |

|  [velero\_storage\_bucket](#input\_velero\_storage\_bucket) | n/a | `any` | n/a | yes |

|  [additional\_alertmanagers](#input\_additional\_alertmanagers) | List of additional Alertmanager target URLs for the Platform Prometheus | `list(string)` | `[]` | no |

|  [ci\_service\_account\_name](#input\_ci\_service\_account\_name) | Name of the CI service account. | `string` | `"ci"` | no |

|  [gk\_audit\_limits\_cpu](#input\_gk\_audit\_limits\_cpu) | max cpu allocated for gatekeeper audit pods | `string` | `"1000m"` | no |

|  [gk\_audit\_limits\_memory](#input\_gk\_audit\_limits\_memory) | max mem allocated for gatekeeper audit pods | `string` | `"1528Mi"` | no |

|  [gk\_audit\_requests\_cpu](#input\_gk\_audit\_requests\_cpu) | min cpu allocated for gatekeeper controller pods | `string` | `"100m"` | no |

|  [gk\_audit\_requests\_memory](#input\_gk\_audit\_requests\_memory) | min cpu allocated for gatekeeper audit pods | `string` | `"1024Mi"` | no |

|  [gk\_limits\_cpu](#input\_gk\_limits\_cpu) | max cpu allocated for gatekeeper controller pods | `string` | `"1000m"` | no |

|  [gk\_limits\_memory](#input\_gk\_limits\_memory) | max cpu allocated for gatekeeper controller pods | `string` | `"1528Mi"` | no |

|  [gk\_replicas](#input\_gk\_replicas) | The number of replicas of gatekeeper controller pods | `string` | `"3"` | no |

|  [gk\_requests\_cpu](#input\_gk\_requests\_cpu) | min cpu allocated for gatekeeper controller pods | `string` | `"100m"` | no |

|  [gk\_requests\_memory](#input\_gk\_requests\_memory) | min cpu allocated for gatekeeper audit pods | `string` | `"1024Mi"` | no |

|  [global\_fluentd\_config](#input\_global\_fluentd\_config) | Global Fluentd config, usually used to define the default plugin | `string` | `"\n  @type null\n\n"` | no |

|  [ingress\_class\_name](#input\_ingress\_class\_name) | The name of the IngressClass cluster resource | `string` | `"ingress-istio-controller"` | no |

|  [kubecost\_additional\_alert\_config](#input\_kubecost\_additional\_alert\_config) | Additional alerts for kubecost to pick up. Default should never trigger | `string` | `"- type: budget\n  threshold: 100000000000000\n  window: 1d\n  aggregation: namespace\n  filter: default\n"` | no |

|  [kubecost\_alert\_slack\_webhook\_url](#input\_kubecost\_alert\_slack\_webhook\_url) | Kubecost global url for reporting alerts | `string` | `"https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"` | no |

|  [kubecost\_prometheus\_node\_selector](#input\_kubecost\_prometheus\_node\_selector) | The nodeSelector to apply to the Prometheus instance backing Kubecost. | `map(string)` | `{}` | no |

|  [logging\_elasticsearch\_password](#input\_logging\_elasticsearch\_password) | Elasticsearch password for logging | `string` | `""` | no |

|  [logging\_elasticsearch\_username](#input\_logging\_elasticsearch\_username) | Elasticsearch username for logging | `string` | `""` | no |

|  [platform\_helm\_repositories](#input\_platform\_helm\_repositories) | n/a | `map(string)` | `{}` | no |

|  [platform\_helm\_repository\_password](#input\_platform\_helm\_repository\_password) | The password of the repository where the Helm chart is stored | `string` | `""` | no |

|  [platform\_helm\_repository\_username](#input\_platform\_helm\_repository\_username) | The username of the repository where the Helm chart is stored | `string` | `""` | no |

|  [platform\_image\_bases](#input\_platform\_image\_bases) | Overwrite base image location (MUST contain a trailing slash) | `map(string)` | `{}` | no |

|  [platform\_image\_repository](#input\_platform\_image\_repository) | n/a | `string` | `"docker.io"` | no |

|  [platform\_image\_repository\_auth](#input\_platform\_image\_repository\_auth) | n/a | `string` | `""` | no |

|  [platform\_image\_repository\_credentials\_enable](#input\_platform\_image\_repository\_credentials\_enable) | n/a | `bool` | `false` | no |

|  [platform\_image\_repository\_email](#input\_platform\_image\_repository\_email) | The email for the repository where the image is stored | `string` | `""` | no |

|  [platform\_image\_repository\_password](#input\_platform\_image\_repository\_password) | The password for the repository where the image is stored | `string` | `""` | no |

|  [platform\_image\_repository\_username](#input\_platform\_image\_repository\_username) | The username for the repository where the image is stored | `string` | `""` | no |

|  [prometheus\_additional\_scrape\_config](#input\_prometheus\_additional\_scrape\_config) | Default additional scrape configuration for prometheus | `string` | `"- job_name: kubecost\n  honor_labels: true\n  scrape_interval: 1m\n  scrape_timeout: 10s\n  metrics_path: /metrics\n  scheme: http\n  dns_sd_configs:\n  - names:\n    - kubecost-cost-analyzer.kubecost-system\n    type: 'A'\n    port: 9003\n"` | no |

|  [prometheus\_disk\_size](#input\_prometheus\_disk\_size) | n/a | `string` | `"80Gi"` | no |

|  [prometheus\_resources](#input\_prometheus\_resources) | The limits and requests to set on the Prometheus pod. | 
object({
    limits   = map(string),
    requests = map(string),
  })
 | {
  "limits": {},
  "requests": {}
}
 | no |

## Outputs

| Name | Description |

|------|-------------|

|  [grafana\_url](#output\_grafana\_url) | The URL for Grafana. |

|  [kube\_prometheus\_stack\_namespace\_name](#output\_kube\_prometheus\_stack\_namespace\_name) | The name of the namespace where the kube-prometheus-stack is deployed. |

|  [kube\_prometheus\_stack\_release\_name](#output\_kube\_prometheus\_stack\_release\_name) | The name of the release of the kube-prometheus-stack. |
ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/statcan/terraform-statcan-kubernetes-core-platform

Awesome Lists containing this project

README
