-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
168 lines (139 loc) · 4.54 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
variable "namespace" {
default = ""
description = "The organizations prefix or namespace"
}
variable "stage" {
default = ""
description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
}
variable "environment" {
default = ""
description = "Additional environment label. Eg if stage does not match the environment"
}
variable "name" {
description = "Solution name, e.g. 'app' or 'jenkins'"
}
variable "annotations" {
type = map(string)
default = {}
description = "Additional annotations to attach to the namespace (eg: to allow certain kiam roles to be assumed)"
}
variable "labels" {
type = map(string)
default = {}
description = "Labels to attach to the kubernetes namespace"
}
variable "attributes" {
type = list(string)
default = []
description = "Additional attributes of the label"
}
variable "image_pull_secrets" {
type = map
default = {}
description = "Pull secrets to provide to the service account to fetch docker images"
}
variable "max_pv_claims" {
type = number
default = 30
description = "Maximum amount of PersistentVolumeClaims which can be claimed within this namespace"
}
variable "max_deployments" {
default = "100"
description = "Maximum amount of Deployments allowed in this namespace"
}
variable "max_jobs" {
default = "100"
description = "Maximum amount of Jobs allowed in this namespace"
}
variable "max_pods" {
default = "1k"
description = "Maximum amount of in parallel running pods in this namespace"
}
variable "max_cpu" {
type = string
description = "Maximum CPU allocation possible per container in this namespace"
}
variable "max_memory" {
type = string
description = "Maximum amount of memory usage per container in this namespace"
}
variable "max_storage" {
type = string
default = "500Gi"
description = "Maximum amount of storage per persistent volume claim"
}
variable "max_load_balancers" {
type = number
default = 1
description = "Maximum amount of services with type LoadBalancer"
}
variable "max_node_ports" {
type = number
default = 0
description = "Maximum amount of services with type NodePort"
}
variable "roles" {
type = any
default = []
description = "List of additional RBAC roles and bindings to deploy. List of name and rules. To bind the rules use service_accounts, groups or users list."
}
variable "service_accounts" {
type = list(object({
name = string
rules = any # [{api_groups=[""],resources=["pod"],verbs=["get", "list"]}]
image_pull_secrets = list(string)
}))
default = []
description = "Creates additional service accounts with a dedicated RBAC role"
}
variable "pod_security_policy_name" {
type = string
default = ""
description = "Allows all service accounts in the current namespace to use the specified security policy"
}
variable "pod_security_policy_groups" {
type = list(string)
default = []
description = "Groups allowed to use the PSP specified in pod_security_policy_name. Defaults to all Service Accounts within Namespace"
}
variable "enable_network_policies" {
type = bool
default = false
description = "Deploys additional kubernetes network policies for the namespace created"
}
variable "network_policy_types" {
type = list(string)
default = ["Egress", "Ingress"]
description = "Network Policy Types the Allow Rule will apply to. When choosing for example only Egress without a Deny Policy it will be allowed."
}
variable "network_deny_all_policy" {
type = bool
default = true
description = "Deploys a Deny-All Network Policy. Only granted CIDRs and Namespaces will be allowed."
}
variable "network_egress_namespaces" {
type = list(any)
default = []
description = "Namespaces to allow egress traffic to"
}
variable "network_egress_ip_blocks" {
type = list(string)
default = []
description = "IP Blocks to allow egress traffic to. Could be a NAT Gateway IP /32 to allow only Internet Traffic"
}
variable "network_ingress_namespaces" {
type = list(any)
default = []
description = "Namespaces to allow ingress traffic from"
}
variable "network_ingress_ports" {
type = list(any)
description = "Ports allowed to be used by external Services"
default = []
}
variable "network_egress_ports" {
type = list(any)
description = "Ports allowed to connect to"
default = []
}