professional-service-best-practices/terraform-modules
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-modules/variables.tf

351 lines
12 KiB
HCL
Raw Permalink Blame History

# -----------------------------------------------------------------------------
# STACKIT Cloud: Core Configuration Variables
# -----------------------------------------------------------------------------
# Provider region where STACKIT services will be deployed
variable "region" {
description = "Provider region for STACKIT Cloud"
type = string
default = "eu01"
}
# Token for service account authentication (sensitive)
variable "service_account_token" {
description = "Service account token for authentication"
sensitive = true
type = string
default = null
}
# -----------------------------------------------------------------------------
# Subscriber Network Area (SNA) & Project Settings
# -----------------------------------------------------------------------------
# ID of the STACKIT organization container
variable "organization_id" {
description = "STACKIT organization container ID"
type = string
}
# Local path to the JSON key for the service account
variable "service_account_key_path" {
description = "Path to service account JSON key"
type = string
default = "/Users/schlenz/.stackit/sa.json"
}
# Fallback region for resources if none specified
variable "default_region" {
description = "Default region fallback for created resources"
type = string
default = "eu01"
}
# Name for the Service Network Area (SNA)
variable "SNA_name" {
description = "Name of the Service Network Area to create"
type = string
}
# List of CIDR prefixes for the Service Network Area network ranges
variable "SNA_network_ranges" {
description = "CIDR list for the Service Network Area"
type = list(object({ prefix = string }))
}
# CIDR block used for transfer network within the SNA
variable "SNA_transfer_network" {
description = "Transfer network CIDR for the SNA"
type = string
}
# Map of project keys to project definitions (name and owner email)
variable "Projects_map" {
description = "Map of STACKIT projects to create"
type = map(object({
name = string
owner_email = string
}))
}
# Default labels applied to resources where supported
variable "labels" {
description = "Default labels to apply where supported"
type = map(string)
default = {}
}
# Security group definitions, including rules and associations
variable "security_groups" {
description = "Map of security group definitions"
type = map(object({
name = optional(string)
project_key = string
description = optional(string)
rules = list(object({
direction = string # e.g., ingress or egress
description = optional(string) # description of the rule
ether_type = optional(string) # IPv4 or IPv6
icmp_parameters = optional(object({ # ICMP type/code when applicable
type = optional(number)
code = optional(number)
}))
ip_range = optional(string) # source/destination IP range
port_range = optional(object({ # TCP/UDP port range
min = number
max = number
}))
protocol = optional(object({ # protocol name/number
name = optional(string)
number = optional(number)
}))
remote_security_group_id = optional(string) # reference another group
}))
}))
}
# -----------------------------------------------------------------------------
# PostgreSQL Database Instances
# -----------------------------------------------------------------------------
# Definitions for PostgreSQL instances (name, sizing, ACLs, users, and databases)
variable "postgres_instances" {
description = "Map of PostgreSQL instances to create"
type = map(object({
name = string
project_key = string
version = number
flavor = object({ cpu = number, ram = number })
storage = object({ class = string, size = number })
replicas = number
acl = list(string) # allowed IP CIDRs
backup_schedule = string # cron-like schedule
users = list(object({ # DB users and their roles
username = string
roles = set(string)
}))
databases = list(object({ # databases to create
name = string
owner = string
}))
}))
}
# -----------------------------------------------------------------------------
# Virtual Networks per Project
# -----------------------------------------------------------------------------
# Network definitions, including IPv4/IPv6 settings, labels, and NICs
variable "networks" {
description = "Map of network definitions per project"
type = map(object({
name = string
project_key = string
# IPv4 configuration
ipv4_gateway = optional(string)
ipv4_nameservers = optional(list(string))
ipv4_prefix = optional(string)
ipv4_prefix_length = optional(number)
# IPv6 configuration
ipv6_gateway = optional(string)
ipv6_nameservers = optional(list(string))
ipv6_prefix = optional(string)
ipv6_prefix_length = optional(number)
# Additional flags and resource labels
labels = optional(map(string))
no_ipv4_gateway = optional(bool)
no_ipv6_gateway = optional(bool)
routed = optional(bool)
# Network interface cards (NICs) definitions
nics = optional(map(object({
nic_ipv4 = optional(string)
nic_name = string
nic_allowed_addresses = optional(list(string))
nic_labels = optional(map(string))
nic_security = optional(bool)
nic_security_group_ids = optional(list(string))
nic_security_group_names = optional(list(string))
})))
}))
default = {}
}
# -----------------------------------------------------------------------------
# SKE Kubernetes Clusters
# -----------------------------------------------------------------------------
# Configuration for SKE clusters, node pools, and optional extensions
variable "ske_clusters" {
description = "Map of SKE cluster definitions"
type = map(object({
name = string
project_key = string
kubernetes_version_min = optional(string)
# Scheduled cluster hibernations
hibernations = optional(list(object({
start = string # local time window start
end = string # local time window end
timezone = optional(string) # timezone of the schedule
})))
# Maintenance window settings
maintenance = optional(object({
enable_kubernetes_version_updates = bool
enable_machine_image_version_updates = bool
start = string
end = string
}))
# Cluster extensions (ACL, Argus monitoring)
extensions = optional(object({
acl = optional(object({
enabled = bool
allowed_cidrs = list(string)
}))
argus = optional(object({
enabled = bool
argus_instance_id = string
}))
}))
# Node pool definitions (machine types, scaling, labels, taints)
node_pools = list(object({
name = string
machine_type = string
availability_zones = list(string)
minimum = number
maximum = number
allow_system_components = optional(bool)
cri = optional(string)
labels = optional(map(string))
max_surge = optional(number)
max_unavailable = optional(number)
os_name = optional(string)
os_version_min = optional(string)
volume_size = optional(number)
volume_type = optional(string)
taints = optional(list(object({
effect = string
key = string
value = optional(string)
})))
}))
}))
default = {}
}
# -----------------------------------------------------------------------------
# Observability Instances (Monitoring & Alerting)
# -----------------------------------------------------------------------------
# Definitions for Observability service instances and alert configurations
variable "observability_instances" {
description = "Map of Observability instances to create"
type = map(object({
name = string
project_key = string
plan_name = string # e.g., Observability-Medium-EU01
# Retention and ACL settings
acl = optional(list(string))
metrics_retention_days = optional(number)
metrics_retention_days_5m_downsampling = optional(number)
metrics_retention_days_1h_downsampling = optional(number)
alert_config = optional(any)
parameters = optional(map(string))
# Credential generation settings
create_credentials = optional(bool, true)
credentials_count = optional(number, 1)
# Alert group definitions
alertgroups = optional(map(object({
name = string
interval = optional(string)
rules = list(object({
alert = string
expression = string
for = optional(string)
labels = optional(map(string))
annotations = optional(map(string))
}))
})), {})
# Log alert group definitions
logalertgroups = optional(map(object({
name = string
interval = optional(string)
rules = list(object({
alert = string
expression = string
for = optional(string)
labels = optional(map(string))
annotations = optional(map(string))
}))
})), {})
# Scrape configuration for metrics collection
scrapeconfigs = optional(map(object({
name = string
metrics_path = string
targets = list(object({
urls = list(string)
labels = optional(map(string))
}))
basic_auth = optional(object({
username = string
password = string
}))
saml2 = optional(object({
enable_url_parameters = optional(bool)
}))
sample_limit = optional(number)
scheme = optional(string)
scrape_interval = optional(string)
scrape_timeout = optional(string)
})), {})
}))
default = {}
validation {
condition = alltrue([
for k, v in var.observability_instances :
contains([
"Observability-Medium-EU01",
"Observability-Monitoring-XL-EU01",
"Observability-Large-EU01",
"Observability-Monitoring-Basic-EU01",
"Observability-Monitoring-Large-EU01",
"Observability-Basic-EU01",
"Observability-Monitoring-Medium-EU01",
"Observability-Monitoring-XXL-EU01",
"Observability-Metrics-Endpoint-100k-EU01",
"Observability-Frontend-Starter-EU01",
"Observability-Monitoring-Starter-EU01",
"Observability-Starter-EU01",
], v.plan_name)
])
error_message = <<-EOM
One or more observability_instances specify an invalid plan_name.
See the provider error output for supported plans. Allowed:
Observability-Medium-EU01
Observability-Monitoring-XL-EU01
Observability-Large-EU01
Observability-Monitoring-Basic-EU01
Observability-Monitoring-Large-EU01
Observability-Basic-EU01
Observability-Monitoring-Medium-EU01
Observability-Monitoring-XXL-EU01
Observability-Metrics-Endpoint-100k-EU01
Observability-Frontend-Starter-EU01
Observability-Monitoring-Starter-EU01
Observability-Starter-EU01
EOM
}
}
Reference in a new issue View git blame Copy permalink