The following sections describe the variables of this terraform module.
Type: string
AWS region List of available regions: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions Currently, the terraform module uses the two first availability zones of the region.
Example: eu-west-1
Type: string
AWS EC2 instance type used for the Kubernetes node pool.
Example: m6g.xlarge for production and t3.medium for development
Type: string
AWS Route 53 Zone ID This module can automatically create DNS records in a Route 53 Zone. Leave empty to disable record creation.
Example: Z0123456789ABCDEFGHIJ
Type: string
Default: ""
AWS IAM Policy ARN to be used for permissions boundaries on created roles.
Example: arn:aws:iam::123456789012:policy/GithubCIPermissionBoundaries
Type: string
Fully-qualified domain name of your HTTPS Gateway ingress endpoint.
Example: dss.example.com
Type: string
The domain name suffix shared by all of your CockroachDB nodes. For instance, if your CRDB nodes were addressable at 0.db.example.com, 1.db.example.com and 2.db.example.com, then the value would be db.example.com.
Example: db.example.com
Type: string
Name of the kubernetes cluster that will host this DSS instance (should generally describe the DSS instance being hosted)
Example: dss-che-1
Type: number
Number of Kubernetes nodes which should correspond to the desired CockroachDB nodes. Currently, only single node or three nodes deployments are supported.
Example: 3
Type: string
Desired version of the Kubernetes cluster control plane and nodes.
Supported versions:
- 1.24
Type: string
AWS Elastic Kubernetes Service Storage Class to use for CockroachDB and Prometheus persistent volumes. See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html for more details and available options.
Example: gp2
Type: string
URL of the DSS docker image.
Official public images are available on Docker Hub: https://hub.docker.com/r/interuss/dss/tags See /build/README.md Docker images section to learn how to build and publish your own image.
Example: docker.io/interuss/dss:latest or docker.io/interuss/dss:v0.14.0
Type: string
Default: ""
Secret name of the credentials to access the image registry.
If the image specified in VAR_DOCKER_IMAGE_NAME requires
authentication, you can use the following command to store the credentials as secrets:
kubectl create secret -n VAR_NAMESPACE docker-registry VAR_DOCKER_IMAGE_PULL_SECRET
--docker-server=DOCKER_REGISTRY_SERVER
--docker-username=DOCKER_USER
--docker-password=DOCKER_PASSWORD
--docker-email=DOCKER_EMAIL
Replace VAR_DOCKER_IMAGE_PULL_SECRET with the secret name (for instance: private-registry-credentials).
For docker hub private repository, use docker.io as DOCKER_REGISTRY_SERVER and an
access token as DOCKER_PASSWORD.
Example: docker-registry
Type: object({'public_key_pem_path': '${optional(string)}', 'jwks': "${optional(object({'endpoint': '${string}', 'key_id': '${string}'}))}"})
One of public_key_pem_path or jwks should be provided but not both.
- public_key_pem_path If providing the access token public key via JWKS, do not provide this parameter. If providing a .pem file directly as the public key to validate incoming access tokens, specify the name of this .pem file here as /public-certs/YOUR-KEY-NAME.pem replacing YOUR-KEY-NAME as appropriate. For instance, if using the provided us-demo.pem, use the path /public-certs/us-demo.pem. Note that your .pem file should be built in the docker image or mounted manually.
Example 1 (dummy auth):
{
public_key_pem_path = "/test-certs/auth2.pem"
}
Example 2:
{
public_key_pem_path = "/jwt-public-certs/us-demo.pem"
}
- jwks If providing a .pem file directly as the public key to validate incoming access tokens, do not provide this parameter.
- endpoint If providing the access token public key via JWKS, specify the JWKS endpoint here. Example: https://auth.example.com/.well-known/jwks.json
- key_id: If providing the access token public key via JWKS, specify the kid (key ID) of they appropriate key in the JWKS file referenced above. Example:
{
jwks = {
endpoint = "https://auth.example.com/.well-known/jwks.json"
key_id = "9C6DF78B-77A7-4E89-8990-E654841A7826"
}
}
Type: bool
Default: true
Set this boolean true to enable ASTM strategic conflict detection functionality
Type: bool
Default: none
Set to false if joining an existing pool, true if creating the first DSS instance for a pool. When set true, this can initialize the data directories on your cluster, and prevent you from joining an existing pool.
Example: true
Type: string
Default: "latest"
Desired RID DB schema version.
Use latest to use the latest schema version.
Example: 4.0.0
Type: string
Default: "latest"
Desired SCD DB schema version.
Use latest to use the latest schema version.
Example: 3.1.0
Type: string
Version tag of the CockroachDB image. Until v.16, the recommended CockroachDB version is v21.2.7. From v.17, the recommended CockroachDB version is v24.1.3.
Example: v24.1.3
Type: string
A string that specifies a CRDB cluster name. This is used together to ensure that all newly created nodes join the intended cluster when you are running multiple clusters. The CRDB cluster is automatically given a randomly-generated name if an empty string is provided. The CRDB cluster name must be 6-20 characters in length, and can include lowercase letters, numbers, and dashes (but no leading or trailing dashes). A cluster's name cannot be edited after it is created.
At the moment, this variable is only used for helm charts deployments.
Example: interuss_us_production
Type: string
Unique name for your DSS instance. Currently, we recommend "<ORG_NAME>_<CLUSTER_NAME>", and the = character is not allowed. However, any unique (among all other participating DSS instances) value is acceptable.
Example: <ORGNAME_CLUSTER_NAME>
Type: list(string)
Default: []
Fully-qualified domain name of existing CRDB nodes outside of the cluster if you are joining an existing pool. Example: ["0.db.dss.example.com", "1.db.dss.example.com", "2.db.dss.example.com"]
Type: string
Default: "default"
Namespace where to deploy Kubernetes resources. Only default is supported at the moment.
Example: default