-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvariables.tf
203 lines (186 loc) · 7.03 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
######
# global variables
######
variable "app_gateway" {
type = object({
enabled = optional(bool, false)
name = optional(string)
private_ip = optional(bool, false)
private_ip_address = optional(string, "")
private_priority = optional(number)
private_ip_subnet_id = optional(string)
public_ip = optional(bool, true)
public_ip_id = optional(string, "")
public_priority = optional(number)
sku_capacity = optional(string, "2")
sku_name = optional(string, "WAF_v2")
sku_tier = optional(string, "WAF_v2")
subnet_id = optional(string)
})
description = "map of all agw variables"
default = {}
validation {
condition = length(regexall("v2$", var.app_gateway.sku_tier)) == 0 || (length(regexall("v2$", var.app_gateway.sku_tier)) > 0 && var.app_gateway.public_ip == true)
error_message = "If sku_tier is v2, then public_ip must be set to true."
}
validation {
condition = var.app_gateway.private_ip == false || (length(regexall("v2$", var.app_gateway.sku_tier)) > 0 && var.app_gateway.private_ip_address != "")
error_message = "If sku_tier is v2, then private_ip_address must be set when private_ip is set to true"
}
validation {
condition = length(regexall("v2$", var.app_gateway.sku_tier)) > 0 || (length(regexall("v2$", var.app_gateway.sku_tier)) == 0 && var.app_gateway.public_ip_id != "")
error_message = "If sku_tier is v1, then public_ip_id must be empty"
}
validation {
condition = var.app_gateway.enabled == false || (var.app_gateway.enabled && var.app_gateway.subnet_id != null)
error_message = "subnet_id is required when enabled is true"
}
}
variable "waf_configuration" {
type = object({
enabled = optional(bool, true)
firewall_mode = optional(string, "Detection")
rule_set_type = optional(string, "OWASP")
rule_set_version = optional(string, "3.2")
file_upload_limit_mb = optional(number, 100)
request_body_check = optional(bool, true)
max_request_body_size_kb = optional(number, 128)
})
description = "map of all waf configuration setting required if WAF is enabled"
default = {}
}
variable "node_default_pool" {
type = object({
enable_auto_scaling = optional(bool, true)
max_count = optional(number, 4)
min_count = optional(number, 3)
name = optional(string, "system")
node_count = optional(number, 3)
node_labels = optional(map(any))
node_taints = optional(list(string))
only_critical_addons_enabled = optional(bool, true)
os_disk_size_gb = optional(number, 70)
os_disk_type = optional(string, "Ephemeral")
os_sku = optional(string, null)
vm_size = optional(string, "Standard_D2ds_v5")
})
description = "node default system pool for aks"
default = {}
}
variable "node_user_pool" {
type = object({
enable_auto_scaling = optional(bool, true)
enabled = optional(bool, true)
eviction_policy = optional(string, "Delete")
max_count = optional(number, 5)
min_count = optional(number, 2)
mode = optional(string, "User")
name = optional(string, "user")
node_count = optional(number, 2)
node_labels = optional(map(any), {}) # needs defaults as we merge it later
node_taints = optional(list(string), []) # needs defaults as we concat it later
os_disk_size_gb = optional(number, 120)
os_disk_type = optional(string, "Ephemeral")
os_sku = optional(string, null)
os_type = optional(string, "Linux")
priority = optional(string, "Regular")
spot_max_price = optional(number, -1)
vm_size = optional(string, "Standard_D4ds_v5")
})
description = "node user pool for aks"
default = {}
}
variable "oms" {
type = object({
enabled = optional(bool, false)
agw_logs = optional(object({
ApplicationGatewayAccessLog = optional(bool, true)
ApplicationGatewayPerformanceLog = optional(bool, true)
ApplicationGatewayFirewallLog = optional(bool, true)
}), {})
agw_metrics = optional(bool, true)
aks_logs = optional(object({
cloud-controller-manager = optional(bool, false)
cluster-autoscaler = optional(bool, true)
csi-azuredisk-controller = optional(bool, false)
csi-azurefile-controller = optional(bool, false)
csi-snapshot-controller = optional(bool, false)
guard = optional(bool, false)
kube-apiserver = optional(bool, true)
kube-audit = optional(bool, true)
kube-audit-admin = optional(bool, true)
kube-controller-manager = optional(bool, true)
kube-scheduler = optional(bool, false)
}), {})
aks_metrics = optional(bool, true)
retention_days = optional(number, 30)
storage_account_id = optional(string)
workspace_id = optional(string)
})
description = "custom object defining OMS variables"
default = {}
}
variable "acr_list" {
type = map(any)
description = "key/value map of acr name = resource group"
nullable = false
default = {}
}
variable "automatic_channel_upgrade" {
type = string
description = "the upgrade channel for aks"
nullable = false
default = ""
}
variable "azure_policy" {
type = bool
description = "enable azure policies on this cluster"
nullable = false
default = true
}
variable "docker_bridge_cidr" {
type = string
description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes."
nullable = false
default = "172.17.0.1/16"
}
variable "location" {
type = string
description = "region to build all resources in"
}
variable "name" {
type = string
description = "If defined, sets the name of the AKS cluster"
default = ""
}
variable "name_prefix" {
type = string
description = "the prefix used in any generated resource name, if no overriding name is specified"
nullable = false
default = "aks-baseline"
}
variable "resource_group_name" {
type = string
description = "name of the resource group to provision in"
}
variable "sku_tier" {
type = string
description = "Set the SKU for hte aks cluster"
nullable = false
default = "Free"
}
variable "tags" {
type = map(any)
description = "map of tags to apply to all resources"
default = null
}
variable "subnet_id" {
type = string
description = "ID of the subnet for all node pools"
}
variable "zones" {
type = list(string)
description = "list of all supported AZs to deploy to, if available"
nullable = false
default = []
}