forked from Tymlez/guardian-terraform
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvars.auto.tfvars_sample
197 lines (169 loc) · 5.94 KB
/
vars.auto.tfvars_sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# It is recommended to bring these variables
# into Terraform Cloud so they can be secured
################################################################################
# AWS Required Variables
################################################################################
#Core Authentication - these should be placed into the Terraform Cloud as ENV vars
#Alternatively you should use the AWS CLI and the [default] profile to run this locally.
#Only adding them here wont work
aws_access_key_id = "AKIA..."
aws_secret_access_key = "..."
aws_region = "ap-southeast-2"
aws_zone = "ap-southeast-2a"
#Do you need to grant a particular user access to the EKS cluster (might be different from the credentials above?)
#This is required if you are using AWS SSO to manage your users
aws_user_eks = "arn:aws:iam::123456789:user/AWSReservedSSO_AdministratorAccess_b036e5/[email protected]"
aws_role_eks = "arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_b036e5"
#VPC Setup - required for EKS
aws_vpc_config = {
az1 = {
az_name = "ap-southeast-2a"
private_subnet = "10.0.1.0/24"
public_subnet = "10.0.101.0/24"
}
az2 = {
az_name = "ap-southeast-2b"
private_subnet = "10.0.2.0/24"
public_subnet = "10.0.102.0/24"
}
az3 = {
az_name = "ap-southeast-2c"
private_subnet = "10.0.3.0/24"
public_subnet = "10.0.103.0/24"
}
}
#EKS Cluster Size
#Values are per node group
eks_config = {
az1 = {
instance_types = ["t3a.medium"]
min_size = 1
max_size = 1
desired_size = 1
# ami_type = "AL2_ARM_64"
capacity_type = "ON_DEMAND" #this is to ensure that the nodegroup doesnt get reclaimed as SPOT leaving MongoDB broken
}
instance_types = ["t3a.large"]
min_size = 1
max_size = 1
desired_size = 1
# ami_type = "AL2_ARM_64"
capacity_type = "SPOT"
}
################################################################################
# GCP Required Variables
################################################################################
#remove newlines from Service Account JSON and escape
gcp_service_account = "{\"client_id\": \"1053104\"..... \"token_uri\": \"https://oauth2.googleapis.com/token\"}"
gcp_project_id = "gcp-project-id-124225"
gcp_region = "australia-southeast1"
#these can be ignored if using AWS or unless you change your CIDRs for the VPC in GCP
gcp_local_whitelisted_ips = ["10.0.0.0/8", "192.168.0.0/16"]
################################################################################
# Common Required Variables
################################################################################
#VPC Requirements
vpc_name = "dev" #must not exist
vpc_cidr = "10.0.0.0/16"
firewall_default = "deny"
whitelisted_ips = ["8.8.8.8/32", "1.2.3.4/32"]
ingress_whitelisted_ips = ["0.0.0.0/0", "123.123.123.123/32"]
#please note - our FQDN convention is:
#cluster_name.stage.app_name.tld
#e.g: guardian.dev.tymlez.tymlez.com
app_name = "tymlez" #or customer name
cluster_name = "guardian-cluster"
tld = "tymlez.com"
stage = "dev"
docker_repository = "gcr.io/hedera-registry"
#Guardian Requirements
guardian_operator_id = "0.0.12345678"
guardian_operator_key = "<operator key>"
guardian_ipfs_key = "<nft / ipfs service key here>" #please note for >=2.4.0 this should be web3.storage
guardian_topic_id = "0.0.12345678"
guardian_access_token_secret = "supersecretsauce"
guardian_static_ip = ""
guardian_version = "2.4.1" #must be > 2.4.1 as new services were added
guardian_network = "testnet"
guardian_max_transaction_fee = "10"
guardian_initial_balance = "30"
guardian_initial_standard_registry_balance = "100"
guardian_logger_level = 2
guardian_mongodb_persistent_size = "50Gi"
#custom Helm repositories will be activated if the custom_helm_charts variable is populated
custom_helm_repository = ""
custom_helm_charts = []
custom_helm_version = ""
#this is an example of how to provide custom YAML for the charts you provide above
#this would work for a chart named `nginx` and would provide image.tag = latest
custom_helm_values_yaml = {
"nginx" = {
image = {
tag = "latest"
}
}
}
custom_helm_repository_username = ""
custom_helm_repository_password = ""
# if you want expose your service via ingress, this only works when use_ingress is true
#custom_helm_ingresses = {
# enable = true
# service_path = "/your-api(/|$)(.*)"
# service_port = 9090 // the port that your service listen on
# service_name = "your k8s service name in same name spaces"
#}
use_ingress = true
# to enable newrelic APM
enabled_newrelic=false
newrelic_license_key = "your newrelic license key if enable_newrelic=true"
# Custom container size
resource_configs = {
guardian_logger_service = {
cpu = "250m",
memory = "256Mi",
replicas = 1,
autoscale = false
}
guardian_auth_service = {
cpu = "250m",
memory = "256Mi",
replicas = 1,
autoscale = false
}
guardian_ipfs_client = {
cpu = "250m",
memory = "256Mi",
replicas = 1,
autoscale = false
}
guardian_api_gateway = {
cpu = "500m",
memory = "256Mi",
replicas = 1,
autoscale = false
}
guardian_guardian_service ={
cpu = "500m",
memory = "256Mi",
replicas = 2,
autoscale = false
}
guardian_frontend = {
cpu = "100m",
memory = "128Mi",
replicas = 1,
autoscale = false
}
nats ={
cpu = "500m",
memory = "256Mi",
replicas = 1,
autoscale = false
}
guardian_worker_service = {
cpu = "300m",
memory = "256Mi",
replicas = 1,
autoscale = false
}
}