This repository was archived by the owner on Dec 16, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathvariables.tf
More file actions
365 lines (312 loc) · 11.7 KB
/
variables.tf
File metadata and controls
365 lines (312 loc) · 11.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
variable "cloud_provider" {
description = "cloudprovider name"
type = string
}
variable "prefix" {
description = "a prefix name for resources"
type = string
default = "capi"
}
variable "image" {
description = "openstack glance image for nova instances"
type = string
default = "Ubuntu 22.04"
}
variable "kind_flavor" {
description = "openstack nova flavor for instance running kind (capi mgmt node)"
type = string
default = "SCS-2V-4"
}
variable "controller_flavor" {
description = "openstack nova flavor for instances running the k8s management nodes"
type = string
default = "SCS-2V-4-20s"
}
variable "worker_flavor" {
description = "openstack nova flavor for instances running the k8s worker nodes"
type = string
default = "SCS-2V-4-20s"
}
variable "controller_metadata" {
description = "additional metadata for instances running the k8s management nodes"
type = map(string)
default = {}
}
variable "worker_metadata" {
description = "additional metadata for instances running the k8s worker nodes"
type = map(string)
default = {}
}
variable "availability_zone" {
description = "availability zone for openstack resources"
type = string
}
variable "external" {
description = "external/public network name for access"
type = string
default = ""
# default = data.openstack_networking_network_v2.extnet.name
}
variable "external_id" {
description = "external/public network ID for access"
type = string
default = ""
# default = data.openstack_networking_network_v2.extnet.id
}
variable "ssh_username" {
description = "ssh username for instances"
type = string
default = "ubuntu"
}
variable "calico_version" {
description = "desired version of calico"
type = string
default = "v3.31.2" # renovate: datasource=github-releases depName=projectcalico/calico
}
variable "clusterapi_version" {
description = "desired version of cluster-api"
type = string
default = "1.6.3" # renovate: datasource=github-releases depName=kubernetes-sigs/cluster-api
}
variable "capi_openstack_version" {
description = "desired version of the OpenStack cluster-api provider"
type = string
default = "0.9.0" # renovate: datasource=github-releases depName=kubernetes-sigs/cluster-api-provider-openstack
}
variable "kubernetes_version" {
description = "desired kubernetes version for the workload cluster"
type = string
default = "v1.28.x"
}
variable "kube_image_raw" {
description = "convert kubernetes image to raw format for ceph backed root disks"
type = bool
default = true
}
variable "image_registration_extra_flags" {
description = "pass extra parameters to image registration"
type = string
default = ""
}
variable "kind_mtu" {
description = "MTU used in the kind cluster (0=autodetect), k8s cluster is 50 smaller"
type = number
default = 0
}
variable "http_proxy" {
description = "HTTP Proxy that is set on the mgmt host as well as on the worker and controlplane nodes of the created cluster."
type = string
default = ""
}
variable "no_proxy" {
description = "HTTP Proxy exception list."
type = string
default = ""
}
variable "worker_count" {
description = "number of worker nodes in testcluster"
type = number
default = 3
}
variable "controller_count" {
description = "number of control plane management nodes in testcluster"
type = number
default = 1
}
variable "node_cidr" {
description = "network addresses (CIDR) for the k8s nodes"
type = string
default = "10.8.0.0/20"
}
variable "pod_cidr" {
description = "network addresses (CIDR) for the k8s pods"
type = string
default = "192.168.0.0/16"
}
variable "service_cidr" {
description = "network addresses (CIDR) for the k8s services"
type = string
default = "10.96.0.0/12"
}
variable "deploy_metrics" {
description = "deploy metrics service into k8s-capi created clusters"
type = bool
default = true
}
variable "deploy_nginx_ingress" {
description = "deploy NGINX ingress controller (version) into k8s-capi created clusters"
type = string
default = "true"
}
variable "deploy_gateway_api" {
description = "deploy k8s Gateway API CRDs along with ciliums implementation of Gateway API, only works in conjunction with use_cilium=true"
type = string
default = "false"
}
variable "deploy_cert_manager" {
description = "deploy cert-manager (version) into k8s-capi created clusters"
type = string
default = "false"
}
variable "deploy_flux" {
description = "install flux (version) into k8s-capi created clusters"
type = string
default = "false"
}
variable "deploy_occm" {
description = "deploy k8s openstack provider version. True matches k8s version"
type = string
default = "true"
}
variable "deploy_cindercsi" {
description = "deploy k8s cinder CSI provider version. True matches k8s version"
type = string
default = "true"
}
variable "anti_affinity" {
description = "use anti-affinity (soft for workers) to avoid k8s nodes on the same host"
type = bool
default = true
}
variable "soft_anti_affinity_controller" {
description = "allow the use of soft-anti-affinity for the control plane"
type = bool
default = false
}
variable "dns_nameservers" {
description = "array of nameservers to be set for subnets, prefer local DNS servers if available"
type = list(string)
default = ["5.1.66.255", "185.150.99.255"]
}
variable "use_cilium" {
description = "use cilium (version) rather than calico as CNI"
type = string
default = "true"
}
variable "cilium_binaries" {
description = "cilium and hubble CLI versions in the vA.B.C;vX.Y.Z format"
type = string
default = "v0.15.23;v0.13.0"
}
variable "etcd_unsafe_fs" {
description = "mount controller root fs with nobarrier"
type = bool
default = false
}
variable "git_reference" {
description = "k8s-cluster-api-provider git reference to be checked out on mgmtserver"
type = string
default = "main"
}
variable "git_repo" {
description = "github repository url that should be used for the deployment"
type = string
default = "https://github.com/SovereignCloudStack/k8s-cluster-api-provider"
}
variable "testcluster_name" {
description = "name of the testcluster optionally created during bootstrap"
type = string
default = "testcluster"
}
variable "use_ovn_lb_provider" {
description = "usage of OVN octavia provider (false, auto, true)"
type = string
default = "false"
validation {
condition = contains(["false", "auto", "true"], var.use_ovn_lb_provider)
error_message = "Invalid setting for use_ovn_lb_provider variable."
}
}
variable "restrict_kubeapi" {
description = "array of IP ranges (CIDRs) that get exclusive access. Leave open for all, none for exclusive internal access"
type = list(string)
default = []
}
variable "restrict_mgmt_server" {
description = "List of IP ranges (CIDRs) that get exclusive access to the SSH port of the management server. Leave empty for all"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "capo_instance_create_timeout" {
description = "time to wait for an openstack machine to be created (in minutes)"
type = number
default = 5
}
variable "containerd_registry_files" {
type = object({
hosts = optional(set(string), ["./files/containerd/docker.io"]),
certs = optional(set(string), [])
})
description = <<EOF
containerd registry host config files referenced by attributes `hosts` and `certs`.
Attributes:
hosts (set): Additional registry host config files for containerd. The filename should
reference the registry host namespace. Files defined in this set will be copied into the `/etc/containerd/certs.d`
directory on each cluster node. The default `docker.io` registry host file instructs containerd to use
`registry.scs.community` container registry instance as a public mirror of DockerHub container registry.
certs (set): Additional client and/or CA certificate files needed for containerd authentication against
registries defined in `hosts`. Files defined in this set will be copied into the `/etc/containerd/certs`
directory on each cluster node.
visit containerd docs for further details on how to configure registry hosts https://github.com/containerd/containerd/blob/main/docs/hosts.md
EOF
default = {}
}
variable "deploy_harbor" {
description = <<EOF
Deploy Harbor container registry. If enabled, the SCS container registry instance of the Harbor will be deployed
as defined in the k8s-harbor [project](https://github.com/SovereignCloudStack/k8s-harbor), which is used
also for the SCS community Harbor instance available at https://registry.scs.community/. It deploys `flux2` as a
mandatory dependency and may deploy also `cert-manager`, `ingress-nginx` and `Cinder CSI` dependencies,
see the `harbor_config` variable. It also expects that the Swift object store is available in the targeting
OpenStack project. A Swift bucket and ec2 credentials will be created and used for storing container image blobs.
EOF
type = bool
default = false
}
variable "harbor_config" {
type = object({
domain_name = optional(string, ""),
issuer_email = optional(string, ""),
persistence = optional(bool, false),
database_size = optional(string, "1Gi"),
redis_size = optional(string, "1Gi"),
trivy_size = optional(string, "5Gi") # x 2 replicas
})
description = <<-EOF
Harbor container registry configuration options.
Attributes:
domain_name (string, optional): Harbor domain name. If set, Harbor services will be exposed via the `Ingress`
resource and secured by SSL/TLS certificate. The certificate will be issued from Let’s Encrypt using the
standard ACME HTTP-01 challenge. This will also force the deployment of dependent services such as
`cert-manager` and `ingress-nginx`. If not set, Harbor services will be exposed via the `ClusterIP` service type.
See ingress [environment](files/kubernetes-manifests.d/harbor/envs/ingress/) for further details.
issuer_email (string, optional): Email address for the cert-manager issuer ACME account used for issuing Harbor
certificate. It will be used to contact you in case of issues with your account or certificates,
including expiry notification emails. Relevant only when `domain_name` is set.
persistence (bool, optional): Enable persistence for the Harbor components.
This will force the deployment of `Cinder CSI`.
database_size (string, optional): PV size of the Harbor database. Relevant only when `persistence` is true.
Defaults to `1Gi`.
redis_size (string, optional): PV size of the Harbor k-v database (Redis). Relevant only when `persistence` is true.
Defaults to `1Gi`.
trivy_size (string, optional): PV size of the Trivy. Relevant only when `persistence` is true.
Defaults to `5Gi` for each of 2 Trivy replicas.
EOF
default = {}
}
variable "mgmt_cidr" {
description = "network address (CIDR) for management cluster"
type = string
default = "10.0.0.0/24"
}
variable "mgmt_ip_range" {
description = "IP range from defined `mgmt_cidr` variable for management cluster. It is recommended to reserve the first 10 IPs."
type = object({
start = string
end = string
})
default = {
start = "10.0.0.11"
end = "10.0.0.254"
}
}