-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvariables.tf
470 lines (424 loc) · 13.3 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
# Kubernetes Master parameters
variable "folder_id" {
description = "The ID of the folder that the Kubernetes cluster belongs to."
type = string
default = null
}
variable "network_id" {
description = "The ID of the cluster network."
type = string
}
variable "master_region" {
description = <<-EOF
Name of the region where the cluster will be created. This setting is required for regional cluster and not used for zonal cluster.
EOF
type = string
default = "eu-north1" # def
}
resource "random_string" "unique_id" {
length = 8
upper = false
lower = true
numeric = true
special = false
}
variable "cluster_name" {
description = "Name of a specific Kubernetes cluster."
type = string
default = "k8s-cluster"
}
variable "description" {
description = "Description of the Kubernetes cluster."
type = string
default = "Nebius Managed K8S cluster"
}
variable "cluster_version" {
description = "Kubernetes cluster version"
type = string
default = "1.27"
}
variable "cluster_ipv4_range" {
description = <<EOF
CIDR block. IP range for allocating pod addresses.
It should not overlap with any subnet in the network
the Kubernetes cluster located in. Static routes will
be set up for this CIDR blocks in node subnets.
EOF
type = string
default = "172.17.0.0/16"
}
variable "cluster_ipv6_range" {
description = "IPv6 CIDR block. IP range for allocating pod addresses."
type = string
default = null
}
variable "node_ipv4_cidr_mask_size" {
description = <<EOF
(Optional) Size of the masks that are assigned to each node in the cluster.
This efficiently limits the maximum number of pods for each node.
EOF
type = number
default = 24
}
variable "service_ipv4_range" {
description = <<EOF
CIDR block. IP range from which Kubernetes service cluster IP addresses
will be allocated from. It should not overlap with
any subnet in the network the Kubernetes cluster located in
EOF
type = string
default = "172.18.0.0/16"
}
variable "service_ipv6_range" {
description = "IPv6 CIDR block. IP range for allocating pod addresses."
type = string
default = null
}
variable "service_account_name" {
description = "IAM service account name."
type = string
default = "k8s-service-account"
}
variable "node_account_name" {
description = "IAM node account name."
type = string
default = "k8s-node-account"
}
variable "release_channel" {
description = "Kubernetes cluster release channel name"
type = string
default = "REGULAR"
validation {
condition = contains(["STABLE", "RAPID", "REGULAR"], var.release_channel)
error_message = "Release channel should be STABLE (stable feature set), RAPID (early bird feature access) and REGULAR."
}
}
variable "network_policy_provider" {
description = "Network policy provider for Kubernetes cluster"
type = string
default = null #changed
}
variable "enable_cilium_policy" {
description = "Flag for enabling or disabling Cilium CNI."
type = bool
default = false
}
# Kubernetes Master node common parameters
variable "public_access" {
description = "Public or private Kubernetes cluster"
type = bool
default = true
}
variable "allow_public_load_balancers" {
description = "Flag for creating new IAM role with a load-balancer.admin access."
type = bool
default = false #changed
}
variable "master_locations" {
description = <<-EOF
List of locations where the cluster will be created. If the list contains only one
location, a zonal cluster will be created; if there are three locations, this will create a regional cluster.
Note: The master locations list may only have ONE or THREE locations.
EOF
type = list(object({
zone = string
subnet_id = string
}))
validation {
condition = contains([1, 3], length(var.master_locations))
error_message = "Master locations list should have only one location for Zonal cluster and three locations for Regional!"
}
}
variable "security_groups_ids_list" {
description = "List of security group IDs to which the Kubernetes cluster belongs"
type = list(string)
default = []
nullable = true
}
variable "master_auto_upgrade" {
description = "Boolean flag that specifies if master can be upgraded automatically."
type = bool
default = true
}
variable "master_maintenance_windows" {
description = <<EOF
List of structures that specifies maintenance windows,
when auto update for the master is allowed.
Example:
```
master_maintenance_windows = [
{
day = "monday"
start_time = "23:00"
duration = "3h"
}
]
```
EOF
type = list(map(string))
default = []
}
variable "master_logging" {
description = "(Optional) Master logging options."
type = map(any)
default = {
enabled = false # changed from y
folder_id = null
enabled_kube_apiserver = true
enabled_autoscaler = true
enabled_events = true
}
}
variable "master_labels" {
description = "Set of key/value label pairs to assign Kubernetes master nodes."
type = map(string)
default = {}
}
variable "timeouts" {
description = "Timeouts."
type = map(string)
default = {
create = "60m"
update = "60m"
delete = "60m"
}
}
#
# Kubernetes Nodes Groups parameters
#
variable "node_groups" {
description = <<EOF
Kubernetes node groups map of maps. It could contain all parameters of nebius_kubernetes_node_group resource,
many of them could be NULL and have default values.
Notes:
- If node groups version isn't defined, cluster version will be used instead of.
- A master locations list must have only one location for zonal cluster and three locations for a regional.
- All node groups are able to define own locations. These locations will be used at first.
- If own location aren't defined for node groups with auto scale policy, locations for these groups will be automatically generated from master locations. If node groups list have more than three groups, locations for them will be assigned from the beggining of the master locations list. So, all node groups will be distributed in a range of master locations.
- Master locations will be used for fixed scale node groups.
- Auto repair and upgrade values will be used master_auto_upgrade value.
- Master maintenance windows will be used for Node groups also!
- Only one max_expansion OR max_unavailable values should be specified for the deployment policy.
Documentation - https://registry.terraform.io/providers/nebius-cloud/nebius/latest/docs/resources/kubernetes_node_group
Default values:
```
platform_id = "standard-v2"
node_cores = 4
node_memory = 8
node_gpus = 0
core_fraction = 100
disk_type = "network-ssd"
disk_size = 32
preemptible = false
nat = false
auto_repair = true
auto_upgrade = true
maintenance_day = "monday"
maintenance_start_time = "20:00"
maintenance_duration = "3h30m"
network_acceleration_type = "standard"
container_runtime_type = "containerd"
```
Example:
```
node_groups = {
"yc-k8s-ng-01" = {
cluster_name = "k8s-kube-cluster"
description = "Kubernetes nodes group with fixed scale policy and one maintenance window"
fixed_scale = {
size = 3
}
labels = {
owner = "nebius"
service = "kubernetes"
}
node_labels = {
role = "worker-01"
environment = "dev"
}
},
"yc-k8s-ng-02" = {
description = "Kubernetes nodes group with auto scale policy"
auto_scale = {
min = 2
max = 4
initial = 2
}
node_locations = [
{
zone = "ru-central1-b"
subnet_id = "e2lu07tr481h35012c8p"
}
]
labels = {
owner = "example"
service = "kubernetes"
}
node_labels = {
role = "worker-02"
environment = "testing"
}
}
}
```
EOF
type = any
default = {}
}
variable "node_groups_defaults" {
description = "Map of common default values for Node groups."
type = map(any)
default = {
platform_id = "standard-v2"
node_cores = 4
node_memory = 8
node_gpus = 0
core_fraction = 100
disk_type = "network-ssd"
disk_size = 32
preemptible = false
nat = false
ipv4 = true
ipv6 = false
}
}
variable "network_acceleration_type" {
description = "Network acceleration type for the Kubernetes node group"
type = string
default = "standard"
validation {
condition = contains(["standard", "software_accelerated"], var.network_acceleration_type)
error_message = "Type of network acceleration. Available values: standard, software_accelerated."
}
}
variable "container_runtime_type" {
description = "Kubernetes Node Group container runtime type"
type = string
default = "containerd"
validation {
condition = contains(["docker", "containerd"], var.container_runtime_type)
error_message = "Type of container runtime. Avaiable values: docker, containerd."
}
}
# Security group
variable "enable_default_rules" {
description = <<-EOF
Manages creation of default security rules.
Default security rules:
- Allow all incoming traffic from any protocol.
- Allows master-to-node and node-to-node communication inside a security group.
- Allows pod-to-pod and service-to-service communication.
- Allows debugging ICMP packets from internal subnets.
- Allows incomming traffic from the Internet to the NodePort port range.
- Allows all outgoing traffic. Nodes can connect to Nebius Container Registry, Nebius Object Storage, Docker Hub, etc.
- Allow access to Kubernetes API via port 6443 from the subnet.
- Allow access to Kubernetes API via port 443 from the subnet.
- Allow access to worker nodes via SSH from the allowed IP range.
EOF
type = bool
default = true
}
variable "custom_ingress_rules" {
description = <<-EOF
Map definition of custom security ingress rules.
Example:
```
custom_ingress_rules = {
"rule1" = {
protocol = "TCP"
description = "rule-1"
v4_cidr_blocks = ["0.0.0.0/0"]
from_port = 3000
to_port = 32767
},
"rule2" = {
protocol = "TCP"
description = "rule-2"
v4_cidr_blocks = ["0.0.0.0/0"]
port = 443
},
"rule3" = {
protocol = "TCP"
description = "rule-3"
predefined_target = "self_security_group"
from_port = 0
to_port = 65535
}
}
```
EOF
type = any
default = {}
}
variable "custom_egress_rules" {
description = <<-EOF
Map definition of custom security egress rules.
Example:
```
custom_egress_rules = {
"rule1" = {
protocol = "ANY"
description = "rule-1"
v4_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"]
from_port = 8090
to_port = 8099
},
"rule2" = {
protocol = "UDP"
description = "rule-2"
v4_cidr_blocks = ["10.0.1.0/24"]
from_port = 8090
to_port = 8099
}
}
```
EOF
type = any
default = {}
}
variable "allowed_ips" {
description = "List of allowed IPv4 CIDR blocks."
type = list(string)
default = ["0.0.0.0/0"]
}
variable "allowed_ips_ssh" {
description = "List of allowed IPv4 CIDR blocks for an access via SSH."
type = list(string)
default = ["0.0.0.0/0"]
}
variable "pod_mtu" {
description = "default pod mtu for networking"
type = number
default = 8880
}
variable "ssh_username" {
description = "Username for SSH login"
type = string
default = "ubuntu"
}
variable "ssh_public_key" {
description = "Public SSH key to access the cluster nodes"
type = string
default = null
}
variable "ssh_public_key_path" {
description = "Path to a SSH public key to access the cluster nodes"
type = string
default = "~/.ssh/id_rsa.pub"
}
variable "node_locations" {
description = <<-EOF
List of locations where the cluster will be created. If the list contains only one
location, a zonal cluster will be created; if there are three locations, this will create a regional cluster.
Note: The master locations list may only have ONE or THREE locations.
EOF
type = list(object({
zone = string
subnet_id = string
}))
default = []
validation {
condition = contains([0, 1, 3], length(var.node_locations))
error_message = "Node locations list should have either 0 elements (to use master locations), one location for Zonal cluster, or three locations for Regional cluster!"
}
}