This repository was archived by the owner on Jun 29, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 47
Expand file tree
/
Copy pathvariables.tf
More file actions
187 lines (155 loc) · 5.37 KB
/
variables.tf
File metadata and controls
187 lines (155 loc) · 5.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
variable "cluster_name" {
description = "Cluster name"
type = string
}
variable "api_servers" {
description = "List of domain names used to reach kube-apiserver from within the cluster"
type = list(string)
}
# When not set, the value of var.api_servers will be used.
variable "api_servers_external" {
description = "List of domain names used to reach kube-apiserver from an external network"
type = list(string)
default = []
}
variable "api_servers_ips" {
description = "List of additional IPv4 addresses to be included in the kube-apiserver TLS certificate"
type = list(string)
default = []
}
variable "etcd_servers" {
description = "List of domain names used to reach etcd servers."
type = list(string)
}
variable "etcd_endpoints" {
description = "List of Private IPv4 addresses of the controller nodes running etcd."
type = list(string)
default = []
}
variable "asset_dir" {
description = "Path to a directory where generated assets should be placed (contains secrets)"
type = string
}
variable "cloud_provider" {
description = "The provider for cloud services (empty string for no provider)"
type = string
default = ""
}
variable "network_mtu" {
description = "CNI interface MTU"
type = number
default = 1500
}
variable "network_encapsulation" {
description = "Network encapsulation mode either ipip or vxlan (only applies to calico)"
type = string
default = "ipip"
}
variable "network_ip_autodetection_method" {
description = "Method to autodetect the host IPv4 address (only applies to calico)"
type = string
default = "first-found"
}
variable "pod_cidr" {
description = "CIDR IP range to assign Kubernetes pods"
type = string
default = "10.2.0.0/16"
}
variable "service_cidr" {
description = <<EOD
CIDR IP range to assign Kubernetes services.
The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for kube-dns.
EOD
type = string
default = "10.3.0.0/24"
}
variable "cluster_domain_suffix" {
description = "Queries for domains with the suffix will be answered by kube-dns"
type = string
default = "cluster.local"
}
variable "container_arch" {
description = "Architecture suffix for the container image coredns/coredns:coredns- (e.g., arm64)"
type = string
default = "amd64"
}
variable "container_images" {
description = "Container images to use (the coredns entry will get -$${var.container_arch} appended)"
type = map(string)
default = {
calico = "calico/node:v3.16.4"
calico_cni = "calico/cni:v3.16.4"
calico_controllers = "calico/kube-controllers:v3.16.4"
flexvol_driver_image = "calico/pod2daemon-flexvol:v3.16.4"
kubelet_image = "quay.io/poseidon/kubelet:v1.19.4"
coredns = "coredns/coredns:coredns-"
pod_checkpointer = "kinvolk/pod-checkpointer:d1c58443fe7d7d33aa5bf7d80d65d299be6e5847"
kube_apiserver = "k8s.gcr.io/kube-apiserver:v1.19.4"
kube_controller_manager = "k8s.gcr.io/kube-controller-manager:v1.19.4"
kube_scheduler = "k8s.gcr.io/kube-scheduler:v1.19.4"
kube_proxy = "k8s.gcr.io/kube-proxy:v1.19.4"
}
}
variable "enable_reporting" {
type = bool
description = "Enable usage or analytics reporting to upstream component owners (Tigera: Calico)"
default = false
}
variable "trusted_certs_dir" {
description = "Path to the directory on cluster nodes where trust TLS certs are kept"
type = string
default = "/usr/share/ca-certificates"
}
variable "certs_validity_period_hours" {
description = "Validity of all the certificates in hours"
type = number
default = 8760
}
variable "enable_aggregation" {
description = "Enable the Kubernetes Aggregation Layer (defaults to false, recommended)"
type = bool
default = false
}
# unofficial, temporary, may be removed without notice
variable "external_apiserver_port" {
description = "External kube-apiserver port (e.g. 6443 to match internal kube-apiserver port)"
type = number
default = 6443
}
variable "disable_self_hosted_kubelet" {
description = "Disable the self hosted kubelet installed by default"
type = bool
}
variable "kube_apiserver_extra_flags" {
description = "Extra flags passed to self-hosted kube-apiserver."
type = list(string)
default = []
}
variable "ignore_x509_cn_check" {
description = "Ignore CN checks in x509 certificates."
type = bool
default = false
}
variable "blocked_metadata_cidrs" {
description = "List of platform metadata CIDRs to block access to for all pods"
type = list(string)
default = []
}
variable "bootstrap_tokens" {
description = "List of bootstrap tokens for all the nodes in the cluster in the form token-id and token-secret."
type = list(any)
}
variable "enable_tls_bootstrap" {
description = "Enable TLS Bootstrap for Kubelet."
type = bool
}
variable "failsafe_inbound_host_ports" {
description = "UDP/TCP/SCTP protocol/port pairs to allow incoming traffic on regardless of the security policy."
type = list(any)
default = null
}
variable "encrypt_pod_traffic" {
description = "Enable in-cluster pod traffic encryption."
type = bool
default = false
}