From 9825d4d258b333365de212020235902a25c8dfcd Mon Sep 17 00:00:00 2001 From: velotioaastha Date: Mon, 29 Apr 2024 19:18:03 +0530 Subject: [PATCH] add example tf files for custom vpc, sql, redis --- examples/byo-vpc-eks-sql-redis/main.tf | 85 ++++ examples/byo-vpc-eks-sql-redis/variables.tf | 259 +++++++++++ examples/byo-vpc-sql/main.tf | 78 ++++ examples/byo-vpc-sql/variables.tf | 220 ++++++++++ examples/standard/main.tf | 64 +++ examples/standard/variables.tf | 457 ++++++++++++++++++++ main.tf | 42 +- outputs.tf | 10 +- variables.tf | 53 +++ 9 files changed, 1242 insertions(+), 26 deletions(-) create mode 100644 examples/byo-vpc-eks-sql-redis/main.tf create mode 100644 examples/byo-vpc-eks-sql-redis/variables.tf create mode 100644 examples/byo-vpc-sql/main.tf create mode 100644 examples/byo-vpc-sql/variables.tf create mode 100644 examples/standard/main.tf create mode 100644 examples/standard/variables.tf diff --git a/examples/byo-vpc-eks-sql-redis/main.tf b/examples/byo-vpc-eks-sql-redis/main.tf new file mode 100644 index 000000000..b15619878 --- /dev/null +++ b/examples/byo-vpc-eks-sql-redis/main.tf @@ -0,0 +1,85 @@ + +module "wandb" { + source = "../../" + + namespace = var.namespace + license = var.license + external_dns = true + + deletion_protection = false + create_vpc = var.create_vpc + create_database = var.create_database + database_env = var.database_env + create_elasticache = var.create_elasticache + create_eks = var.create_eks + create_kms = var.create_kms + kms_key_arn = var.kms_key_arn + efs_id = var.efs_id + + network_id = var.vpc_id + network_cidr = var.vpc_cidr + + network_private_subnets = var.network_private_subnets + network_public_subnets = var.network_public_subnets + network_database_subnets = var.network_database_subnets + network_private_subnet_cidrs = var.network_private_subnet_cidrs + network_public_subnet_cidrs = var.network_public_subnet_cidrs + network_database_subnet_cidrs = var.network_database_subnet_cidrs + network_elasticache_subnets = var.network_elasticache_subnets + + + database_instance_class = var.database_instance_class + database_engine_version = var.database_engine_version + database_snapshot_identifier = var.database_snapshot_identifier + database_sort_buffer_size = var.database_sort_buffer_size + + allowed_inbound_cidr = var.allowed_inbound_cidr + allowed_inbound_ipv6_cidr = ["::/0"] + + eks_cluster_version = var.eks_cluster_version + kubernetes_public_access = true + kubernetes_public_access_cidrs = ["0.0.0.0/0"] + + domain_name = var.domain_name + zone_id = var.zone_id + subdomain = var.subdomain + + + bucket_name = var.bucket_name + bucket_kms_key_arn = var.bucket_kms_key_arn + use_internal_queue = true + size = var.size + redis_port = var.redis_port + redis_host = var.redis_host +} + +data "aws_eks_cluster" "app_cluster" { + name = var.create_eks ? module.wandb.cluster_id : var.cluster_name +} + +data "aws_eks_cluster_auth" "app_cluster" { + name = var.create_eks ? module.wandb.cluster_id : var.cluster_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.app_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.app_cluster.token + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name] + command = "aws" + } +} +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.app_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.app_cluster.token + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name] + command = "aws" + } + } +} diff --git a/examples/byo-vpc-eks-sql-redis/variables.tf b/examples/byo-vpc-eks-sql-redis/variables.tf new file mode 100644 index 000000000..20162a83d --- /dev/null +++ b/examples/byo-vpc-eks-sql-redis/variables.tf @@ -0,0 +1,259 @@ +variable "namespace" { + type = string + description = "Name prefix used for resources" +} + +variable "domain_name" { + type = string + description = "Domain name used to access instance." +} + +variable "zone_id" { + type = string + description = "Id of Route53 zone" +} + +variable "subdomain" { + type = string + default = null + description = "Subdomain for accessing the Weights & Biases UI." +} + +variable "license" { + type = string +} + +variable "database_engine_version" { + description = "Version for MySQL Auora" + type = string + default = "8.0.mysql_aurora.3.03.0" +} + +variable "database_instance_class" { + description = "Instance type to use by database master instance." + type = string + default = "db.r5.large" +} + +variable "database_snapshot_identifier" { + description = "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot" + type = string + default = null +} + +variable "database_sort_buffer_size" { + description = "Specifies the sort_buffer_size value to set for the database" + type = number + default = 262144 +} + +variable "wandb_version" { + description = "The version of Weights & Biases local to deploy." + type = string + default = "latest" +} + +variable "kubernetes_instance_types" { + description = "EC2 Instance type for primary node group." + type = list(string) + default = ["m5.large"] +} + +variable "eks_cluster_version" { + description = "EKS cluster kubernetes version" + nullable = false + type = string +} + +variable "wandb_image" { + description = "Docker repository of to pull the wandb image from." + type = string + default = "wandb/local" +} + +variable "bucket_name" { + type = string + default = "" +} + +variable "bucket_kms_key_arn" { + type = string + description = "The Amazon Resource Name of the KMS key with which S3 storage bucket objects will be encrypted." + default = "" +} + + +variable "allowed_inbound_cidr" { + default = ["0.0.0.0/0"] + nullable = false + type = list(string) +} + + +variable "allowed_inbound_ipv6_cidr" { + default = ["::/0"] + nullable = false + type = list(string) +} + +variable "other_wandb_env" { + type = map(string) + description = "Extra environment variables for W&B" + default = {} +} + +variable "enable_operator_alb" { + type = bool + default = false + description = "Boolean indicating whether to use operatore ALB (true) or not (false)." +} + +variable "enable_dummy_dns" { + type = bool + default = false + description = "Boolean indicating whether or not to enable dummy DNS for the old alb" +} + +variable "create_vpc" { + type = bool + default = false +} + +variable "vpc_id" { + type = string + description = "VPC network ID" + default = "" +} + +variable "vpc_cidr" { + type = string + description = "VPC network CIDR" + default = "" +} + +variable "network_private_subnets" { + default = [] + description = "A list of the identities of the private subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_public_subnets" { + default = [] + description = "A list of the identities of the public subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_database_subnets" { + default = [] + description = "A list of the identities of the database subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_elasticache_subnets" { + default = [] + description = "A list of the identities of the subnetworks in which elasticache resources will be deployed." + type = list(string) +} + +variable "network_public_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.0.0/24", "10.10.1.0/24"] +} + +variable "network_private_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.10.0/24", "10.10.11.0/24"] +} + +variable "network_database_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.20.0/24", "10.10.21.0/24"] +} + +variable "network_elasticache_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.30.0/24", "10.10.31.0/24"] +} + +variable "private_link_allowed_account_ids" { + description = "List of AWS account IDs allowed to access the VPC Endpoint Service" + type = list(string) + default = [] +} + + +variable "size" { + default = null + description = "Deployment size" + nullable = true + type = string +} + +variable "create_database" { + type = bool + default = false +} + +variable "database_env" { + type = object({ + port = string + database_name = string + username = string + password = string + connection_string = string + security_group_id = string + endpoint = string + }) + default = { + port = "3306" + database_name = "wandb_local" + username = "wandb" + password = "" + connection_string = null + security_group_id = "" + endpoint = "" + } +} + +variable "create_elasticache" { + type = bool + default = false +} + +variable "create_eks" { + type = bool + default = false +} + +variable "efs_id" { + type = string + default = "" +} + +variable "cluster_name" { + type = string + default = "" +} + +variable "redis_host" { + type = string + default = "" +} +variable "redis_port" { + type = string + default = "6379" +} + +variable "create_kms" { + type = bool + default = false +} + +variable "kms_key_arn" { + type = string + default = "" +} diff --git a/examples/byo-vpc-sql/main.tf b/examples/byo-vpc-sql/main.tf new file mode 100644 index 000000000..648dab8a4 --- /dev/null +++ b/examples/byo-vpc-sql/main.tf @@ -0,0 +1,78 @@ + +module "wandb" { + source = "../../" + + namespace = var.namespace + license = var.license + external_dns = true + + deletion_protection = false + create_vpc = var.create_vpc + create_database = var.create_database + database_env = var.database_env + + network_id = var.vpc_id + network_cidr = var.vpc_cidr + + network_private_subnets = var.network_private_subnets + network_public_subnets = var.network_public_subnets + network_database_subnets = var.network_database_subnets + network_private_subnet_cidrs = var.network_private_subnet_cidrs + network_public_subnet_cidrs = var.network_public_subnet_cidrs + network_database_subnet_cidrs = var.network_database_subnet_cidrs + network_elasticache_subnets = var.network_elasticache_subnets + + + database_instance_class = var.database_instance_class + database_engine_version = var.database_engine_version + database_snapshot_identifier = var.database_snapshot_identifier + database_sort_buffer_size = var.database_sort_buffer_size + + allowed_inbound_cidr = var.allowed_inbound_cidr + allowed_inbound_ipv6_cidr = ["::/0"] + + eks_cluster_version = var.eks_cluster_version + kubernetes_public_access = true + kubernetes_public_access_cidrs = ["0.0.0.0/0"] + + domain_name = var.domain_name + zone_id = var.zone_id + subdomain = var.subdomain + + + bucket_name = var.bucket_name + bucket_kms_key_arn = var.bucket_kms_key_arn + use_internal_queue = true + size = var.size +} + +data "aws_eks_cluster" "app_cluster" { + name = module.wandb.cluster_id +} + +data "aws_eks_cluster_auth" "app_cluster" { + name = module.wandb.cluster_id +} + +provider "kubernetes" { + host = data.aws_eks_cluster.app_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.app_cluster.token + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name] + command = "aws" + } +} +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.app_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.app_cluster.token + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name] + command = "aws" + } + } +} diff --git a/examples/byo-vpc-sql/variables.tf b/examples/byo-vpc-sql/variables.tf new file mode 100644 index 000000000..85078b776 --- /dev/null +++ b/examples/byo-vpc-sql/variables.tf @@ -0,0 +1,220 @@ +variable "namespace" { + type = string + description = "Name prefix used for resources" +} + +variable "domain_name" { + type = string + description = "Domain name used to access instance." +} + +variable "zone_id" { + type = string + description = "Id of Route53 zone" +} + +variable "subdomain" { + type = string + default = null + description = "Subdomain for accessing the Weights & Biases UI." +} + +variable "license" { + type = string +} + +variable "database_engine_version" { + description = "Version for MySQL Auora" + type = string + default = "8.0.mysql_aurora.3.03.0" +} + +variable "database_instance_class" { + description = "Instance type to use by database master instance." + type = string + default = "db.r5.large" +} + +variable "database_snapshot_identifier" { + description = "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot" + type = string + default = null +} + +variable "database_sort_buffer_size" { + description = "Specifies the sort_buffer_size value to set for the database" + type = number + default = 262144 +} + +variable "wandb_version" { + description = "The version of Weights & Biases local to deploy." + type = string + default = "latest" +} + +variable "kubernetes_instance_types" { + description = "EC2 Instance type for primary node group." + type = list(string) + default = ["m5.large"] +} + +variable "eks_cluster_version" { + description = "EKS cluster kubernetes version" + nullable = false + type = string +} + +variable "wandb_image" { + description = "Docker repository of to pull the wandb image from." + type = string + default = "wandb/local" +} + +variable "bucket_name" { + type = string + default = "" +} + +variable "bucket_kms_key_arn" { + type = string + description = "The Amazon Resource Name of the KMS key with which S3 storage bucket objects will be encrypted." + default = "" +} + + +variable "allowed_inbound_cidr" { + default = ["0.0.0.0/0"] + nullable = false + type = list(string) +} + + +variable "allowed_inbound_ipv6_cidr" { + default = ["::/0"] + nullable = false + type = list(string) +} + +variable "other_wandb_env" { + type = map(string) + description = "Extra environment variables for W&B" + default = {} +} + +variable "enable_operator_alb" { + type = bool + default = false + description = "Boolean indicating whether to use operatore ALB (true) or not (false)." +} + +variable "enable_dummy_dns" { + type = bool + default = false + description = "Boolean indicating whether or not to enable dummy DNS for the old alb" +} + +variable "create_vpc" { + type = bool + default = false +} + +variable "vpc_id" { + type = string + description = "VPC network ID" + default = "" +} + +variable "vpc_cidr" { + type = string + description = "VPC network CIDR" + default = "10.10.0.0/16" +} + +variable "network_private_subnets" { + default = [] + description = "A list of the identities of the private subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_public_subnets" { + default = [] + description = "A list of the identities of the public subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_database_subnets" { + default = [] + description = "A list of the identities of the database subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_elasticache_subnets" { + default = [] + description = "A list of the identities of the subnetworks in which elasticache resources will be deployed." + type = list(string) +} + +variable "network_public_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.0.0/24", "10.10.1.0/24"] +} + +variable "network_private_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.10.0/24", "10.10.11.0/24"] +} + +variable "network_database_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.20.0/24", "10.10.21.0/24"] +} + +variable "network_elasticache_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.30.0/24", "10.10.31.0/24"] +} + +variable "private_link_allowed_account_ids" { + description = "List of AWS account IDs allowed to access the VPC Endpoint Service" + type = list(string) + default = [] +} + + +variable "size" { + default = null + description = "Deployment size" + nullable = true + type = string +} + +variable "create_database" { + type = bool + default = false +} + +variable "database_env" { + type = object({ + port = string + database_name = string + username = string + password = string + connection_string = string + security_group_id = string + endpoint = string + }) + default = { + port = "3306" + database_name = "wandb_local" + username = "wandb" + password = "" + connection_string = null + security_group_id = "" + endpoint = "" + } +} diff --git a/examples/standard/main.tf b/examples/standard/main.tf new file mode 100644 index 000000000..40f071967 --- /dev/null +++ b/examples/standard/main.tf @@ -0,0 +1,64 @@ + +module "wandb" { + source = "../../" + + namespace = var.namespace + license = var.license + # public_access = true + external_dns = true + + deletion_protection = false + + database_instance_class = var.database_instance_class + database_engine_version = var.database_engine_version + database_snapshot_identifier = var.database_snapshot_identifier + database_sort_buffer_size = var.database_sort_buffer_size + + allowed_inbound_cidr = var.allowed_inbound_cidr + allowed_inbound_ipv6_cidr = ["::/0"] + + eks_cluster_version = var.eks_cluster_version + kubernetes_public_access = true + kubernetes_public_access_cidrs = ["0.0.0.0/0"] + + domain_name = var.domain_name + zone_id = var.zone_id + subdomain = var.subdomain + + + bucket_name = var.bucket_name + bucket_kms_key_arn = var.bucket_kms_key_arn + use_internal_queue = true + size = var.size +} + +data "aws_eks_cluster" "app_cluster" { + name = var.create_eks ? module.wandb.cluster_id : var.cluster_name +} + +data "aws_eks_cluster_auth" "app_cluster" { + name = var.create_eks ? module.wandb.cluster_id : var.cluster_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.app_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.app_cluster.token + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name] + command = "aws" + } +} +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.app_cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.app_cluster.token + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name] + command = "aws" + } + } +} diff --git a/examples/standard/variables.tf b/examples/standard/variables.tf new file mode 100644 index 000000000..1429d82f1 --- /dev/null +++ b/examples/standard/variables.tf @@ -0,0 +1,457 @@ +########################################## +# Common # +########################################## +variable "namespace" { + type = string + description = "String used for prefix resources." +} + +variable "deletion_protection" { + description = "If the instance should have deletion protection enabled. The database / S3 can't be deleted when this value is set to `true`." + type = bool + default = true +} + +variable "use_internal_queue" { + type = bool + default = false +} + +variable "size" { + default = null + description = "Deployment size" + nullable = true + type = string +} + +########################################## +# Database # +########################################## +variable "create_database" { + type = bool + default = true +} + +variable "database_engine_version" { + description = "Version for MySQL Auora" + type = string + default = "8.0.mysql_aurora.3.03.0" +} + +variable "database_instance_class" { + description = "Instance type to use by database master instance." + type = string + default = "db.r5.large" +} + +variable "database_snapshot_identifier" { + description = "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot" + type = string + default = null +} + +variable "database_sort_buffer_size" { + description = "Specifies the sort_buffer_size value to set for the database" + type = number + default = 67108864 +} + +variable "database_name" { + description = "Specifies the name of the database" + type = string + default = "wandb_local" +} + +variable "database_master_username" { + description = "Specifies the master_username value to set for the database" + type = string + default = "wandb" +} + +variable "database_binlog_format" { + description = "Specifies the binlog_format value to set for the database" + type = string + default = "ROW" +} + +variable "database_innodb_lru_scan_depth" { + description = "Specifies the innodb_lru_scan_depth value to set for the database" + type = number + default = 128 +} + +variable "database_performance_insights_kms_key_arn" { + default = null + description = "Specifies an existing KMS key ARN to encrypt the performance insights data if performance_insights_enabled is was enabled out of band" + nullable = true + type = string + +} +########################################## +# DNS # +########################################## +variable "public_access" { + type = bool + default = false + description = "Is this instance accessable a public domain." +} + +variable "external_dns" { + type = bool + default = false + description = "Using external DNS. A `subdomain` must also be specified if this value is true." +} + +variable "custom_domain_filter" { + description = "A custom domain filter to be used by external-dns instead of the default FQDN. If not set, the local FQDN is used." + type = string + default = null +} + +# Sometimes domain name and zone name dont match, so lets explicitly ask for +# both. Also is just life easier to have both even though in most cause it may +# be redundant info. +# https://github.com/hashicorp/terraform-aws-terraform-enterprise/pull/41#issuecomment-563501858 +variable "zone_id" { + type = string + description = "Domain for creating the Weights & Biases subdomain on." +} + +variable "domain_name" { + type = string + description = "Domain for accessing the Weights & Biases UI." +} + +variable "subdomain" { + type = string + default = null + description = "Subdomain for accessing the Weights & Biases UI. Default creates record at Route53 Route." +} + +variable "enable_dummy_dns" { + type = bool + default = false + description = "Boolean indicating whether or not to enable dummy DNS for the old alb" +} + + +variable "enable_operator_alb" { + type = bool + default = false + description = "Boolean indicating whether to use operatore ALB (true) or not (false)." +} + +variable "extra_fqdn" { + type = list(string) + description = "Additional fqdn's must be in the same hosted zone as `domain_name`." + default = [] +} + +########################################## +# Load Balancer # +########################################## +variable "ssl_policy" { + type = string + default = "ELBSecurityPolicy-FS-1-2-Res-2020-10" + description = "SSL policy to use on ALB listener" +} + +variable "acm_certificate_arn" { + type = string + default = null + description = "The ARN of an existing ACM certificate." +} + +variable "allowed_inbound_cidr" { + description = "CIDRs allowed to access wandb-server." + nullable = false + type = list(string) +} + +variable "allowed_inbound_ipv6_cidr" { + description = "CIDRs allowed to access wandb-server." + nullable = false + type = list(string) +} + + +########################################## +# KMS # +########################################## +variable "kms_key_alias" { + type = string + description = "KMS key alias for AWS KMS Customer managed key." + default = null +} + +variable "kms_key_deletion_window" { + type = number + description = "Duration in days to destroy the key after it is deleted. Must be between 7 and 30 days." + default = 7 +} + +variable "kms_key_policy" { + type = string + description = "The policy that will define the permissions for the kms key." + default = "" +} + +########################################## +# Network # +########################################## +variable "create_vpc" { + type = bool + description = "Boolean indicating whether to deploy a VPC (true) or not (false)." + default = true +} + +variable "network_id" { + default = "" + description = "The identity of the VPC in which resources will be deployed." + type = string +} + +variable "network_private_subnets" { + default = [] + description = "A list of the identities of the private subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_public_subnets" { + default = [] + description = "A list of the identities of the public subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_database_subnets" { + default = [] + description = "A list of the identities of the database subnetworks in which resources will be deployed." + type = list(string) +} + +variable "network_elasticache_subnets" { + default = [] + description = "A list of the identities of the subnetworks in which elasticache resources will be deployed." + type = list(string) +} + +variable "network_cidr" { + type = string + description = "CIDR block for VPC." + default = "10.10.0.0/16" +} + +variable "network_public_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.0.0/24", "10.10.1.0/24"] +} + +variable "network_private_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.10.0/24", "10.10.11.0/24"] +} + +variable "network_database_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.20.0/24", "10.10.21.0/24"] +} + +variable "network_elasticache_subnet_cidrs" { + type = list(string) + description = "List of private subnet CIDR ranges to create in VPC." + default = ["10.10.30.0/24", "10.10.31.0/24"] +} + +variable "private_link_allowed_account_ids" { + description = "List of AWS account IDs allowed to access the VPC Endpoint Service" + type = list(string) + default = [] +} + +########################################## +# EKS Cluster # +########################################## +variable "create_eks" { + type = bool + default = true +} + +variable "cluster_name" { + type = string + default = "" +} + +variable "eks_cluster_version" { + description = "EKS cluster kubernetes version" + nullable = false + type = string +} +variable "kubernetes_alb_internet_facing" { + type = bool + description = "Indicates whether or not the ALB controlled by the Amazon ALB ingress controller is internet-facing or internal." + default = true +} + +variable "kubernetes_alb_subnets" { + type = list(string) + description = "List of subnet ID's the ALB will use for ingress traffic." + default = [] +} + +variable "kubernetes_public_access" { + type = bool + description = "Indicates whether or not the Amazon EKS public API server endpoint is enabled." + default = false +} + + +variable "kubernetes_public_access_cidrs" { + description = "List of CIDR blocks which can access the Amazon EKS public API server endpoint." + type = list(string) + default = [] +} + +variable "kubernetes_map_accounts" { + description = "Additional AWS account numbers to add to the aws-auth configmap." + type = list(string) + default = [] +} + +variable "kubernetes_map_roles" { + description = "Additional IAM roles to add to the aws-auth configmap." + type = list(object({ + rolearn = string + username = string + groups = list(string) + })) + default = [] +} + +variable "kubernetes_map_users" { + description = "Additional IAM users to add to the aws-auth configmap." + type = list(object({ + userarn = string + username = string + groups = list(string) + })) + default = [] +} + +variable "kubernetes_instance_types" { + description = "EC2 Instance type for primary node group." + type = list(string) + default = ["m5.large"] +} + +variable "kubernetes_node_count" { + description = "Number of nodes" + type = number + default = 2 +} + +variable "eks_policy_arns" { + type = list(string) + description = "Additional IAM policy to apply to the EKS cluster" + default = [] +} + +variable "system_reserved_cpu_millicores" { + description = "(Optional) The amount of 'system-reserved' CPU millicores to pass to the kubelet. For example: 100. A value of -1 disables the flag." + type = number + default = 70 +} + +variable "system_reserved_memory_megabytes" { + description = "(Optional) The amount of 'system-reserved' memory in megabytes to pass to the kubelet. For example: 100. A value of -1 disables the flag." + type = number + default = 100 +} + +variable "system_reserved_ephemeral_megabytes" { + description = "(Optional) The amount of 'system-reserved' ephemeral storage in megabytes to pass to the kubelet. For example: 1000. A value of -1 disables the flag." + type = number + default = 750 +} + +variable "system_reserved_pid" { + description = "(Optional) The amount of 'system-reserved' process ids [pid] to pass to the kubelet. For example: 1000. A value of -1 disables the flag." + type = number + default = 500 +} + +variable "aws_loadbalancer_controller_tags" { + description = "(Optional) A map of AWS tags to apply to all resources managed by the load balancer controller" + type = map(string) + default = {} +} + +########################################## +# External Bucket # +########################################## +# Most users will not need these settings. They are ment for users who want a +# bucket and sqs that are in a different account. +variable "create_bucket" { + type = bool + default = true +} + +variable "bucket_name" { + type = string + default = "" +} + +variable "bucket_kms_key_arn" { + type = string + description = "The Amazon Resource Name of the KMS key with which S3 storage bucket objects will be encrypted." + default = "" +} + +########################################## +# Redis # +########################################## +variable "create_elasticache" { + type = bool + description = "Boolean indicating whether to provision an elasticache instance (true) or not (false)." + default = true +} + +variable "elasticache_node_type" { + description = "The type of the redis cache node to deploy" + type = string + default = "cache.t2.medium" +} + +# ########################################## +# # Weights & Biases # +# ########################################## +variable "license" { + type = string + description = "Weights & Biases license key." +} + +variable "other_wandb_env" { + type = map(any) + description = "Extra environment variables for W&B" + default = {} +} + +variable "weave_wandb_env" { + type = map(string) + description = "Extra environment variables for W&B" + default = {} +} + +variable "app_wandb_env" { + type = map(string) + description = "Extra environment variables for W&B" + default = {} +} + +variable "parquet_wandb_env" { + type = map(string) + description = "Extra environment variables for W&B" + default = {} +} diff --git a/main.tf b/main.tf index 3b6fc78d4..5b62877c1 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ module "kms" { - source = "./modules/kms" - + source = "./modules/kms" + count = var.create_kms ? 1 : 0 key_alias = var.kms_key_alias == null ? "${var.namespace}-kms-alias" : var.kms_key_alias key_deletion_window = var.kms_key_deletion_window @@ -8,7 +8,7 @@ module "kms" { } locals { - kms_key_arn = module.kms.key.arn + kms_key_arn = var.create_kms ? module.kms.0.key.arn : var.kms_key_arn use_external_bucket = var.bucket_name != "" use_internal_queue = local.use_external_bucket || var.use_internal_queue } @@ -56,8 +56,8 @@ locals { } module "database" { - source = "./modules/database" - + source = "./modules/database" + count = var.create_database ? 1 : 0 namespace = var.namespace kms_key_arn = local.kms_key_arn performance_insights_kms_key_arn = var.database_performance_insights_kms_key_arn @@ -111,8 +111,8 @@ locals { module "app_eks" { source = "./modules/app_eks" - - fqdn = local.domain_filter + count = var.create_eks ? 1 : 0 + fqdn = local.domain_filter namespace = var.namespace kms_key_arn = local.kms_key_arn @@ -130,8 +130,8 @@ module "app_eks" { network_id = local.network_id network_private_subnets = local.network_private_subnets - lb_security_group_inbound_id = module.app_lb.security_group_inbound_id - database_security_group_id = module.database.security_group_id + lb_security_group_inbound_id = var.create_eks ? module.app_lb.0.security_group_inbound_id : null + database_security_group_id = var.create_database ? module.database.0.security_group_id : var.database_env.security_group_id create_elasticache_security_group = var.create_elasticache elasticache_security_group_id = var.create_elasticache ? module.redis.0.security_group_id : null @@ -156,8 +156,8 @@ locals { } module "app_lb" { - source = "./modules/app_lb" - + source = "./modules/app_lb" + count = var.create_eks ? 1 : 0 namespace = var.namespace load_balancing_scheme = var.public_access ? "PUBLIC" : "PRIVATE" acm_certificate_arn = local.acm_certificate_arn @@ -191,9 +191,9 @@ module "private_link" { } resource "aws_autoscaling_attachment" "autoscaling_attachment" { - for_each = module.app_eks.autoscaling_group_names + for_each = var.create_eks ? module.app_eks.0.autoscaling_group_names : {} autoscaling_group_name = each.value - lb_target_group_arn = module.app_lb.tg_app_arn + lb_target_group_arn = var.create_eks ? module.app_lb.0.tg_app_arn : null } locals { @@ -250,16 +250,16 @@ module "wandb" { } mysql = { - host = module.database.endpoint - password = module.database.password - user = module.database.username - database = module.database.database_name - port = module.database.port + host = var.create_database ? module.database.0.endpoint : var.database_env.endpoint + password = var.create_database ? module.database.0.password : var.database_env.password + user = var.create_database ? module.database.0.username : var.database_env.username + database = var.create_database ? module.database.0.database_name : var.database_env.database_name + port = var.create_database ? module.database.0.port : var.database_env.port } redis = { - host = module.redis.0.host - port = "${module.redis.0.port}?tls=true&ttlInSeconds=604800" + host = var.create_elasticache ? module.redis.0.host : var.redis_host + port = var.create_elasticache ? "${module.redis.0.port}?tls=true&ttlInSeconds=604800" : "${var.redis_port}?tls=true&ttlInSeconds=604800" } } @@ -307,7 +307,7 @@ module "wandb" { persistence = { provider = "efs" efs = { - fileSystemId = module.app_eks.efs_id + fileSystemId = var.create_eks ? module.app_eks.0.efs_id : var.efs_id } } extraEnv = var.weave_wandb_env diff --git a/outputs.tf b/outputs.tf index ed5227032..dd5d8f053 100644 --- a/outputs.tf +++ b/outputs.tf @@ -8,23 +8,23 @@ output "bucket_region" { value = data.aws_s3_bucket.file_storage.region } output "cluster_id" { - value = module.app_eks.cluster_id + value = var.create_eks ? module.app_eks.0.cluster_id : null } output "cluster_node_role" { - value = module.app_eks.node_role + value = var.create_eks ? module.app_eks.0.node_role : null } output "database_connection_string" { - value = module.database.connection_string + value = var.create_database ? module.database.0.connection_string : var.database_env.connection_string } output "database_username" { - value = module.database.username + value = var.create_database ? module.database.0.username : var.database_env.username } output "database_password" { sensitive = true - value = module.database.password + value = var.create_database ? module.database.0.password : var.database_env.password } output "database_instance_type" { diff --git a/variables.tf b/variables.tf index 067fd9f58..7b924afc1 100644 --- a/variables.tf +++ b/variables.tf @@ -27,6 +27,10 @@ variable "size" { ########################################## # Database # ########################################## +variable "create_database" { + type = bool + default = true +} variable "database_engine_version" { description = "Version for MySQL Auora" type = string @@ -82,6 +86,36 @@ variable "database_performance_insights_kms_key_arn" { type = string } +variable "create_kms" { + default = true + type = bool +} + +variable "kms_key_arn" { + default = "" + type = string +} + +variable "database_env" { + type = object({ + port = string + database_name = string + username = string + password = string + connection_string = string + security_group_id = string + endpoint = string + }) + default = { + port = null + database_name = null + username = null + password = null + connection_string = null + security_group_id = null + endpoint = null + } +} ########################################## # DNS # @@ -270,6 +304,11 @@ variable "private_link_allowed_account_ids" { ########################################## # EKS Cluster # ########################################## +variable "create_eks" { + type = bool + default = true +} + variable "eks_cluster_version" { description = "EKS cluster kubernetes version" nullable = false @@ -374,6 +413,11 @@ variable "aws_loadbalancer_controller_tags" { default = {} } +variable "efs_id" { + type = string + default = "" +} + ########################################## # External Bucket # ########################################## @@ -410,6 +454,15 @@ variable "elasticache_node_type" { default = "cache.t2.medium" } +variable "redis_host" { + type = string + default = "" +} + +variable "redis_port" { + type = string + default = "" +} # ########################################## # # Weights & Biases # # ##########################################