Skip to content

Latest commit

 

History

History
107 lines (96 loc) · 16.2 KB

README.md

File metadata and controls

107 lines (96 loc) · 16.2 KB

Requirements

Name Version
terraform >= 1.3
aws ~> 5.14
kubernetes >= 2.16
random >= 3.4.3

Providers

Name Version
aws ~> 5.14
kubernetes >= 2.16
random >= 3.4.3

Modules

Name Source Version
ecr git@github.com:chanzuckerberg/cztack//aws-ecr-repo v0.59.0
iam_service_account ../happy-iam-service-account-eks n/a
ingress ../happy-ingress-eks n/a
ingress_exclude_external_dns ../happy-ingress-eks n/a
mesh-access-control ../happy-mesh-access-control n/a
nginx-ingress ../happy-nginx-ingress-eks n/a

Resources

Name Type
aws_lb_listener_rule.this resource
aws_lb_target_group.this resource
kubernetes_deployment_v1.deployment resource
kubernetes_horizontal_pod_autoscaler_v1.hpa resource
kubernetes_manifest.this resource
kubernetes_pod_disruption_budget_v1.pdb resource
kubernetes_service_v1.service resource
random_pet.this resource
aws_lb.this data source
aws_lb_listener.this data source
aws_region.current data source

Inputs

Name Description Type Default Required
additional_env_vars Additional environment variables to add to the task definition map(string) {} no
additional_env_vars_from_config_maps Additional environment variables to add to the container from the following config maps 
object({
    items : optional(list(string), []),
    prefix : optional(string, ""),
  })
 
{
  "items": [],
  "prefix": ""
}
 no
additional_env_vars_from_secrets Additional environment variables to add to the container from the following secrets 
object({
    items : optional(list(string), []),
    prefix : optional(string, ""),
  })
 
{
  "items": [],
  "prefix": ""
}
 no
additional_pod_labels Additional labels to add to the pods. map(string) {} no
additional_volumes_from_config_maps Additional volumes to add to the container from the following config maps 
object({
    items : optional(list(string), []),
  })
 
{
  "items": []
}
 no
additional_volumes_from_secrets Additional volumes to add to the container from the following secrets 
object({
    items : optional(list(string), []),
    base_dir : optional(string, "/var"),
  })
 
{
  "base_dir": "/var",
  "items": []
}
 no
app_name The happy application name string n/a yes
args Args to pass to the command list(string) [] no
aws_iam The AWS IAM service account or policy JSON to give to the pod. Only one of these should be set. 
object({
    service_account_name : optional(string, null),
    policy_json : optional(string, ""),
  })
 {} no
cache_volume_mount_dir Path to mount the shared cache volume to string "/var/shared/cache" no
certificate_arn ACM certificate ARN to attach to the load balancer listener string n/a yes
cloud_env Typically data.terraform_remote_state.cloud-env.outputs 
object({
    public_subnets : list(string),
    private_subnets : list(string),
    database_subnets : list(string),
    database_subnet_group : string,
    vpc_id : string,
    vpc_cidr_block : string,
  })
 n/a yes
cmd Command to run list(string) [] no
container_name The name of the container string n/a yes
cpu CPU shares (1cpu=1000m) per pod string "100m" no
cpu_requests CPU shares (1cpu=1000m) requested per pod string "10m" no
deployment_stage The name of the deployment stage of the Application string "dev" no
desired_count How many instances of this task should we run across our cluster? number 2 no
eks_cluster eks-cluster module output 
object({
    cluster_id : string,
    cluster_arn : string,
    cluster_endpoint : string,
    cluster_ca : string,
    cluster_oidc_issuer_url : string,
    cluster_version : string,
    worker_iam_role_name : string,
    worker_security_group : string,
    oidc_provider_arn : string,
  })
 n/a yes
emptydir_volumes define any emptyDir volumes to make available to the pod 
list(object({
    name : string,
    parameters : object({
      size_limit : optional(string, "500mi"),
    })
  }))
 [] no
gpu Number of GPUs per pod, 0 allocates all available GPUs number null no
gpu_requests Number of GPUs requested per pod, 0 allocates all available GPUs number null no
health_check_command Health check command to run for CLI services list(string) [] no
health_check_path path to use for health checks string "/" no
image_pull_policy The image pull policy to use string "IfNotPresent" no
image_tag The image tag to deploy string n/a yes
image_uri The image URI to deploy string "" no
ingress_security_groups A list of security groups that should be allowed to communicate with the ALB ingress. Currently only used when the service_type is VPC. list(string) [] no
init_containers Map of init containers to bootstrap the service 
map(object({
    image : string
    tag : string
    cmd : optional(list(string), [])
  }))
 {} no
initial_delay_seconds The initial delay in seconds for the liveness and readiness probes. number 30 no
k8s_namespace K8S namespace for this service string n/a yes
linkerd_additional_skip_ports Additional ports to skip protocol analysis on for outbound traffic. Defaults include [25, 587, 3306, 4444, 4567, 4568, 5432, 6379, 9300, 11211] set(number) [] no
liveness_timeout_seconds Timeout for liveness probe. number 30 no
max_count The maximum number of instances of this task that should be running across our cluster number 2 no
max_unavailable_count The maximum number or percentage of pods that can be unavailable during a rolling update. For example: 1 or 20% string "1" no
memory Memory in megabits per pod string "100Mi" no
memory_requests Memory requests per pod string "10Mi" no
period_seconds The period in seconds used for the liveness and readiness probes. number 3 no
platform_architecture The platform to deploy to (valid values: amd64, arm64). Defaults to amd64. string "amd64" no
progress_deadline_seconds The maximum time in seconds for a deployment to make progress before it is considered to be failed. Defaults to 600 seconds. number 600 no
readiness_timeout_seconds Readiness probe timeout seconds number 30 no
regional_wafv2_arn A WAF to protect the EKS Ingress if needed string null no
routing Routing configuration for the ingress 
object({
    method : optional(string, "DOMAIN")
    host_match : string
    additional_hostnames : optional(set(string), [])
    group_name : string
    alb : optional(object({
      name : string,
      listener_port : number,
    }), null)
    priority : number
    path : optional(string, "/*")
    service_name : string
    port : number
    service_port : number
    alb_idle_timeout : optional(number, 60) // in seconds
    service_scheme : optional(string, "HTTP")
    scheme : optional(string, "HTTP")
    success_codes : optional(string, "200-499")
    service_type : string
    service_mesh : bool
    allow_k6_operator : optional(bool, false)
    allow_mesh_services : optional(list(object({
      service : optional(string, null),
      stack : optional(string, null),
      service_account_name : optional(string, null),
    })), null)
    oidc_config : optional(object({
      issuer : string
      authorizationEndpoint : string
      tokenEndpoint : string
      userInfoEndpoint : string
      secretName : string
      }), {
      issuer                = ""
      authorizationEndpoint = ""
      tokenEndpoint         = ""
      userInfoEndpoint      = ""
      secretName            = ""
    })
    bypasses : optional(map(object({
      paths   = optional(set(string), [])
      methods = optional(set(string), [])
      deny_action = optional(object({
        deny              = optional(bool, false)
        deny_status_code  = optional(string, "403")
        deny_message_body = optional(string, "Denied")
      }), {})
    })))
    sticky_sessions = optional(object({
      enabled          = optional(bool, false),
      duration_seconds = optional(number, 600),
      cookie_name      = optional(string, "happy_sticky_session"),
      cookie_samesite  = optional(string, "Lax"),
    }), {})
  })
 n/a yes
scaling_cpu_threshold_percentage The CPU threshold percentage at which we should scale up number 80 no
scan_on_push Whether to enable image scan on push, disabled by default. bool false no
service_endpoints Service endpoints to be injected for service discovery map(string) {} no
sidecars Map of sidecar containers to be deployed alongside the service 
map(object({
    image : string
    tag : string
    cmd : optional(list(string), [])
    args : optional(list(string), [])
    port : optional(number, 80)
    scheme : optional(string, "HTTP")
    memory : optional(string, "100Mi")
    cpu : optional(string, "100m")
    image_pull_policy : optional(string, "IfNotPresent")
    health_check_path : optional(string, "/")
    initial_delay_seconds : optional(number, 30)
    period_seconds : optional(number, 3)
    liveness_timeout_seconds : optional(number, 30)
    readiness_timeout_seconds : optional(number, 30)
  }))
 {} no
stack_name Happy Path stack name string n/a yes
tag_mutability Whether to allow tag mutability or not. When set to true tags can be overwritten (default). When set to false tags are immutable. bool true no
tags Standard tags to attach to all happy services 
object({
    env : string,
    owner : string,
    project : string,
    service : string,
    managedBy : string,
  })
 
{
  "env": "ADDTAGS",
  "managedBy": "ADDTAGS",
  "owner": "ADDTAGS",
  "project": "ADDTAGS",
  "service": "ADDTAGS"
}
 no
wait_for_steady_state Whether Terraform should block until the service is in a steady state before exiting bool true no

Outputs

Name Description
ecr n/a