-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathvariables.tf
226 lines (201 loc) · 6.46 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
#
# Required variables
#
variable "name" {
description = "Identifier for module resources"
type = string
default = "sysdig-fargate-orchestrator"
}
variable "vpc_id" {
description = "ID of the VPC where the orchestrator should be installed"
type = string
}
variable "access_key" {
description = "Sysdig Access Key, as either clear text or SecretsManager-backed secret reference"
type = string
sensitive = true
validation {
# Expected pattern "arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]"
condition = (startswith(var.access_key, "arn:aws:secretsmanager:")
? (can(regex("arn:aws:secretsmanager:[^:]+:[^:]+:secret:[^:]+(:[^:]*:[^:]*:[^:]*)?", var.access_key)) ? true : false)
: true
)
error_message = "The string did not match the expected pattern 'arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]'"
}
}
locals {
do_fetch_secret_access_key = startswith(var.access_key, "arn:aws:secretsmanager:") ? true : false
do_fetch_secret_http_proxy_password = startswith(var.http_proxy_configuration.proxy_password, "arn:aws:secretsmanager:") ? true : false
enable_autoscaling = contains(["ECSServiceAverageCPUUtilization", "ECSServiceAverageMemoryUtilization"], var.autoscaling.target_metric) ? true : false
}
variable "subnets" {
description = "A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs."
type = list(string)
}
#
# Optional variables
#
variable "orchestrator_port" {
description = "Port for the workload agent to connect"
type = number
default = 6667
}
variable "agent_image" {
description = "Orchestrator agent image"
type = string
default = "quay.io/sysdig/orchestrator-agent:latest"
}
variable "collector_host" {
description = "Sysdig collector host"
type = string
default = "collector.sysdigcloud.com"
}
variable "collector_port" {
description = "Sysdig collector port"
type = string
default = "6443"
}
variable "agent_tags" {
description = "Comma separated list of tags for this agent"
type = string
default = ""
}
variable "check_collector_certificate" {
description = "Whether to check the collector certificate when connecting. Mainly for development."
type = string
default = "true"
}
variable "assign_public_ip" {
description = "Provisions a public IP for the service. Required when using an Internet Gateway for egress."
type = bool
default = false
}
variable "tags" {
description = "Extra tags for all Sysdig Fargate Orchestrator resources"
type = map(string)
default = {}
}
variable "default_tags" {
description = "Default tags for all Sysdig Fargate Orchestrator resources"
type = map(string)
default = {
Application = "sysdig"
Module = "fargate-orchestrator-agent"
}
}
variable "lb_name" {
description = "Load Balancer name. Leave blank for an auto-generated name"
type = string
default = ""
}
variable "collector_ca_certificate" {
description = "Uploads the collector custom CA certificate to the orchestrator"
type = object({
type = string
value = string
path = string
})
default = ({
type = "base64"
value = ""
path = "/ssl/collector_cert.pem"
})
}
variable "collector_configuration" {
description = "Advanced configuration options for the connection to the collector"
type = object({
ca_certificate = string
})
default = ({
ca_certificate = "" # /ssl/collector_cert.pem
})
}
variable "http_proxy_ca_certificate" {
description = "Uploads the HTTP proxy CA certificate to the orchestrator"
type = object({
type = string
value = string
path = string
})
default = ({
type = "base64"
value = ""
path = "/ssl/proxy_cert.pem"
})
}
variable "http_proxy_configuration" {
description = "Advanced configuration options for the connection to the HTTP proxy"
type = object({
proxy_host = string
proxy_port = string
proxy_user = string
proxy_password = string
ssl = string
ssl_verify_certificate = string
ca_certificate = string
})
default = ({
proxy_host = ""
proxy_port = ""
proxy_user = ""
proxy_password = ""
ssl = ""
ssl_verify_certificate = ""
ca_certificate = "" # /ssl/proxy_cert.pem
})
}
variable "autoscaling" {
description = "Enables TargetTracking Autoscaling"
type = object({
target_metric = string
target_value = string
max_capacity = string
scale_in_cooldown = string
scale_out_cooldown = string
})
default = ({
target_metric = ""
target_value = ""
max_capacity = ""
scale_in_cooldown = ""
scale_out_cooldown = ""
})
}
variable "agent_log_level" {
description = "Orchestrator Agent log level. Can be one of: 'fatal', 'critical', 'error', 'warning', 'notice', 'info', 'debug', 'trace'"
type = string
default = "info"
}
variable "agent_extra_conf" {
description = "Orchestrator Agent extra configuration in YAML format"
type = string
default = ""
}
variable "cpu" {
description = "ECS Task CPU allocation. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for acceptable values"
type = string
default = "2048"
}
variable "memory" {
description = "ECS Task memory allocation. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html for acceptable values"
type = string
default = "8192"
}
variable "log_retention_days" {
description = "Cloudwatch log group retention in days. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#retention_in_days for acceptable values"
type = string
default = "0"
}
variable "runtime_platform" {
description = "The runtime platform configuration"
type = object({
cpu_architecture = string
})
default = ({
cpu_architecture = "X86_64"
})
validation {
condition = contains(["ARM64", "X86_64"], var.runtime_platform.cpu_architecture)
error_message = "The runtime_platform.cpu_architecture must be either 'ARM64' or 'X86_64'"
}
}