-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
309 lines (267 loc) · 8.2 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
variable "access_config" {
description = "Access configurations, i.e. IPs via which the VM instance can be accessed via the Internet."
type = list(object({
nat_ip = string
network_tier = string
}))
default = []
}
variable "allowed_admins" {
description = "Allowed to remote access to the instances, i.e some Users or serviceAccounts"
type = list(string)
}
variable "allowed_source_ranges" {
description = "Trusted ip ranges to access the instances"
type = list(string)
}
variable "cluster_description" {
description = "The description of the cluster"
type = string
}
variable "cluster_labels" {
description = "The labels of the cluster"
type = map(string)
default = {}
}
variable "cluster_name" {
description = "The name of the cluster"
type = string
}
variable "cluster_ports" {
description = "The port of the load balancer to listen"
type = list(string)
}
variable "cluster_size" {
description = "The size of the cluster"
type = string
}
variable "cluster_tags" {
description = "The tag of the cluster. All members of this cluster will inherits the same tags"
type = list(string)
}
variable "distribution_policy_zones" {
description = "The distribution policy, i.e. which zone(s) should instances be create in. Default is all zones in given region."
type = list(string)
default = []
}
variable "enable_confidential_vm" {
default = false
description = "Whether to enable the Confidential VM configuration on the instance. Note that the instance image must support Confidential VMs. See https://cloud.google.com/compute/docs/images"
}
variable "enable_shielded_vm" {
default = false
description = "Whether to enable the Shielded VM configuration on the instance. Note that the instance image must support Shielded VMs. See https://cloud.google.com/compute/docs/images"
}
variable "enabled_databases" {
description = "List of the databases that this pgbouncer instance will serves"
type = list(object({
name = string
username = string
host = string
port = number
pool_size = number
password_vault_secret_path = string
}))
default = []
}
variable "health_check" {
description = "Health check to determine whether instances are responsive and able to do work"
type = object({
type = string
check_interval_sec = number
healthy_threshold = number
timeout_sec = number
unhealthy_threshold = number
response = string
proxy_header = string
port = number
port_name = string
request = string
request_path = string
host = string
enable_log = bool
})
default = {
type = ""
check_interval_sec = 30
healthy_threshold = 1
timeout_sec = 10
unhealthy_threshold = 5
response = ""
proxy_header = "NONE"
port = 8000
port_name = "healthz"
request = ""
request_path = "/health"
host = ""
enable_log = false
}
}
variable "instance_disk_size" {
description = "The size of the boot disk"
type = string
}
variable "instance_disk_type" {
description = "The type of the boot disk"
type = string
default = "pd-ssd"
}
variable "machine_type" {
description = "The type of the instances"
type = string
default = "n1-standard-1"
}
variable "mig_timeouts" {
description = "Times for creation, deleting and updating the MIG resources. Can be helpful when using wait_for_instances to allow a longer VM startup time. "
type = object({
create = string
update = string
delete = string
})
default = {
create = "5m"
update = "5m"
delete = "15m"
}
}
variable "min_cpu_platform" {
description = "Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake. See the complete list: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform"
type = string
default = null
}
variable "named_ports" {
description = "Named name and named port. https://cloud.google.com/load-balancing/docs/backend-service#named_ports"
type = list(object({
name = string
port = number
}))
default = []
}
variable "network" {
description = "The network of the cluster"
type = string
default = "default"
}
variable "network_ip" {
description = "Private IP address to assign to the instance if desired."
default = ""
}
variable "project_id" {
description = "The id of the GCP project that this cluster belongs to. If not define then it will use the provider default"
type = string
default = null
}
variable "pgbouncer_config" {
description = "Parameters of the pgbpouncer"
type = object({
listen_port = number
listen_addr = string
max_client_conn = number
})
default = {
listen_port = 6432
listen_addr = "0.0.0.0"
max_client_conn = 4000
}
}
variable "random_role_id" {
type = bool
description = "Enables role random id generation."
default = true
}
variable "region" {
description = "The GCP region"
type = string
default = null
}
variable "service_account_email" {
type = string
description = "If set, the service account and its permissions will not be created. The service account being passed in should have at least the roles listed in the `service_account_roles` variable so that logging and OS Login work as expected."
default = ""
}
variable "service_account_roles" {
type = list(string)
description = "List of IAM roles to assign to the service account."
default = [
"roles/logging.logWriter",
"roles/monitoring.metricWriter",
"roles/monitoring.viewer",
"roles/compute.osLogin",
"roles/iam.serviceAccountTokenCreator"
]
}
variable "service_account_roles_supplemental" {
type = list(string)
description = "An additional list of roles to assign to the bastion if desired"
default = []
}
variable "shielded_instance_config" {
description = "Not used unless enable_shielded_vm is true. Shielded VM configuration for the instance."
type = object({
enable_secure_boot = bool
enable_vtpm = bool
enable_integrity_monitoring = bool
})
default = {
enable_secure_boot = true
enable_vtpm = true
enable_integrity_monitoring = true
}
}
variable "source_image" {
description = "The source image to use"
type = string
default = ""
}
variable "source_image_family" {
description = "The source image family to use"
type = string
default = "debian-9"
}
variable "source_image_project" {
description = "The GCP project of the source image"
type = string
default = "debian-cloud"
}
variable "source_tags" {
description = "The tags of the incoming traffic"
type = list(string)
default = []
}
variable "subnetwork" {
description = "The VPC that this cluster belongs to"
type = string
default = "default"
}
variable "target_pools" {
description = "The target pools"
type = list(string)
default = []
}
variable "update_policy" {
description = "The rolling update policy. https://www.terraform.io/docs/providers/google/r/compute_region_instance_group_manager.html#rolling_update_policy"
type = list(object({
max_surge_fixed = optional(number)
instance_redistribution_type = optional(string)
max_surge_percent = optional(number)
max_unavailable_fixed = optional(number)
max_unavailable_percent = optional(number)
min_ready_sec = optional(number)
minimal_action = string
type = string
}))
default = []
}
variable "vault_config" {
description = "Parameters to add into vault agent configuration"
type = object({
vault_server_address = string
vault_cluster_role = string
tls_skip_verify = string
})
default = {
vault_server_address = "http://127.0.0.1:8200"
vault_cluster_role = "default_gce_vault_role"
tls_skip_verify = "false"
}
}