mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
8e4feb7e2a
* add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
89 lines
2.4 KiB
HCL
89 lines
2.4 KiB
HCL
variable "name" {
|
|
type = string
|
|
description = "Name of the Constellation cluster."
|
|
}
|
|
|
|
variable "image" {
|
|
type = string
|
|
description = "Node image reference or semantical release version."
|
|
}
|
|
|
|
variable "microservice_version" {
|
|
type = string
|
|
description = "Microservice version. When not set, the latest default version will be used."
|
|
default = ""
|
|
}
|
|
|
|
variable "kubernetes_version" {
|
|
type = string
|
|
description = "Kubernetes version. When not set, the latest default version will be used."
|
|
default = ""
|
|
}
|
|
|
|
variable "debug" {
|
|
type = bool
|
|
default = false
|
|
description = "DON'T USE IN PRODUCTION: Enable debug mode and allow the use of debug images."
|
|
}
|
|
|
|
variable "custom_endpoint" {
|
|
type = string
|
|
default = ""
|
|
description = "Custom endpoint (DNS Name) to use for the Constellation API server. If not set, the default endpoint will be used."
|
|
}
|
|
|
|
variable "internal_load_balancer" {
|
|
type = bool
|
|
default = false
|
|
description = "Use an internal load balancer."
|
|
}
|
|
|
|
variable "node_groups" {
|
|
type = map(object({
|
|
role = string
|
|
initial_count = optional(number)
|
|
instance_type = string
|
|
disk_size = number
|
|
disk_type = string
|
|
zones = optional(list(string))
|
|
}))
|
|
description = "A map of node group names to node group configurations."
|
|
validation {
|
|
condition = can([for group in var.node_groups : group.role == "control-plane" || group.role == "worker"])
|
|
error_message = "The role has to be 'control-plane' or 'worker'."
|
|
}
|
|
}
|
|
|
|
variable "service_principal_name" {
|
|
type = string
|
|
description = "Name of the service principal used to create the cluster."
|
|
}
|
|
|
|
variable "resource_group_name" {
|
|
type = string
|
|
description = "Name of the resource group the cluster's resources are created in."
|
|
}
|
|
|
|
variable "location" {
|
|
type = string
|
|
description = "Azure datacenter region the cluster will be deployed in."
|
|
}
|
|
|
|
variable "deploy_csi_driver" {
|
|
type = bool
|
|
default = true
|
|
description = "Deploy the Azure Disk CSI driver with on-node encryption into the cluster."
|
|
}
|
|
|
|
variable "secure_boot" {
|
|
type = bool
|
|
default = false
|
|
description = "Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob."
|
|
}
|
|
|
|
variable "create_maa" {
|
|
type = bool
|
|
default = true
|
|
description = "Create an MAA for attestation."
|
|
}
|