Bring the platform online
Assumption:
-
All infra state should output:
- control_plane_role_name: the vault role name that should be associated with control plane nodes
- worker_plane_role_name: the vault role name that should be associated with worker plane nodes
-
GCP infra state should output:
- control_plane_service_accounts: the list of service accounts associated with control plane nodes
- worker_plane_service_accounts: the list of service accounts associated with worker plane nodes
- project_id: the project id where the infra is running
-
AWS infra state should output:
- control_plane_iam_role_arns: the IAM role arns of control plane nodes
- worker_plane_iam_role_arns: the IAM role arns of worker plane nodes
- region: the AWS region where the infra is running
- vpc_id: the name of the vpc where the infra is running
-
OCI infra state should output:
- home_tenancy_id
- role_name
- dynamic_group_ocid
-
AZURE infra state should output:
- tenant_id: Azure AD tenant id
- subscription_id: Azure subscription id
- resource_group_name: resource group of the instances
- vault_resource_name: AD resource used for generating tokens, e.g. https://management.azure.com
- control_plane_service_principal_ids: list of service principal ids for control plane instances
- worker_plane_service_principal_ids: list of service principal ids for worker plane instances
- vault_client_id: the AD application id for Vault Azure dynamic secret
- vault_client_secret: the AD application secret for Vault Azure dynamic secret
| Name | Version |
|---|---|
| terraform | ~> 0.15.4 |
| Name | Version |
|---|---|
| terraform | n/a |
| vault | 2.20.0 |
| Name | Source | Version |
|---|---|---|
| authenticate | git::https://github.com/bitrockteam/caravan-vault//modules/vault-authentication | refs/tags/v0.3.16 |
| consul-backend | git::https://github.com/bitrockteam/caravan-vault//modules/vault-consul-config | refs/tags/v0.3.16 |
| nomad-policies | git::https://github.com/bitrockteam/caravan-nomad//modules/nomad-policies | refs/tags/v0.1.5 |
| secrets | git::https://github.com/bitrockteam/caravan-vault//modules/secrets | refs/tags/v0.3.16 |
| vault-policies | git::https://github.com/bitrockteam/caravan-vault//modules/default-policies | refs/tags/v0.3.16 |
| Name | Type |
|---|---|
| vault_policy.vault_policy | resource |
| terraform_remote_state.bootstrap | data source |
| vault_generic_secret.consul_bootstrap_token | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| approle_role_name | n/a | string |
"" |
no |
| approle_token_policies | APPROLE auth | list(string) |
[] |
no |
| auth_providers | Enable auth providers: aws, gcp, gsuite, oci, approle | list(string) |
[] |
no |
| aws_cluster_node_iam_role_arns | AWS auth provider | list(string) |
[] |
no |
| aws_profile | n/a | string |
null |
no |
| aws_region | n/a | string |
"" |
no |
| aws_shared_credentials_file | n/a | string |
null |
no |
| aws_vpc_id | n/a | string |
"" |
no |
| aws_worker_node_iam_role_arns | n/a | list(string) |
[] |
no |
| azure_bootstrap_client_id | n/a | string |
"" |
no |
| azure_bootstrap_client_secret | n/a | string |
"" |
no |
| azure_bootstrap_resource_group_name | n/a | string |
"" |
no |
| azure_bootstrap_storage_account_name | n/a | string |
"" |
no |
| azure_bootstrap_subscription_id | n/a | string |
"" |
no |
| azure_bootstrap_tenant_id | n/a | string |
"" |
no |
| azure_control_plane_service_principal_ids | n/a | list(string) |
[] |
no |
| azure_csi | Azure | bool |
false |
no |
| azure_resource_groups | n/a | list(string) |
[] |
no |
| azure_subscription_ids | n/a | list(string) |
[] |
no |
| azure_tenant_id | n/a | string |
"" |
no |
| azure_vault_resource_name | n/a | string |
"" |
no |
| azure_worker_plane_service_principal_ids | n/a | list(string) |
[] |
no |
| bootstrap_state_backend_provider | Use an external state backend for inferencing configuration variables | string |
"" |
no |
| bootstrap_state_bucket_name_prefix | Common state config | string |
"states-bucket" |
no |
| bootstrap_state_object_name_prefix | n/a | string |
"infraboot/terraform/state" |
no |
| ca_cert_file | n/a | string |
null |
no |
| consul_endpoint | n/a | string |
null |
no |
| consul_insecure_https | n/a | bool |
false |
no |
| consul_internal_address | n/a | string |
"127.0.0.1:8500" |
no |
| control_plane_role_name | n/a | string |
"control-plane" |
no |
| custom_vault_policies_path | Extra | string |
null |
no |
| gcp_control_plane_service_accounts | n/a | list(string) |
[] |
no |
| gcp_csi | GCP auth provider | bool |
false |
no |
| gcp_project_id | GCP state config | string |
"" |
no |
| gcp_region | n/a | string |
"" |
no |
| gcp_worker_plane_service_accounts | n/a | list(string) |
[] |
no |
| google_account_file | Credentials | string |
null |
no |
| gsuite_allowed_redirect_uris | n/a | list(string) |
[] |
no |
| gsuite_authenticate | GSUITE auth provider | bool |
false |
no |
| gsuite_client_id | n/a | string |
null |
no |
| gsuite_client_secret | n/a | string |
null |
no |
| gsuite_default_role | n/a | string |
null |
no |
| gsuite_default_role_policies | n/a | list(string) |
[] |
no |
| gsuite_domain | n/a | string |
null |
no |
| nomad_endpoint | n/a | string |
null |
no |
| oci_dynamic_group_ocid | n/a | string |
"" |
no |
| oci_home_tenancy_id | OCI auth provider | string |
"" |
no |
| oci_role_name | n/a | string |
"" |
no |
| s3_bootstrap_access_key | S3 state config | string |
null |
no |
| s3_bootstrap_region | n/a | string |
null |
no |
| s3_bootstrap_secret_key | n/a | string |
null |
no |
| s3_bootstrap_state_endpoint | n/a | string |
null |
no |
| vault_endpoint | Common args | string |
null |
no |
| vault_skip_tls_verify | n/a | bool |
false |
no |
| worker_plane_role_name | n/a | string |
"worker-plane" |
no |
No outputs.