Terraform module that deploys cloud-platform's open policy agent. It includes all required policies and kubernetes resources in order to get up and running open policy agent in any eks cluster
module "opa" {
source = "github.com/ministryofjustice/cloud-platform-terraform-opa?ref=0.0.1"
}
Name | Version |
---|---|
terraform | >= 0.14 |
Name | Version |
---|---|
helm | n/a |
kubernetes | n/a |
null | n/a |
No modules.
Name | Type |
---|---|
helm_release.open_policy_agent | resource |
kubernetes_config_map.external_dns_policies | resource |
kubernetes_config_map.policies_opa | resource |
kubernetes_config_map.valid_host | resource |
kubernetes_limit_range.opa | resource |
kubernetes_namespace.opa | resource |
kubernetes_resource_quota.namespace_quota | resource |
null_resource.kube_system_ns_label | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cluster_color | Cluster color (blue/green). This variable is effective only when enable_external_dns_weight is set | string |
"blue" |
no |
cluster_domain_name | The cluster domain used for externalDNS annotations and certmanager | any |
n/a | yes |
enable_external_dns_weight | Enable OPA policy to deny ingress creation with out external_dns annotation | bool |
false |
no |
enable_invalid_hostname_policy | Enable whether to have the OPA policy of invalid hostname enabled | bool |
false |
no |
integration_test_zone | Integration test zone, for test clusters to use it for valid ingress policy | string |
"" |
no |
Name | Description |
---|---|
helm_opa_status | n/a |