We value your privacy
| Components | |
|---|---|
| AWS ECR | |
| AWS Kubernetes Cluster | |
| AWS VPC Setup | |
| Kubernetes ESO for AWS SM | |
| DNS Management |
Route 53
|
| Infrastructure CI/CD pipeline |
Drone CI
|
| Ingress Controller |
Nginx
|
| Autoscaling | KEDA |
| CI/CD Runner |
Gitlab CI Runner
|
| Caching | ElastiCache |
| Monitoring | Prometheus/Grafana/Loki |
| Object Storage | S3 Buckets |
| Queue Manager | SQS |
| SQL Database | RDS |
| Helm Chart | |
| Setup by Corewide team | |
| Post-implementation training | |
| 2-week warranty support | |
| Documentation |
Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:
shellterraform login solutions.corewide.com
Download Infrasnap archive from My Library page, unpack it to a new directory and initialize a new project there:
shellcd infrasnap/
git init
git add .
Follow the instructions in README.md:
terraform.tfvars, or using environment variables)
infrasnap.yml parameters based on the reference belowbackend.tf
Initialize the setup, create the environment you configured in infrasnap.yml and
provision
the infrastructure:
shellterraform init
terraform workspace new <environment_name>
terraform workspace select <environment_name>
terraform apply
| Variable | Description | Type | Default | Required | Sensitive |
|---|---|---|---|---|---|
project_name |
Project name to use for resource naming | string |
yes | no | |
aws_access_key_id |
ID of the access key to make programmatic calls to AWS (can be set as AWS_ACCESS_KEY_ID) | string |
no | no | |
aws_secret_access_key |
Secret access key to make programmatic calls to AWS (can be set as AWS_SECRET_ACCESS_KEY) | string |
no | yes | |
config |
InfraSnap configuration data | any |
{} |
no | no |
config_file |
Path to a YAML file with InfraSnap configuration data | string |
./infrasnap.yml |
no | no |
| Variable | Description | Type | Default |
|---|---|---|---|
region |
AWS region to place the resources into | string |
us-east-1 |
vpc_cidr |
CIDR block for VPC of this environment | string |
10.20.0.0/16 |
container_registry_workspace |
Environment where container registry must be created. Leave blank to not create at all | string |
development |
container_registry_repo_max_images |
Number of images stored before cleanup starts | number |
50 |
container_registry_repo_names |
List of container repositories to create | list |
|
k8s_version |
Kubernetes engine version to deploy the cluster with | string |
1.30 |
k8s_node_pools |
List of Kubernetes node pool definitions | list |
|
k8s_node_pools[*].name |
Name of the node pool to create | string |
main |
k8s_node_pools[*].node_size |
Machine type to use for all nodes in this node pool | string |
t3.medium |
k8s_node_pools[*].spot |
Whether to use Spot instances for this node pool | bool |
false |
k8s_node_pools[*].max_size |
Maximum number of nodes in the node pool (for autoscaling) | number |
3 |
k8s_admin_users |
List of IAM user names that are given Kubernetes admin permission | list |
|
k8s_admin_roles |
List of IAM role names that are given Kubernetes admin permissions | list |
|
k8s_admin_sso_roles |
Names of SSO roles that are given Kubernetes admin permissions | list |
|
dns_zone_create |
Whether to create DNS zone or use the existing one | bool |
false |
dns_zone |
DNS zone in which to create records, disable to reuse the same zone from another workspace | string |
example.com |
dns_records_k8s |
A list of subdomains that must point at Ingress LoadBalancer | list |
|
dns_records |
List of extra records that do not point at Ingress LoadBalancer. See module_docs for complete reference. Note: when adding CNAME record in the same dns_zone, supply full dns record value e.g. "value.dns_zone". | map |
|
dns_records.test |
Record name | map |
|
dns_records.test.type |
Record type | string |
CNAME |
dns_records.test.value |
Record value data | list |
['test.example.com'] |
dns_records.test.ttl |
Record time-to-leave | number |
31 |
cert_manager_email |
E-mail that Let's Encrypt cluster issuer will use to request certificates | string |
[email protected] |
keda |
Parameters for KEDA deployment | map |
|
keda.prometheus |
KEDA Prometheus integration configuration parameters | map |
|
keda.prometheus.create_service_monitor |
Indicates if a ServiceMonitor should be created for Prometheus monitoring | bool |
true |
cache_redis_version |
Redis engine version | string |
6.2 |
cache_redis_machine_size |
ElastiCache instance class | string |
t4g.micro |
cache_redis_node_count |
Number of nodes (primary and replicas) this replication group will have | number |
1 |
buckets |
Buckets definitions to create | map |
|
buckets.my-bucket |
Bucket name | map |
|
buckets.my-bucket.access_mode |
S3 bucket access mode. Allowed values: private, public-read | string |
private |
buckets.my-bucket.versioning |
Enable versioning for the bucket | bool |
false |
sql_database_engine |
RDS instance engine | string |
postgres |
sql_database_engine_version |
RDS instance engine version | string |
16.6 |
sql_database_machine_size |
RDS instance class | string |
db.t4g.micro |
sql_database_name |
Database name to create in the RDS instance (must begin with a letter and contain only alphanumeric characters) | string |
|
sql_database_deletion_protection_enabled |
Enables deletion protection of the primary RDS instance | bool |
true |
| Output | Description | Type | Sensitive |
|---|---|---|---|
app_namespace |
Kubernetes namespace to deploy the application to | attribute |
no |
application_secret |
Name of AWS Secrets Manager secret for sensitive data of the application. Insert values there manually | attribute |
no |
cluster_connection_cli |
CLI command to connect to the cluster | computed |
no |
container_registries |
ECR repositories to push container images to | computed |
no |
name_servers |
Name servers of DNS zone managed in this workspace | attribute |
no |
keda_namespace |
The namespace where KEDA is installed | attribute |
no |
keda_service_account_name |
The name of the ServiceAccount used by KEDA | attribute |
no |
elasticache_connection_secret_name |
Name of AWS Secrets Manager secret with Elasticache connection parameters | attribute |
no |
bucket_names |
List of bucket names | list(attribute) |
no |
rds_connection_secret_name |
Name of AWS Secrets Manager secret with RDS connection parameters | attribute |
no |