Skip to content

Latest commit

 

History

History
152 lines (137 loc) · 21 KB

README.md

File metadata and controls

152 lines (137 loc) · 21 KB

argoflow-aws Core Module

This folder contains the core code of the argoflow-aws-infrastructure repo. When embedding this repo as a submodule, point the Terraform module source to this folder rather than the root of the repo. The root of the repo contains a wrapper that allows for testing and validation of the module on Terraform Cloud.

For background info on this repo and its functionality at a higher level, see the repo readme.

To regenerate this section, delete everything under the horizontal divider below and run terraform-docs markdown ./ >> README.md in the folder root.

Requirements

Name Version
terraform >= 1.0.0
aws ~> 3.0

Providers

Name Version
aws 3.58.0
random 3.1.0

Modules

No modules.

Resources

Name Type
aws_db_instance.kubeflow_db resource
aws_db_subnet_group.kubeflow_db_subnet_group resource
aws_ec2_tag.private_subnet_cluster_tag resource
aws_ec2_tag.private_subnet_tag resource
aws_ec2_tag.public_subnet_cluster_tag resource
aws_ec2_tag.public_subnet_tag resource
aws_ec2_tag.vpc_tag resource
aws_elasticache_cluster.kubeflow_oidc_cache resource
aws_elasticache_subnet_group.kubeflow_oidc_cache_subnet_group resource
aws_iam_access_key.kubeflow_pipelines_user_credentials resource
aws_iam_policy.aws_load_balancer_controller_policy resource
aws_iam_policy.cert_manager_policy resource
aws_iam_policy.cluster_autoscaler_policy resource
aws_iam_policy.external_dns_policy resource
aws_iam_policy.external_secrets_argocd_policy resource
aws_iam_policy.external_secrets_auth_policy resource
aws_iam_policy.external_secrets_istio_policy resource
aws_iam_policy.external_secrets_kubeflow_policy resource
aws_iam_policy.external_secrets_mlflow_policy resource
aws_iam_policy.external_secrets_monitoring_policy resource
aws_iam_policy.external_secrets_policy resource
aws_iam_role.aws_load_balancer_controller_role resource
aws_iam_role.cert_manager_role resource
aws_iam_role.cluster_autoscaler_irsa_role resource
aws_iam_role.external_dns_role resource
aws_iam_role.external_secrets_argocd_role resource
aws_iam_role.external_secrets_auth_role resource
aws_iam_role.external_secrets_istio_role resource
aws_iam_role.external_secrets_kubeflow_role resource
aws_iam_role.external_secrets_mlflow_role resource
aws_iam_role.external_secrets_monitoring_role resource
aws_iam_role.external_secrets_role resource
aws_iam_role_policy_attachment.aws_load_balancer_controller_role_policy_attachment resource
aws_iam_role_policy_attachment.cert_manager_role_policy_attachment resource
aws_iam_role_policy_attachment.cluster_autoscaler_role_policy_attachment resource
aws_iam_role_policy_attachment.external_dns_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_argocd_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_auth_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_istio_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_kubeflow_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_mlflow_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_monitoring_role_policy_attachment resource
aws_iam_role_policy_attachment.external_secrets_role_policy_attachment resource
aws_iam_user.kubeflow_pipelines_user resource
aws_iam_user_policy.kubeflow_pipelines_user_policy resource
aws_kms_key.kubeflow_secrets_key resource
aws_route53_zone.argoflow_aws_subdomain resource
aws_s3_bucket.kubeflow_mlflow_s3_bucket resource
aws_s3_bucket.kubeflow_pipelines_s3_bucket resource
aws_s3_bucket_public_access_block.kubeflow_mlflow_s3_bucket_public_access_block resource
aws_s3_bucket_public_access_block.kubeflow_pipelines_s3_bucket_public_access_block resource
aws_secretsmanager_secret.kubeflow_secret resource
random_id.kubeflow_mlflow_s3_bucket_suffix resource
random_id.kubeflow_oidc_cookie_secret resource
random_id.kubeflow_pipelines_s3_bucket_suffix resource
random_id.secrets_suffix resource
aws_iam_policy_document.aws_load_balancer_controller_assume_role_policy_document data source
aws_iam_policy_document.cert_manager_irsa_assume_role_policy_document data source
aws_iam_policy_document.cluster_autoscaler_assume_role_policy_document data source
aws_iam_policy_document.cluster_autoscaler_infrastructure_access_policy_document data source
aws_iam_policy_document.external_dns_assume_role_policy_document data source
aws_iam_policy_document.external_dns_infrastructure_access_policy_document data source
aws_iam_policy_document.external_secrets_assume_role_policy_document data source
aws_iam_policy_document.external_secrets_infrastructure_access_policy_document data source
aws_iam_policy_document.s3_access_policy_document data source
aws_subnet.kubeflow_db_subnets data source

Inputs

Name Description Type Default Required
aws_eks_cluster_primary_security_group_id Corresponds to the cluster_primary_security_group_id output variable of the AWS EKS Terraform module string n/a yes
aws_load_balancer_controller_namespace The Kubernetes Namespace containing the aws-load-balancer-controller KSA (Kubernetes Service Account) string "kube-system" no
aws_load_balancer_controller_service_account_name The name of the aws-load-balancer-controller KSA (Kubernetes Service Account) string "aws-load-balancer-controller" no
aws_region The AWS region in which to build resources string n/a yes
aws_secretsmanager_account_id The AWS account ID that hosts Secrets Manager resources string n/a yes
aws_vpc_id The VPC ID where the argoflow-aws instance will be located string n/a yes
aws_vpc_private_subnets A list of the private VPC subnet IDs used by the Kubeflow EKS cluster list(string) n/a yes
aws_vpc_public_subnets A list of the public VPC subnet IDs used by the Kubeflow EKS cluster list(string) n/a yes
cluster_autoscaler_kubernetes_service_account_name The Kubernetes Service Account used by the cluster-autoscaler pod string "cluster-autoscaler" no
cluster_autoscaler_kubernetes_service_account_namespace The Kubernetes Namespace in which the cluster-autoscaler Service Account is located string "kube-system" no
eks_cluster_name The name of the EKS (Elastic Kubernetes Service) cluster. string n/a yes
external_secret_names The secrets that need to be created in AWS Secrets Manager list(string) 
[
  "argocd/https_username",
  "argocd/https_password",
  "auth/client_id",
  "auth/client_secret",
  "auth/cookie_secret",
  "istio-system/auth_ca_cert",
  "istio-system/auth_cert",
  "istio-system/auth_cert_pk",
  "istio-system/gateway_ca_cert",
  "istio-system/gateway_cert",
  "istio-system/gateway_cert_pk",
  "istio-system/monitoring_ca_cert",
  "istio-system/monitoring_cert",
  "istio-system/monitoring_cert_pk",
  "kubeflow/rds_username",
  "kubeflow/rds_password",
  "kubeflow/s3_accesskey",
  "kubeflow/s3_secretkey",
  "mlflow/rds_username",
  "mlflow/rds_password"
]
 no
kubeflow_cluster_oidc_provider_arn The OIDC provider ARN of the Kubeflow Kubernetes cluster string n/a yes
route53_subdomain The subdomain to create in Route53 for this argoflow-aws instance string n/a yes
stage The stage (environment) of the build - usually one of [test, dev, qa, prod] string n/a yes

Outputs

Name Description
kubeflow_aws_load_balancer_controller_iam_role_arn The ARN of the IAM role to be used by the AWS Load Balancer Controller
kubeflow_cert_manager_iam_role_arn The ARN of the IAM role to be used by the cert-manager application
kubeflow_cluster_autoscaler_iam_role_arn The ARN of the IAM role to be used by the Cluster Autoscaler
kubeflow_external_dns_iam_role_arn The ARN of the IAM role to be used by the external-dns application
kubeflow_external_secrets_argocd_iam_role_arn IAM role allowing the external-secrets application to administer ArgoCD secrets
kubeflow_external_secrets_auth_role_arn IAM role allowing the external-secrets application to administer auth secrets
kubeflow_external_secrets_iam_role_arn The ARN of the IAM role to be used by the external-secrets application
kubeflow_external_secrets_istio_role_arn IAM role allowing the external-secrets application to administer istio secrets
kubeflow_external_secrets_kubeflow_role_arn IAM role allowing the external-secrets application to administer kubeflow secrets
kubeflow_external_secrets_mlflow_role_arn IAM role allowing the external-secrets application to administer mlflow secrets
kubeflow_external_secrets_monitoring_role_arn IAM policy allowing the external-secrets application to administer monitoring secrets
kubeflow_mlflow_s3_bucket_name S3 bucket for MLFlow
kubeflow_oidc_cookie_secret The cookie secret to inject into argoflow-aws OIDC setup
kubeflow_pipelines_aws_iam_username The username of the AWS IAM user for Kubeflow Pipelines
kubeflow_pipelines_s3_bucket_name S3 bucket for Kubeflow Pipelines
kubeflow_pipelines_user_credentials_access_key_id The access key ID for the AWS IAM user with permissions to the Kubeflow Pipelines S3 bucket
kubeflow_pipelines_user_credentials_secret_access_key The secret access key for the AWS IAM user with permissions to the Kubeflow Pipelines S3 bucket
kubeflow_rds_host The hostname of the Kubeflow RDS instance
kubeflow_redis_oidc_cache_nodes The nodes of the Kubeflow redis cache to be used for OIDC
kubeflow_route53_zone_id The ID of the AWS Route 53 zone created for this Kubeflow instance
kubeflow_route53_zone_name The name of the AWS Route 53 zone created for this Kubeflow instance
kubeflow_route53_zone_nameservers The nameservers of the AWS Route 53 zone created for this Kubeflow instance
secretsmanager_secrets The AWS Secrets Manager secrets created for Kubeflow