- Clone this repository
- Define tfvars file - use example.*.tftest.hcl files as a reference for example values
- Execute terrform (init, apply)
An example workflow (GitHub Workflow and Azure DevOps Pipeline examples) can be found in the examples directory as well as an example tfvars file.
The terraform-docs
utility is used to generate this README. Follow the below steps to update:
- Make changes to the
.terraform-docs.yml
file - Fetch the
terraform-docs
binary (https://terraform-docs.io/user-guide/installation/) - Run
terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .
Name | Description | Type | Default | Required |
---|---|---|---|---|
aks_api_server_authorized_ip_ranges | The list of authorized IP ranges to contact the Wayfinder Management AKS Cluster API server. | list(string) |
[ |
no |
aks_rbac_aad_admin_groups | Map of Azure AD Groups and their Object IDs that will be set as cluster admin. | map(string) |
n/a | yes |
aks_vnet_subnet_id | The ID of the subnet in which to deploy the Kubernetes Cluster. | string |
null |
no |
ca_org_name | The organisation name to use for the CA. Required if using keyvault cluster issuer. | string |
null |
no |
cert_manager_keyvault_cert_name | Keyvault certificate name to use for cert-manager. | string |
null |
no |
cert_manager_keyvault_name | Keyvault name to use for cert-manager. | string |
null |
no |
clusterissuer | Cluster Issuer name to use for certs | string |
"letsencrypt-prod" |
no |
clusterissuer_email | The email address to use for the cert-manager cluster issuer. | string |
n/a | yes |
create_localadmin_user | Whether to create a localadmin user for access to the Wayfinder Portal and API. | bool |
false |
no |
disable_internet_access | Whether to disable internet access for AKS and the Wayfinder ingress controller. | bool |
false |
no |
disable_local_login | Whether to disable local login for Wayfinder. Note: An IDP must be configured within Wayfinder, otherwise you will not be able to log in. | bool |
false |
no |
dns_provider | DNS provider for External DNS | string |
"azure" |
no |
dns_resource_group_name | The name of the resource group where the DNS Zone exists. | string |
n/a | yes |
dns_zone_name | The name of the DNS zone to use for wayfinder. | string |
n/a | yes |
enable_k8s_resources | Whether to enable the creation of Kubernetes resources for Wayfinder (helm and kubectl manifest deployments). | bool |
true |
no |
environment | The environment in which the resources are deployed. | string |
"production" |
no |
location | The Azure region in which to create the resources. | string |
"uksouth" |
no |
private_dns_zone_id | Private DNS zone to use for private clusters | string |
null |
no |
resource_group_name | The name of the resource group in which to create the AKS cluster. | string |
n/a | yes |
tags | A mapping of tags to assign to the resource. | map(string) |
{} |
no |
user_assigned_identity | MSI id for AKS to run as | string |
null |
no |
venafi_apikey | Venafi API key - required if using Venafi cluster issuer | string |
"" |
no |
venafi_zone | Venafi zone - required if using Venafi cluster issuer | string |
"" |
no |
wayfinder_idp_details | The IDP details to use for Wayfinder to enable SSO. | object({ |
{ |
no |
wayfinder_instance_id | The instance ID to use for Wayfinder. | string |
n/a | yes |
wayfinder_licence_key | The licence key to use for Wayfinder. | string |
n/a | yes |
Name | Description |
---|---|
cluster_name | The name of the Wayfinder AKS cluster |
wayfinder_api_url | The URL for the Wayfinder API |
wayfinder_instance_id | The unique identifier for the Wayfinder instance |
wayfinder_ui_url | The URL for the Wayfinder UI |