From 975ed1be503da454924064bab1c1717768fb402c Mon Sep 17 00:00:00 2001 From: Keyvan Date: Wed, 4 Dec 2024 23:06:10 +0100 Subject: [PATCH] Added terraform-docs for better documentation --- .editorconfig | 12 ++++ .gitattributes | 1 + .terraform-docs.yml | 45 ++++++++++++++ Makefile | 15 +++++ README.md | 76 +++++++++++++++--------- cluster/README.md | 83 ++++++++++++++++++++++++++ config/README.md | 142 ++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 345 insertions(+), 29 deletions(-) create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .terraform-docs.yml create mode 100644 Makefile create mode 100644 cluster/README.md create mode 100644 config/README.md diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..36fafe0 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[{cluster/**,config/**}] +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true +indent_style = space +indent_size = 2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..176a458 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..b93ada1 --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,45 @@ +formatter: "" # this is required + +version: "" + +# header-from: DOCS.md +footer-from: "" + +recursive: + enabled: false + path: modules + +sections: + hide: [] + show: [] + +content: "" + +output: + file: "README.md" + mode: replace + template: |- + {{ .Content }} + +output-values: + enabled: false + from: "" + +sort: + enabled: true + by: name + +settings: + anchor: true + color: true + default: true + description: false + escape: true + hide-empty: true + html: true + indent: 2 + lockfile: true + read-comments: true + required: true + sensitive: true + type: true diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d652a2f --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ +prepare: + @echo === Cluster === + @echo Generate docs + @terraform-docs markdown table cluster + @echo Fixing the formatting + @cd cluster && terraform fmt + @echo Validating Terraform code + @cd cluster && terraform validate + @echo === Config === + @echo Generate docs + @terraform-docs markdown table config + @echo Fixing the formatting + @cd config && terraform fmt + @echo Validating Terraform code + @cd config && terraform validate diff --git a/README.md b/README.md index a15c646..15c9b0e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # RADAR-K8s-Infrastructure -This repository aims to provide [IaC](https://en.wikipedia.org/wiki/Infrastructure_as_code) templates for [RADAR-Kubernetes](https://github.com/RADAR-base/RADAR-Kubernetes) users who intend to deploy the platform to Kubernetes clusters supported by cloud providers such as [AWS](https://aws.amazon.com/eks/). + +This repository aims to provide [IaC](https://en.wikipedia.org/wiki/Infrastructure_as_code) templates for [RADAR-Kubernetes](https://github.com/RADAR-base/RADAR-Kubernetes) users who intend to deploy the platform to Kubernetes clusters supported by cloud providers such as [AWS](https://aws.amazon.com/eks/). --- @@ -7,16 +8,18 @@ This repository aims to provide [IaC](https://en.wikipedia.org/wiki/Infrastructu [![Terraform validate](https://github.com/phidatalab/RADAR-K8s-Infrastructure/actions/workflows/config.yaml/badge.svg)](https://github.com/phidatalab/RADAR-K8s-Infrastructure/actions/workflows/config.yaml/badge.svg) # Dependencies + [Terraform](https://developer.hashicorp.com/terraform/downloads) >= 1.7.0, < 1.8.0
[AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) >= 2.11 # Usage + It is recommended that you use RADAR-K8s-Infrastructure as a template and create your own IaC repository from it (starting with a private one probably). Make sure to customise enclosed templates to your needs before creating the desired infrastructure. use this template - ## Configure credentials + ``` export TF_VAR_AWS_REGION=$AWS_REGION export TF_VAR_AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID @@ -26,27 +29,32 @@ export TF_VAR_AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN ``` ## Workspaces + The definition of resources required for running RADAR-base components is located in the `cluster` directory, while other optional resources are defined in the `config` directory. Please treat each directory as a separate workspace and perform terraform operations individually. The `cluster` resources need to be created and made fully available before you proceed with the creation of the `config` ones. To retain the user-specific configurations for future infrastructure updates, modify `terraform.tfvars` within the workspace and push the change to your repository. If needed, additional variables defined in `variables.tf` can also be included there. -| :information_source: Important Notice | +| :information_source: Important Notice | |:----------------------------------------| |As a best practice, never save raw values of secret variables in your repository. Instead, always encrypt them before committing. If your cluster is no longer in use, run `terraform destory` to delete all the associated resources and reduce your cloud spending. If you have resources created within `config`, run `terraform destory` in that directory before running the counterpart in `cluster`.| ## Create the infrastructure + ``` cd cluster ``` + ``` # Initialise the working directory terraform init ``` + ``` -# Review the changes going to be made +# Review the changes going to be made terraform plan ``` + ``` # Create/update the infrastructure @@ -54,20 +62,21 @@ terraform apply --auto-approve ``` Created resources: -* VPC featuring both public and private subnets -* VPC endpoints for privately accessing AWS services -* Internet and NAT gateways -* EKS cluster with a default worker node group -* EKS coredns, kube-proxy, vpc-cni and aws-ebs-csi-driver addons -* EBS storage classes referenced by PVCs -* IRSAs for VPC CNI and EBS CSI controllers -* Initial EC2 instances launched with Spot capacity -* Default network ACLs and route tables -* KMS keys and CloudWatch log groups -* Essential IAM policies, roles, users and user groups for accessing aforementioned resources +- VPC featuring both public and private subnets +- VPC endpoints for privately accessing AWS services +- Internet and NAT gateways +- EKS cluster with a default worker node group +- EKS coredns, kube-proxy, vpc-cni and aws-ebs-csi-driver addons +- EBS storage classes referenced by PVCs +- IRSAs for VPC CNI and EBS CSI controllers +- Initial EC2 instances launched with Spot capacity +- Default network ACLs and route tables +- KMS keys and CloudWatch log groups +- Essential IAM policies, roles, users and user groups for accessing aforementioned resources ## Connect to and verify the cluster + ``` # Make sure to use --region if the cluster is deployed in non-default region and --profile if the cluster is deployed in a non-default AWS account aws eks update-kubeconfig --name [eks_cluster_name] @@ -76,12 +85,15 @@ kubectl get pods -A ``` Once the infrastructure update is finished successfully, you can start deploying RADAR-base components to the newly created cluster by following the [Installation Guide](https://github.com/RADAR-base/RADAR-Kubernetes#installation). Before running `helmfile sync`, you will find it necessary to configure certain resource values which are required by `production.yaml` but only known post to infrastructure creation. We have exported the values of those resources and you can get them by simply running: + ``` terraform output ``` + You could also automate this value injection by implementing your own templating strategy to customise `production.yaml` ## Configure the cluster (optional) + N.B.: To get external DNS, Cert Manager and SMTP working via Route 53 (if chosen as your DNS service), you need to configure your registered top-level domain and its corresponding hosted zone ID via variable `domain_name` in [config/terraform.tfvars](./config/terraform.tfvars). Additionally, set `enable_route53` to `true`. ``` @@ -94,19 +106,25 @@ terraform apply --auto-approve Optional resource creations are disabled by default. To enable the creation of a specific resource named `X`, navigate to [config/terraform.tfvars](./config/terraform.tfvars) and update the value of `enable_X` to `true` before applying the tempate. Created resources (if all enabled): -* EIP allocated for the load balancer created by Ingress-NGINX -* Karpenter provisioner, the node template and the SQS interruption queue -* Metrics Server along with the Kubernetes Dashboard and the read-only user -* MSK cluster featuring Kafka brokers and zookeepers -* RDS instance running managementportal, appserver and rest_sources_auth databases -* Route53 zone and records accompanied by IRSAs for external DNS and Cert Manager -* S3 buckets for intermediate-output-storage, output-storage and velero-backups -* SES SMTP endpoint -* CloudWatch event rules and targets -* Essential IAM policies, roles, users for aforementioned resources + +- EIP allocated for the load balancer created by Ingress-NGINX +- Karpenter provisioner, the node template and the SQS interruption queue +- Metrics Server along with the Kubernetes Dashboard and the read-only user +- MSK cluster featuring Kafka brokers and zookeepers +- RDS instance running managementportal, appserver and rest_sources_auth databases +- Route53 zone and records accompanied by IRSAs for external DNS and Cert Manager +- S3 buckets for intermediate-output-storage, output-storage and velero-backups +- SES SMTP endpoint +- CloudWatch event rules and targets +- Essential IAM policies, roles, users for aforementioned resources + +## Contributing + +Make sure to install [terraform-docs](https://github.com/terraform-docs/terraform-docs) and run `make prepare` before making a commit to make sure the documentation is up to date and the code is valid. ## Known limitations -* Since EBS has been chosen as the default storage, node groups will be created in a single AZ due to the mounting restriction. -* Sometimes Terraform tries to replace the existing MSK cluster while re-applying the templates even if there is no change on the cluster. Mitigate this with `terraform untaint aws_msk_cluster.msk_cluster`. -* Prior to `terraform destroy`, infrastructure resources created by pods/controllers and may not be visible to Terraform need to be deleted, e.g., nginx-ingress's NLB. A good practice is to always begin by running `helmfile destroy`. -* If Karpenter is used for node provisioning, ensure the nodes created by it are not lingering around before running `terraform destroy`. + +- Since EBS has been chosen as the default storage, node groups will be created in a single AZ due to the mounting restriction. +- Sometimes Terraform tries to replace the existing MSK cluster while re-applying the templates even if there is no change on the cluster. Mitigate this with `terraform untaint aws_msk_cluster.msk_cluster`. +- Prior to `terraform destroy`, infrastructure resources created by pods/controllers and may not be visible to Terraform need to be deleted, e.g., nginx-ingress's NLB. A good practice is to always begin by running `helmfile destroy`. +- If Karpenter is used for node provisioning, ensure the nodes created by it are not lingering around before running `terraform destroy`. diff --git a/cluster/README.md b/cluster/README.md new file mode 100644 index 0000000..f857cc6 --- /dev/null +++ b/cluster/README.md @@ -0,0 +1,83 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.7.0 | +| [aws](#requirement\_aws) | >= 5.0.0, < 6.0.0 | +| [kubectl](#requirement\_kubectl) | ~> 1.14.0 | +| [kubernetes](#requirement\_kubernetes) | ~> 2.24.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.80.0 | +| [kubectl](#provider\_kubectl) | 1.14.0 | +| [kubernetes](#provider\_kubernetes) | 2.24.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [allow\_assume\_eks\_admins\_iam\_policy](#module\_allow\_assume\_eks\_admins\_iam\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | 5.15.0 | +| [allow\_eks\_access\_iam\_policy](#module\_allow\_eks\_access\_iam\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | 5.15.0 | +| [ebs\_csi\_irsa](#module\_ebs\_csi\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 | +| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.13.1 | +| [eks\_admins\_iam\_role](#module\_eks\_admins\_iam\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | 5.15.0 | +| [iam\_user](#module\_iam\_user) | terraform-aws-modules/iam/aws//modules/iam-user | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [vpc\_cni\_irsa](#module\_vpc\_cni\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.ecr_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.ecr_pull_through_cache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy_attachment.eks_admins_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | +| [aws_security_group.vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group_rule.vpc_endpoint_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.vpc_endpoint_self_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_vpc_endpoint.ecr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | +| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | +| [aws_vpc_endpoint.sts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource | +| [aws_vpc_security_group_ingress_rule.vpc_endpoints_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource | +| [kubectl_manifest.ebs_storage_classes](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubernetes_annotations.set_defaut_storage_class](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations) | resource | +| [kubernetes_annotations.unset_eks_default_gp2](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [AWS\_ACCESS\_KEY\_ID](#input\_AWS\_ACCESS\_KEY\_ID) | AWS access key associated with an IAM account | `string` | n/a | yes | +| [AWS\_REGION](#input\_AWS\_REGION) | Target AWS region | `string` | `"eu-west-2"` | no | +| [AWS\_SECRET\_ACCESS\_KEY](#input\_AWS\_SECRET\_ACCESS\_KEY) | AWS secret key associated with the access key | `string` | n/a | yes | +| [AWS\_SESSION\_TOKEN](#input\_AWS\_SESSION\_TOKEN) | Session token for temporary security credentials from AWS STS | `string` | `""` | no | +| [common\_tags](#input\_common\_tags) | Common tags associated to resources created | `map(string)` | 
{
  "Environment": "dev",
  "Project": "radar-base"
}
| no | +| [create\_dmz\_node\_group](#input\_create\_dmz\_node\_group) | Whether or not to create a DMZ node group with taints | `bool` | `false` | no | +| [defaut\_storage\_class](#input\_defaut\_storage\_class) | Default storage class used for describing the EBS usage | `string` | `"radar-base-ebs-sc-gp2"` | no | +| [dmz\_node\_size](#input\_dmz\_node\_size) | Node size of the DMZ node group | `map(number)` | 
{
  "desired": 1,
  "max": 2,
  "min": 0
}
| no | +| [eks\_admins\_group\_users](#input\_eks\_admins\_group\_users) | EKS admin IAM user group | `list(string)` | `[]` | no | +| [eks\_cluster\_name](#input\_eks\_cluster\_name) | EKS cluster name | `string` | n/a | yes | +| [eks\_kubernetes\_version](#input\_eks\_kubernetes\_version) | Amazon EKS Kubernetes version | `string` | `"1.28"` | no | +| [environment](#input\_environment) | Environment name | `string` | `"dev"` | no | +| [instance\_capacity\_type](#input\_instance\_capacity\_type) | Capacity type used by EKS managed node groups | `string` | `"SPOT"` | no | +| [instance\_types](#input\_instance\_types) | List of instance types used by EKS managed node groups | `list(any)` | 
[
  "m5.large",
  "m5d.large",
  "m5a.large",
  "m5ad.large",
  "m4.large"
]
| no | +| [worker\_node\_size](#input\_worker\_node\_size) | Node size of the worker node group | `map(number)` | 
{
  "desired": 2,
  "max": 10,
  "min": 0
}
| no | + +## Outputs + +| Name | Description | +|------|-------------| +| [radar\_base\_ebs\_storage\_class\_gp2](#output\_radar\_base\_ebs\_storage\_class\_gp2) | n/a | +| [radar\_base\_ebs\_storage\_class\_gp3](#output\_radar\_base\_ebs\_storage\_class\_gp3) | n/a | +| [radar\_base\_ebs\_storage\_class\_io1](#output\_radar\_base\_ebs\_storage\_class\_io1) | n/a | +| [radar\_base\_ebs\_storage\_class\_io2](#output\_radar\_base\_ebs\_storage\_class\_io2) | n/a | +| [radar\_base\_eks\_cluser\_endpoint](#output\_radar\_base\_eks\_cluser\_endpoint) | n/a | +| [radar\_base\_eks\_cluser\_kms\_key\_arn](#output\_radar\_base\_eks\_cluser\_kms\_key\_arn) | n/a | +| [radar\_base\_eks\_cluster\_name](#output\_radar\_base\_eks\_cluster\_name) | n/a | +| [radar\_base\_eks\_dmz\_node\_group\_name](#output\_radar\_base\_eks\_dmz\_node\_group\_name) | n/a | +| [radar\_base\_eks\_worker\_node\_group\_name](#output\_radar\_base\_eks\_worker\_node\_group\_name) | n/a | +| [radar\_base\_vpc\_public\_subnets](#output\_radar\_base\_vpc\_public\_subnets) | n/a | \ No newline at end of file diff --git a/config/README.md b/config/README.md new file mode 100644 index 0000000..315492c --- /dev/null +++ b/config/README.md @@ -0,0 +1,142 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.7.0 | +| [aws](#requirement\_aws) | >= 5.0.0, < 6.0.0 | +| [helm](#requirement\_helm) | ~> 2.11.0 | +| [kubectl](#requirement\_kubectl) | ~> 1.14.0 | +| [kubernetes](#requirement\_kubernetes) | ~> 2.24.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.80.0 | +| [helm](#provider\_helm) | 2.11.0 | +| [kubectl](#provider\_kubectl) | 1.14.0 | +| [kubernetes](#provider\_kubernetes) | 2.24.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cert\_manager\_irsa](#module\_cert\_manager\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 | +| [external\_dns\_irsa](#module\_external\_dns\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.0 | +| [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 19.17.2 | + +## Resources + +| Name | Type | +|------|------| +| [aws_db_instance.radar_postgres](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource | +| [aws_db_subnet_group.rds_subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | +| [aws_eip.cluster_loadbalancer_eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | +| [aws_iam_access_key.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | +| [aws_iam_access_key.smtp_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | +| [aws_iam_policy.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.smtp_user_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.msk_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.msk_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_user.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | +| [aws_iam_user.smtp_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | +| [aws_iam_user_policy_attachment.s3_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource | +| [aws_iam_user_policy_attachment.smtp_user_policy_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource | +| [aws_msk_cluster.msk_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster) | resource | +| [aws_msk_configuration.msk_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_configuration) | resource | +| [aws_route53_record.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.smtp_dkim_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.smtp_mail_from_mx](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.smtp_mail_from_txt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [aws_route53_zone.primary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | +| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_security_group.msk_cluster_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group.rds_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_ses_domain_dkim.smtp_dkim](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_dkim) | resource | +| [aws_ses_domain_identity.smtp_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity) | resource | +| [aws_ses_domain_mail_from.smtp_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_mail_from) | resource | +| [helm_release.karpenter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.kubernetes_dashboard](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.metrics_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubectl_manifest.create_databases_if_not_exist](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.karpenter_node_template](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.karpenter_provisioner](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubernetes_cluster_role_binding_v1.dashboard_user](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource | +| [kubernetes_cluster_role_v1.read_only](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource | +| [kubernetes_namespace.kubernetes_dashboard](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_secret_v1.dashboard_user](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource | +| [kubernetes_service_account_v1.dashboard_user](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource | +| [aws_eks_cluster.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | +| [aws_eks_node_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_node_group) | data source | +| [aws_eks_node_groups.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_node_groups) | data source | +| [aws_security_group.node](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | +| [aws_security_group.vpc_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | +| [aws_subnets.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | +| [aws_subnets.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | +| [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [AWS\_ACCESS\_KEY\_ID](#input\_AWS\_ACCESS\_KEY\_ID) | AWS access key associated with an IAM account | `string` | n/a | yes | +| [AWS\_REGION](#input\_AWS\_REGION) | Target AWS region | `string` | `"eu-west-2"` | no | +| [AWS\_SECRET\_ACCESS\_KEY](#input\_AWS\_SECRET\_ACCESS\_KEY) | AWS secret key associated with the access key | `string` | n/a | yes | +| [AWS\_SESSION\_TOKEN](#input\_AWS\_SESSION\_TOKEN) | Session token for temporary security credentials from AWS STS | `string` | `""` | no | +| [common\_tags](#input\_common\_tags) | Common tags associated to resources created | `map(string)` | 
{
  "Environment": "dev",
  "Project": "radar-base"
}
| no | +| [domain\_name](#input\_domain\_name) | Pair of top level domain and hosted zone ID for deployed applications | `map(string)` | `{}` | no | +| [eks\_cluster\_name](#input\_eks\_cluster\_name) | EKS cluster name | `string` | n/a | yes | +| [enable\_eip](#input\_enable\_eip) | Do you need EIP? [true, false] | `bool` | n/a | yes | +| [enable\_karpenter](#input\_enable\_karpenter) | Do you need Karpenter? [true, false] | `bool` | n/a | yes | +| [enable\_metrics](#input\_enable\_metrics) | Do you need Metrics Server? [true, false] | `bool` | n/a | yes | +| [enable\_msk](#input\_enable\_msk) | Do you need MSK? [true, false] | `bool` | n/a | yes | +| [enable\_rds](#input\_enable\_rds) | Do you need RDS? [true, false] | `bool` | n/a | yes | +| [enable\_route53](#input\_enable\_route53) | Do you need Route53? [true, false] | `bool` | n/a | yes | +| [enable\_s3](#input\_enable\_s3) | Do you need S3? [true, false] | `bool` | n/a | yes | +| [enable\_ses](#input\_enable\_ses) | Do you need SES? [true, false] | `bool` | n/a | yes | +| [environment](#input\_environment) | Environment name | `string` | `"dev"` | no | +| [instance\_capacity\_type](#input\_instance\_capacity\_type) | Capacity type used by EKS managed node groups | `string` | `"SPOT"` | no | +| [kafka\_version](#input\_kafka\_version) | n/a | `string` | `"3.2.0"` | no | +| [karpenter\_version](#input\_karpenter\_version) | n/a | `string` | `"v0.29.0"` | no | +| [kubernetes\_dashboard\_version](#input\_kubernetes\_dashboard\_version) | n/a | `string` | `"7.3.2"` | no | +| [metrics\_server\_version](#input\_metrics\_server\_version) | n/a | `string` | `"3.12.1"` | no | +| [postgres\_version](#input\_postgres\_version) | n/a | `string` | `"13.14"` | no | +| [radar\_postgres\_password](#input\_radar\_postgres\_password) | Password for the PostgreSQL database used by Radar components | `string` | `"change_me"` | no | +| [with\_dmz\_pods](#input\_with\_dmz\_pods) | Whether or not to utilise the DMZ node group if it exists | `bool` | `false` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [radar\_base\_eip\_allocation\_id](#output\_radar\_base\_eip\_allocation\_id) | n/a | +| [radar\_base\_eip\_public\_dns](#output\_radar\_base\_eip\_public\_dns) | n/a | +| [radar\_base\_k8s\_dashboard\_user\_token](#output\_radar\_base\_k8s\_dashboard\_user\_token) | n/a | +| [radar\_base\_msk\_bootstrap\_brokers](#output\_radar\_base\_msk\_bootstrap\_brokers) | n/a | +| [radar\_base\_msk\_zookeeper\_connect](#output\_radar\_base\_msk\_zookeeper\_connect) | n/a | +| [radar\_base\_rds\_appserver\_host](#output\_radar\_base\_rds\_appserver\_host) | n/a | +| [radar\_base\_rds\_appserver\_password](#output\_radar\_base\_rds\_appserver\_password) | n/a | +| [radar\_base\_rds\_appserver\_port](#output\_radar\_base\_rds\_appserver\_port) | n/a | +| [radar\_base\_rds\_appserver\_username](#output\_radar\_base\_rds\_appserver\_username) | n/a | +| [radar\_base\_rds\_managementportal\_host](#output\_radar\_base\_rds\_managementportal\_host) | n/a | +| [radar\_base\_rds\_managementportal\_password](#output\_radar\_base\_rds\_managementportal\_password) | n/a | +| [radar\_base\_rds\_managementportal\_port](#output\_radar\_base\_rds\_managementportal\_port) | n/a | +| [radar\_base\_rds\_managementportal\_username](#output\_radar\_base\_rds\_managementportal\_username) | n/a | +| [radar\_base\_rds\_rest\_sources\_auth\_host](#output\_radar\_base\_rds\_rest\_sources\_auth\_host) | n/a | +| [radar\_base\_rds\_rest\_sources\_auth\_password](#output\_radar\_base\_rds\_rest\_sources\_auth\_password) | n/a | +| [radar\_base\_rds\_rest\_sources\_auth\_port](#output\_radar\_base\_rds\_rest\_sources\_auth\_port) | n/a | +| [radar\_base\_rds\_rest\_sources\_auth\_username](#output\_radar\_base\_rds\_rest\_sources\_auth\_username) | n/a | +| [radar\_base\_route53\_hosted\_zone\_id](#output\_radar\_base\_route53\_hosted\_zone\_id) | n/a | +| [radar\_base\_s3\_access\_key](#output\_radar\_base\_s3\_access\_key) | n/a | +| [radar\_base\_s3\_intermediate\_output\_bucket\_name](#output\_radar\_base\_s3\_intermediate\_output\_bucket\_name) | n/a | +| [radar\_base\_s3\_output\_bucket\_name](#output\_radar\_base\_s3\_output\_bucket\_name) | n/a | +| [radar\_base\_s3\_secret\_key](#output\_radar\_base\_s3\_secret\_key) | n/a | +| [radar\_base\_s3\_velero\_bucket\_name](#output\_radar\_base\_s3\_velero\_bucket\_name) | n/a | +| [radar\_base\_smtp\_host](#output\_radar\_base\_smtp\_host) | n/a | +| [radar\_base\_smtp\_password](#output\_radar\_base\_smtp\_password) | n/a | +| [radar\_base\_smtp\_port](#output\_radar\_base\_smtp\_port) | n/a | +| [radar\_base\_smtp\_username](#output\_radar\_base\_smtp\_username) | n/a | \ No newline at end of file