forked from massdriver-cloud/aws-eks-cluster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
massdriver.yaml
407 lines (396 loc) · 14.6 KB
/
massdriver.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
schema: draft-07
name: aws-eks-cluster
description: Elastic Kubernetes Service is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications.
source_url: github.com/massdriver-cloud/aws-eks-cluster
access: public
type: infrastructure
steps:
- path: src
provisioner: terraform
- path: core-services
provisioner: terraform
- path: custom-resources
provisioner: terraform
params:
examples:
- __name: Wizard
k8s_version: "1.27"
fargate:
enabled: false
node_groups:
- name_suffix: shared
instance_type: t3.medium
min_size: 1
max_size: 10
advanced_configuration_enabled: false
core_services:
enable_ingress: true
route53_hosted_zones: []
enable_efs_csi: false
monitoring:
control_plane_log_retention: 7
prometheus:
persistence_enabled: false
grafana_enabled: false
- __name: Development
k8s_version: "1.27"
node_groups:
- name_suffix: shared
instance_type: t3.medium
min_size: 1
max_size: 10
monitoring:
control_plane_log_retention: 7
prometheus:
persistence_enabled: false
grafana_enabled: false
- __name: Production
k8s_version: "1.27"
node_groups:
- name_suffix: shared
instance_type: c5.2xlarge
min_size: 1
max_size: 10
monitoring:
control_plane_log_retention: 365
prometheus:
persistence_enabled: true
grafana_enabled: false
required:
- k8s_version
- node_groups
- core_services
- monitoring
properties:
k8s_version:
type: string
title: Kubernetes Version
description: The version of Kubernetes to run
default: "1.27"
enum:
- "1.22"
- "1.23"
- "1.24"
- "1.25"
- "1.26"
- "1.27"
fargate:
type: object
title: Fargate
description: AWS Fargate provides on-demand, right-sized compute capacity for running containers on EKS without managing node pools or clusters of EC2 instances.
dependencies:
enabled:
oneOf:
- properties:
enabled:
const: false
- required:
- namespaces
properties:
enabled:
const: true
namespaces:
type: array
items:
$ref: https://raw.githubusercontent.com/massdriver-cloud/json-schemas/main/k8s/namespace.json
not:
enum:
- kube-system
- md-core-services
- md-observability
minItems: 1
uniqueItems: true
title: Fargate Namespaces
description: Namespaces that will run in Fargate
default:
- default
properties:
enabled:
type: boolean
default: false
title: Enable
description: Enables EKS Fargate
node_groups:
type: array
title: Node Groups
descrition: Node groups to provision
minItems: 1
items:
type: object
title: Node Group
description: Definition of a node group
required:
- name_suffix
- instance_type
- min_size
- max_size
- advanced_configuration_enabled
properties:
name_suffix:
type: string
title: Name
description: The name of the node group
pattern: "[a-z]{1,}[a-z0-9]{0,19}"
message:
pattern: Name must be between 1 and 20 lowercase letters or numbers, and must start with a letter.
default: ""
min_size:
type: integer
title: Minimum Size
description: Minimum number of instances in the node group
default: 1
minimum: 0
max_size:
type: integer
title: Maximum Size
description: Maximum number of instances in the node group
default: 10
minimum: 0
instance_type:
title: Instance type
description: Instance type to use in the node group
type: string
oneOf:
- title: C5 High-CPU Large (2 vCPUs, 4.0 GiB)
const: c5.large
- title: C5 High-CPU Extra Large (4 vCPUs, 8.0 GiB)
const: c5.xlarge
- title: C5 High-CPU Double Extra Large (8 vCPUs, 16.0 GiB)
const: c5.2xlarge
- title: C5 High-CPU Quadruple Extra Large (16 vCPUs, 32.0 GiB)
const: c5.4xlarge
- title: C5 High-CPU 9xlarge (36 vCPUs, 72.0 GiB)
const: c5.9xlarge
- title: C5 High-CPU 12xlarge (48 vCPUs, 96.0 GiB)
const: c5.12xlarge
- title: C5 High-CPU 18xlarge (72 vCPUs, 144.0 GiB)
const: c5.18xlarge
- title: C5 High-CPU 24xlarge (96 vCPUs, 192.0 GiB)
const: c5.24xlarge
- title: M5 General Purpose Large (2 vCPUs, 8.0 GiB)
const: m5.large
- title: M5 General Purpose Extra Large (4 vCPUs, 16.0 GiB)
const: m5.xlarge
- title: M5 General Purpose Double Extra Large (8 vCPUs, 32.0 GiB)
const: m5.2xlarge
- title: M5 General Purpose Quadruple Extra Large (16 vCPUs, 64.0 GiB)
const: m5.4xlarge
- title: M5 General Purpose Eight Extra Large (32 vCPUs, 128.0 GiB)
const: m5.8xlarge
- title: M5 General Purpose 12xlarge (48 vCPUs, 192.0 GiB)
const: m5.12xlarge
- title: M5 General Purpose 16xlarge (64 vCPUs, 256.0 GiB)
const: m5.16xlarge
- title: M5 General Purpose 24xlarge (96 vCPUs, 384.0 GiB)
const: m5.24xlarge
- title: T3 Small (2 vCPUs for a 4h 48m burst, 2.0 GiB)
const: t3.small
- title: T3 Medium (2 vCPUs for a 4h 48m burst, 4.0 GiB)
const: t3.medium
- title: T3 Large (2 vCPUs for a 7h 12m burst, 8.0 GiB)
const: t3.large
- title: T3 Extra Large (4 vCPUs for a 9h 36m burst, 16.0 GiB)
const: t3.xlarge
- title: T3 Double Extra Large (8 vCPUs for a 9h 36m burst, 32.0 GiB)
const: t3.2xlarge
- title: P2 General Purpose GPU Extra Large (4 vCPUs, 61.0 GiB)
const: p2.xlarge
- title: P2 General Purpose GPU Eight Extra Large (32 vCPUs, 488.0 GiB)
const: p2.8xlarge
- title: P2 General Purpose GPU 16xlarge (64 vCPUs, 732.0 GiB)
const: p2.16xlarge
advanced_configuration_enabled:
type: boolean
title: Advanced Configuration Enabled
default: false
dependencies:
advanced_configuration_enabled:
oneOf:
- properties:
advanced_configuration_enabled:
const: false
- properties:
advanced_configuration_enabled:
const: true
advanced_configuration:
type: object
title: Advanced Configuration
properties:
taint:
$ref: https://raw.githubusercontent.com/massdriver-cloud/artifact-definitions/main/definitions/types/k8s-node-taint.json
description: "**Warning**: if you only have one node pool, and it has a taint, other core workloads may not be able to be scheduled and provisioning will fail. If you want to taint a node group, it's recommended that you have another, non-tainted pool for these workloads."
$md.immutable: true
core_services:
type: object
title: Core Services
description: Configure core services in Kubernetes for Massdriver to manage
required: []
properties:
enable_ingress:
type: boolean
title: Enable Ingress
description: Enabling this will create an nginx ingress controller in the cluster, allowing internet traffic to flow into web accessible services within the cluster
default: false
route53_hosted_zones:
type: array
title: Route53 Hosted Zones
description: Route53 Hosted Zones to associate with this cluster. Enables Kubernetes to automatically manage DNS records and SSL certificates. Hosted Zones can be configured at https://app.massdriver.cloud/dns-zones.
default: []
items:
title: "Route53 Hosted Zone"
description: ""
# TODO: Require a HostedZone ARN: arn:aws:route53:::hostedzone/Z0267127WDKJABXSA830 which isnt _quite a standard ARN.
$ref: https://raw.githubusercontent.com/massdriver-cloud/artifact-definitions/main/definitions/types/aws-arn.json
enable_efs_csi:
type: boolean
title: Enable EFS Volume Support
description: Enabling this will install the AWS EFS storage controller into your cluster, allowing you to provision persistent volumes backed by EFS file systems.
default: false
dependencies:
enable_efs_csi:
oneOf:
- properties:
enable_efs_csi:
const: false
- properties:
enable_efs_csi:
const: true
storage_class_to_efs_map:
type: array
title: Storage Classes
description: You may optionally specify a storage class name for each EFS file system you would like to use for persistent volumes. In addition, by specifying any EFS volumes here you will limit the provisioner to only be able to create peristent volumes use the listed EFS file systems. By leaving this blank, all file systems are usable.
default: []
items:
type: object
title: Storage Class to EFS File System map
required:
- storage_class_name
- efs_arn
properties:
storage_class_name:
type: string
title: Storage Class Name
description: Unique name for storage class resource for the EFS file system the EKS cluster
$ref: https://raw.githubusercontent.com/massdriver-cloud/artifact-definitions/main/definitions/types/k8s-resource-name.json
efs_arn:
type: string
title: EFS File System ARN
description: ARN of the EFS file system to map to this storage class in the EKS cluster
pattern: ^arn:aws:elasticfilesystem:[a-z0-9-]*:(?:[0-9]{12})?:file-system\/fs-(?:[a-z0-9]+)?$
message:
pattern: Must be a valid AWS EFS file system ARN
monitoring:
type: object
title: Monitoring
required:
- control_plane_log_retention
- prometheus
properties:
control_plane_log_retention:
type: integer
title: Control Plane Log Retention
description: "Duration to retain control plane logs in AWS Cloudwatch (Note: control plane logs do not contain application or container logs)"
default: 7
oneOf:
- title: 7 days
const: 7
- title: 30 days
const: 30
- title: 90 days
const: 60
- title: 180 days
const: 180
- title: 1 year
const: 365
- title: Never expire
const: 0
prometheus:
type: object
title: Prometheus Configuration
description: Configuration settings for the Prometheus instances that are automatically installed into the cluster to provide monitoring capabilities"
required:
- persistence_enabled
- grafana_enabled
properties:
persistence_enabled:
title: Enable Persistence
type: boolean
description: This setting will enable persistence of Prometheus data via EBS volumes. However, in small clusters (less than 5 nodes) this can create problems of pod scheduling and placement due EBS volumes being zonally-locked, and thus should be disabled.
default: true
grafana_enabled:
title: Enable Grafana
type: boolean
description: Install Grafana into the cluster to provide a metric visualizer
default: false
dependencies:
grafana_enabled:
oneOf:
- properties:
grafana_enabled:
const: false
- properties:
grafana_enabled:
const: true
grafana_password:
title: Grafana Admin Password
description: Set the password for the `admin` user
type: string
format: password
required:
- grafana_password
connections:
required:
- aws_authentication
- vpc
properties:
aws_authentication:
$ref: massdriver/aws-iam-role
vpc:
$ref: massdriver/aws-vpc
artifacts:
required:
- kubernetes_cluster
properties:
kubernetes_cluster:
$ref: massdriver/kubernetes-cluster
ui:
ui:order:
- k8s_version
- fargate
- node_groups
- core_services
- monitoring
- "*"
node_groups:
items:
ui:order:
- name_suffix
- instance_type
- min_size
- max_size
- "*"
core_services:
ui:order:
- enable_ingress
- route53_hosted_zones
- enable_efs_csi
- storage_class_to_efs_map
- "*"
route53_hosted_zones:
items:
ui:field: dnsZonesDropdown
cloud: aws
storage_class_to_efs_map:
items:
ui:order:
- storage_class_name
- efs_arn
monitoring:
ui:order:
- control_plane_log_retention
- prometheus
prometheus:
ui:order:
- persistence_enabled
- grafana_enabled
- grafana_password