forked from lacework/terraform-kubernetes-agent
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
217 lines (183 loc) · 5.94 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
variable "enable_cluster_agent" {
type = bool
default = false
description = "A boolean representing whether the Lacework cluster agent should be deployed"
}
variable "lacework_access_token" {
type = string
description = "The access token for the Lacework agent"
}
variable "lacework_agent_name" {
type = string
description = "The name for the Lacework agent service within Kubernetes"
default = "lacework-agent"
}
variable "lacework_agent_interface_connection_size" {
type = string
description = "Desired value for the InterfaceConnectionSize Lacework agent parameter"
default = ""
}
variable "lacework_agent_tags" {
type = map(string)
description = "A map/dictionary of Tags to be assigned to the Lacework datacollector"
default = {}
}
variable "lacework_agent_autoupgrade" {
type = bool
description = "Boolean value to control whether or not the agent should automatically upgrade to newer versions when available"
default = true
}
variable "lacework_agent_configuration" {
type = any
description = "A map/dictionary of configuration parameters for the Lacework datacollector"
default = {}
}
variable "lacework_enable_default_syscall_config" {
type = bool
default = false
description = "A flag to enable the default syscall config"
}
variable "lacework_cluster_configuration" {
type = map(any)
description = "A map/dictionary of configuration parameters for the Lacework K8s collector"
default = {}
}
variable "lacework_cluster_cpu_limit" {
type = string
default = "500m"
description = "The limit of CPU units for the Lacework K8s collector pod"
}
variable "lacework_cluster_cpu_request" {
type = string
default = "200m"
description = "The amount of CPU units to request for the Lacework K8s collector pod"
}
variable "lacework_cluster_exclusive" {
type = bool
description = "A boolean representing whether the Lacework K8s collector will operate in exclusive mode"
default = false
}
variable "lacework_cluster_name" {
type = string
description = "The name of the K8s cluster that the Lacework K8s collector will monitor"
default = ""
}
variable "lacework_cluster_region" {
type = string
description = "The region of the K8s cluster that the Lacework K8s collector will monitor"
default = ""
}
variable "lacework_cluster_type" {
type = string
description = "The type of the K8s cluster that the Lacework K8s collector will monitor"
default = ""
}
variable "lacework_cluster_image" {
type = string
description = "The name of the image to use for deploying the Lacework K8s collector"
default = "lacework/k8scollector"
}
variable "lacework_cluster_image_pull_policy" {
type = string
description = "The pull policy to use for deploying the Lacework K8s collector"
default = "Always"
}
variable "lacework_cluster_mem_limit" {
type = string
default = "1450Mi"
description = "The limit of Memory for the Lacework K8s collector pod"
}
variable "lacework_cluster_mem_request" {
type = string
default = "512Mi"
description = "The amount of Memory to request for the Lacework K8s collector pod"
}
variable "lacework_config_name" {
type = string
description = "The name for the Lacework agent configuration within Kubernetes"
default = "lacework-config"
}
variable "lacework_image" {
type = string
description = "The name of the image to use for deploying the Lacework datacollector"
default = "lacework/datacollector"
}
variable "lacework_image_pull_policy" {
type = string
description = "The pull policy to use for deploying the Lacework datacollector"
default = "Always"
}
variable "lacework_proxy_url" {
type = string
default = ""
description = "The proxy URL for the Lacework agent"
}
variable "lacework_server_url" {
type = string
default = ""
description = "The server URL for the Lacework agent"
}
variable "namespace" {
type = string
description = "The Kubernetes namespace in which to deploy"
default = "default"
}
variable "revision_history_limit" {
type = number
description = "The number of revision hitory to keep."
default = 10
}
variable "pod_priority_class_name" {
type = string
description = "Indicates the pod's priority. Requires an existing priority class name resource if not 'system-node-critical' and 'system-cluster-critical'"
default = ""
}
variable "pod_service_account" {
type = string
description = "The Kubernetes ServiceAccount to use in the pod template"
default = ""
}
variable "pod_cpu_request" {
type = string
default = "200m"
description = "The amount of CPU units to request for the Lacework datacollector pod"
}
variable "pod_mem_request" {
type = string
default = "512Mi"
description = "The amount of Memory to request for the Lacework datacollector pod"
}
variable "pod_cpu_limit" {
type = string
default = "500m"
description = "The limit of CPU units for the Lacework datacollector pod"
}
variable "pod_mem_limit" {
type = string
default = "1450Mi"
description = "The limit of Memory for the Lacework datacollector pod"
}
variable "lacework_agent_log_stdout" {
type = bool
default = true
description = "Enable Lacework agent stdout logging."
}
variable "tolerations" {
type = list(map(string))
default = [
{
key = "node-role.kubernetes.io/infra",
effect = "NoSchedule"
},
{
key = "node-role.kubernetes.io/master",
effect = "NoSchedule"
}
]
description = "A list of Kubernetes Tolerations to apply to the DaemonSet definition"
}
variable "node_selector" {
type = map(any)
default = null
description = "A map of key:value pairs of node labels to specify which nodes to deploy the DaemonsSet to"
}