kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 18:35:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
eacf47a48472ec22b95aee897ab446d7bec6e8a3
nomad/e2e/terraform/variables.tf
Tim Gross cf25cf5cd5 E2E: use a self-hosted Consul for easier WI testing (#20256) 
Our `consulcompat` tests exercise both the Workload Identity and legacy Consul
token workflow, but they are limited to running single node tests. The E2E
cluster is network isolated, so using our HCP Consul cluster runs into a
problem validating WI tokens because it can't reach the JWKS endpoint. In real
production environments, you'd solve this with a CNAME pointing to a public IP
pointing to a proxy with a real domain name. But that's logisitcally
impractical for our ephemeral nightly cluster.

Migrate the HCP Consul to a single-node Consul cluster on AWS EC2 alongside our
Nomad cluster. Bootstrap TLS and ACLs in Terraform and ensure all nodes can
reach each other. This will allow us to update our Consul tests so they can use
Workload Identity, in a separate PR.

Ref: #19698
2024-04-02 15:24:51 -04:00

112 lines
3.1 KiB
HCL
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
variable "name" {
description = "Used to name various infrastructure components"
default = "nomad-e2e"
}
variable "region" {
description = "The AWS region to deploy to."
default = "us-east-1"
}
variable "availability_zone" {
description = "The AWS availability zone to deploy to."
default = "us-east-1b"
}
variable "instance_type" {
description = "The AWS instance type to use for both clients and servers."
default = "t3a.medium"
}
variable "server_count" {
description = "The number of servers to provision."
default = "3"
}
variable "client_count_ubuntu_jammy_amd64" {
description = "The number of Ubuntu clients to provision."
default = "4"
}
variable "client_count_windows_2016_amd64" {
description = "The number of windows 2016 clients to provision."
default = "0"
}
variable "restrict_ingress_cidrblock" {
description = "Restrict ingress traffic to cluster to invoker ip address"
type = bool
default = true
}
# ----------------------------------------
# The specific version of Nomad deployed will default to whichever one of
# nomad_sha, nomad_version, or nomad_local_binary is set
variable "nomad_local_binary" {
description = "The path to a local binary to provision"
default = ""
}
variable "nomad_license" {
type = string
description = "If nomad_license is set, deploy a license"
default = ""
}
variable "consul_license" {
type = string
description = "If consul_license is set, deploy a license"
default = ""
}
variable "volumes" {
type = bool
description = "Include external EFS volumes (for CSI)"
default = true
}
variable "hcp_consul_cluster_id" {
description = "The ID of the HCP Consul cluster"
type = string
default = "nomad-e2e-shared-hcp-consul"
}
variable "hcp_vault_cluster_id" {
description = "The ID of the HCP Vault cluster"
type = string
default = "nomad-e2e-shared-hcp-vault"
}
variable "hcp_vault_namespace" {
description = "The namespace where the HCP Vault cluster policy works"
type = string
default = "admin"
}
# ----------------------------------------
# If you want to deploy multiple versions you can use these variables to
# provide a list of builds to override the values of nomad_sha, nomad_version,
# or nomad_local_binary. Most of the time you can ignore these variables!
variable "nomad_local_binary_server" {
description = "A list of nomad local binary paths to deploy to servers, to override nomad_local_binary"
type = list(string)
default = []
}
variable "nomad_local_binary_client_ubuntu_jammy_amd64" {
description = "A list of nomad local binary paths to deploy to Ubuntu Jammy clients, to override nomad_local_binary"
type = list(string)
default = []
}
variable "nomad_local_binary_client_windows_2016_amd64" {
description = "A list of nomad local binary paths to deploy to Windows 2016 clients, to override nomad_local_binary"
type = list(string)
default = []
}
Reference in New Issue View Git Blame Copy Permalink