mirror of
https://github.com/puppetmaster/typhoon.git
synced 2025-01-13 01:29:34 +01:00
be29f52039
* Add an `enable_aggregation` variable to enable the kube-apiserver aggregation layer for adding extension apiservers to clusters * Aggregation is **disabled** by default. Typhoon recommends you not enable aggregation. Consider whether less invasive ways to achieve your goals are possible and whether those goals are well-founded * Enabling aggregation and extension apiservers increases the attack surface of a cluster and makes extensions a part of the control plane. Admins must scrutinize and trust any extension apiserver used. * Passing a v1.14 CNCF conformance test requires aggregation be enabled. Having an option for aggregation keeps compliance, but retains the stricter security posture on default clusters
17 lines
787 B
HCL
17 lines
787 B
HCL
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
|
module "bootkube" {
|
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=feb6e4cb3e479b20dfc269f65e76ceb62d8d2ec4"
|
|
|
|
cluster_name = "${var.cluster_name}"
|
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
|
etcd_servers = ["${aws_route53_record.etcds.*.fqdn}"]
|
|
asset_dir = "${var.asset_dir}"
|
|
networking = "${var.networking}"
|
|
network_mtu = "${var.network_mtu}"
|
|
pod_cidr = "${var.pod_cidr}"
|
|
service_cidr = "${var.service_cidr}"
|
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
|
enable_reporting = "${var.enable_reporting}"
|
|
enable_aggregation = "${var.enable_aggregation}"
|
|
}
|