Caravan Platform¶

Bring the platform online

Caveats¶

Assumption:

All infra state should output:
- control_plane_role_name: the vault role name that should be associated with control plane nodes
- worker_plane_role_name: the vault role name that should be associated with worker plane nodes
GCP infra state should output:
- control_plane_service_accounts: the list of service accounts associated with control plane nodes
- worker_plane_service_accounts: the list of service accounts associated with worker plane nodes
- project_id: the project id where the infra is running
AWS infra state should output:
- control_plane_iam_role_arns: the IAM role arns of control plane nodes
- worker_plane_iam_role_arns: the IAM role arns of worker plane nodes
- region: the AWS region where the infra is running
- vpc_id: the name of the vpc where the infra is running
OCI infra state should output:
- home_tenancy_id
- role_name
- dynamic_group_ocid
AZURE infra state should output:
- tenant_id: Azure AD tenant id
- subscription_id: Azure subscription id
- resource_group_name: resource group of the instances
- vault_resource_name: AD resource used for generating tokens, e.g. https://management.azure.com
- control_plane_service_principal_ids: list of service principal ids for control plane instances
- worker_plane_service_principal_ids: list of service principal ids for worker plane instances
- vault_client_id: the AD application id for Vault Azure dynamic secret
- vault_client_secret: the AD application secret for Vault Azure dynamic secret

Requirements¶

Name	Version
terraform	~> 1.0

Providers¶

Name	Version
terraform	n/a
vault	2.24.1

Modules¶

Name	Source	Version
authenticate	git::https://github.com/bitrockteam/caravan-vault//modules/vault-authentication	refs/tags/v0.3.23
consul-backend	git::https://github.com/bitrockteam/caravan-vault//modules/vault-consul-config	refs/tags/v0.3.23
nomad-policies	git::https://github.com/bitrockteam/caravan-nomad//modules/nomad-policies	refs/tags/v0.1.5
secrets	git::https://github.com/bitrockteam/caravan-vault//modules/secrets	refs/tags/v0.3.25
vault-policies	git::https://github.com/bitrockteam/caravan-vault//modules/default-policies	refs/tags/v0.3.23

Resources¶

Name	Type
vault_policy.vault_policy	resource
terraform_remote_state.bootstrap	data source
vault_generic_secret.consul_bootstrap_token	data source

Inputs¶

Name	Description	Type	Default	Required
approle_role_name	n/a	`string`	`""`	no
approle_token_policies	APPROLE auth	`list(string)`	`[]`	no
auth_providers	Enable auth providers: aws, gcp, gsuite, oci, approle	`list(string)`	`[]`	no
aws_cluster_node_iam_role_arns	AWS auth provider	`list(string)`	`[]`	no
aws_profile	n/a	`string`	`null`	no
aws_region	n/a	`string`	`""`	no
aws_shared_credentials_file	n/a	`string`	`null`	no
aws_vpc_id	n/a	`string`	`""`	no
aws_worker_node_iam_role_arns	n/a	`list(string)`	`[]`	no
azure_bootstrap_client_id	n/a	`string`	`""`	no
azure_bootstrap_client_secret	n/a	`string`	`""`	no
azure_bootstrap_resource_group_name	n/a	`string`	`""`	no
azure_bootstrap_storage_account_name	n/a	`string`	`""`	no
azure_bootstrap_subscription_id	n/a	`string`	`""`	no
azure_bootstrap_tenant_id	n/a	`string`	`""`	no
azure_control_plane_service_principal_ids	n/a	`list(string)`	`[]`	no
azure_csi	Azure	`bool`	`false`	no
azure_resource_groups	n/a	`list(string)`	`[]`	no
azure_subscription_ids	n/a	`list(string)`	`[]`	no
azure_tenant_id	n/a	`string`	`""`	no
azure_vault_resource_name	n/a	`string`	`""`	no
azure_worker_plane_service_principal_ids	n/a	`list(string)`	`[]`	no
bootstrap_state_backend_provider	Use an external state backend for inferencing configuration variables	`string`	`""`	no
bootstrap_state_bucket_name	n/a	`string`	`""`	no
bootstrap_state_bucket_name_prefix	Common state config	`string`	`"states-bucket"`	no
bootstrap_state_object_name_prefix	n/a	`string`	`"infraboot/terraform/state"`	no
ca_cert_file	n/a	`string`	`null`	no
consul_endpoint	n/a	`string`	`null`	no
consul_insecure_https	n/a	`bool`	`false`	no
consul_internal_address	n/a	`string`	`"127.0.0.1:8500"`	no
control_plane_role_name	n/a	`string`	`"control-plane"`	no
custom_vault_policies_path	Extra	`string`	`null`	no
enable_nomad	Enables and setup Nomad cluster	`bool`	`true`	no
gcp_control_plane_service_accounts	n/a	`list(string)`	`[]`	no
gcp_csi	GCP auth provider	`bool`	`false`	no
gcp_project_id	GCP state config	`string`	`""`	no
gcp_region	n/a	`string`	`""`	no
gcp_worker_plane_service_accounts	n/a	`list(string)`	`[]`	no
google_account_file	Credentials	`string`	`null`	no
gsuite_allowed_redirect_uris	n/a	`list(string)`	`[]`	no
gsuite_authenticate	GSUITE auth provider	`bool`	`false`	no
gsuite_client_id	n/a	`string`	`null`	no
gsuite_client_secret	n/a	`string`	`null`	no
gsuite_default_role	n/a	`string`	`null`	no
gsuite_default_role_policies	n/a	`list(string)`	`[]`	no
gsuite_domain	n/a	`string`	`null`	no
nomad_endpoint	n/a	`string`	`null`	no
oci_dynamic_group_ocid	n/a	`string`	`""`	no
oci_home_tenancy_id	OCI auth provider	`string`	`""`	no
oci_role_name	n/a	`string`	`""`	no
s3_bootstrap_access_key	S3 state config	`string`	`null`	no
s3_bootstrap_region	n/a	`string`	`null`	no
s3_bootstrap_secret_key	n/a	`string`	`null`	no
s3_bootstrap_state_endpoint	n/a	`string`	`null`	no
vault_endpoint	Common args	`string`	`null`	no
vault_skip_tls_verify	n/a	`bool`	`false`	no
worker_plane_role_name	n/a	`string`	`"worker-plane"`	no

Outputs¶

No outputs.