diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6747b907d..6cb5f7460 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,80 @@
All notable changes to this project will be documented in this file.
+### [4.1.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.1...v4.1.2) (2024-01-16)
+
+
+### Bug Fixes
+
+* Max LB name length ([#166](https://github.com/wandb/terraform-aws-wandb/issues/166)) ([85bd266](https://github.com/wandb/terraform-aws-wandb/commit/85bd266f5f0ce003f2d4e69f796a41df0ff9fb9c))
+
+### [4.1.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.1.0...v4.1.1) (2024-01-11)
+
+
+### Bug Fixes
+
+* Update redis connection ttl ([#165](https://github.com/wandb/terraform-aws-wandb/issues/165)) ([f236b3b](https://github.com/wandb/terraform-aws-wandb/commit/f236b3b8c5f7d3fcece1a1d302276bde6bdd75d5))
+
+## [4.1.0](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.2...v4.1.0) (2024-01-10)
+
+
+### Features
+
+* Adding flags to switch between LB ([#159](https://github.com/wandb/terraform-aws-wandb/issues/159)) ([ffa3778](https://github.com/wandb/terraform-aws-wandb/commit/ffa3778fe05da8681a828ce84f3f8291bb8fe5bd))
+
+### [4.0.2](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.1...v4.0.2) (2024-01-09)
+
+
+### Bug Fixes
+
+* EFS index vs subnet for_each ([#163](https://github.com/wandb/terraform-aws-wandb/issues/163)) ([1e47177](https://github.com/wandb/terraform-aws-wandb/commit/1e47177a0017ef694e7667781111d9ce2d375f2b))
+
+### [4.0.1](https://github.com/wandb/terraform-aws-wandb/compare/v4.0.0...v4.0.1) (2024-01-09)
+
+
+### Bug Fixes
+
+* Disable gorilla glue tasks ([#161](https://github.com/wandb/terraform-aws-wandb/issues/161)) ([5d24bda](https://github.com/wandb/terraform-aws-wandb/commit/5d24bda4fead8d79b3e06d488ecb824980a3d15b))
+
+## [4.0.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.2...v4.0.0) (2024-01-08)
+
+
+### ⚠ BREAKING CHANGES
+
+* Init operator (#154)
+
+### Features
+
+* Init operator ([#154](https://github.com/wandb/terraform-aws-wandb/issues/154)) ([95def33](https://github.com/wandb/terraform-aws-wandb/commit/95def33db96c55a640fba4df5bdfbcc3a179d8ac))
+
+### [3.4.2](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.1...v3.4.2) (2023-12-07)
+
+
+### Bug Fixes
+
+* Switch to gp3 volumes on EKS nodes ([#146](https://github.com/wandb/terraform-aws-wandb/issues/146)) ([86dbc7d](https://github.com/wandb/terraform-aws-wandb/commit/86dbc7df0de1aa6d2bc69862770ea67010354c20))
+
+### [3.4.1](https://github.com/wandb/terraform-aws-wandb/compare/v3.4.0...v3.4.1) (2023-12-07)
+
+
+### Bug Fixes
+
+* Fix private access example ([#155](https://github.com/wandb/terraform-aws-wandb/issues/155)) ([f0745ea](https://github.com/wandb/terraform-aws-wandb/commit/f0745eaf3e2d7111b6becfccac3134b18961e862))
+
+## [3.4.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.3.0...v3.4.0) (2023-11-13)
+
+
+### Features
+
+* Add support for AWS Secrets Manager ([#151](https://github.com/wandb/terraform-aws-wandb/issues/151)) ([aa64eb1](https://github.com/wandb/terraform-aws-wandb/commit/aa64eb146622132d9b70083094b3c60a728e6038))
+
+## [3.3.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.2.0...v3.3.0) (2023-10-31)
+
+
+### Features
+
+* Remove vpc-cni EKS add-on in app_eks/main.tf ([#150](https://github.com/wandb/terraform-aws-wandb/issues/150)) ([9f01dde](https://github.com/wandb/terraform-aws-wandb/commit/9f01dde88971487622111e71ec2871b7445b5f57))
+
## [3.2.0](https://github.com/wandb/terraform-aws-wandb/compare/v3.1.0...v3.2.0) (2023-10-25)
diff --git a/README.md b/README.md
index 9b0df313e..e35a84f96 100644
--- a/README.md
+++ b/README.md
@@ -217,3 +217,28 @@ Upgrades must be executed in step-wise fashion from one version to the next. You
| <a name="output_url"></a> [url](#output\_url) | The URL to the W&B application |
<!-- END_TF_DOCS -->
+
+## Migrations
+
+#### Upgrading from 3.x -> 4.x
+
+- If egress access for retrieving the wandb/controller image is not available, Terraform apply may experience failures.
+- It's necessary to supply a license variable within the module, as shown:
+
+```hcl
+module "wandb" {
+ version = "4.x"
+
+ # ...
+ license = "<your license key>"
+ # ...
+}
+```
+
+### Upgrading from 2.x -> 3.x
+
+- No changes required by you
+
+### Upgrading from 1.x -> 2.x
+
+- ~>4.0 version required for AWS Provider
diff --git a/examples/private-access-only/main.tf b/examples/private-access-only/main.tf
index 6c56c856d..de412ae52 100644
--- a/examples/private-access-only/main.tf
+++ b/examples/private-access-only/main.tf
@@ -61,18 +61,19 @@ module "standard" {
namespace = var.namespace
public_access = false
- wandb_license = var.wandb_license
-
domain_name = aws_route53_zone.private.name
zone_id = aws_route53_zone.private.zone_id
# Creating a custom VPC so that we can initalize a route53 zone first and configure a vpn
- create_vpc = false
- network_id = module.networking.vpc_id
- network_private_subnets = module.networking.private_subnets
- network_public_subnets = module.networking.public_subnets
+ create_vpc = false
+ network_id = module.networking.vpc_id
+ network_private_subnets = module.networking.private_subnets
+ network_public_subnets = module.networking.public_subnets
+ allowed_inbound_cidr = var.allowed_inbound_cidr
+ allowed_inbound_ipv6_cidr = var.allowed_inbound_ipv6_cidr
+ eks_cluster_version = var.eks_cluster_version
}
output "url" {
value = module.standard.url
-}
\ No newline at end of file
+}
diff --git a/examples/private-access-only/variables.tf b/examples/private-access-only/variables.tf
index e829a2ee9..d66f38079 100644
--- a/examples/private-access-only/variables.tf
+++ b/examples/private-access-only/variables.tf
@@ -3,7 +3,22 @@ variable "namespace" {
description = "Name prefix used for resources"
}
-variable "wandb_license" {
- type = string
+variable "allowed_inbound_cidr" {
+ default = ["0.0.0.0/0"]
+ nullable = false
+ type = list(string)
}
+
+variable "allowed_inbound_ipv6_cidr" {
+ default = ["::/0"]
+ nullable = false
+ type = list(string)
+}
+
+variable "eks_cluster_version" {
+ description = "EKS cluster kubernetes version"
+ default = "1.26"
+ nullable = false
+ type = string
+}
diff --git a/examples/private-access-only/versions.tf b/examples/private-access-only/versions.tf
index ee9da534d..6276e0857 100644
--- a/examples/private-access-only/versions.tf
+++ b/examples/private-access-only/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 3.60"
+ version = "~> 4.0"
}
}
-}
\ No newline at end of file
+}
diff --git a/examples/public-dns-external/main.tf b/examples/public-dns-external/main.tf
index 72588184c..e7965f1f0 100644
--- a/examples/public-dns-external/main.tf
+++ b/examples/public-dns-external/main.tf
@@ -1,5 +1,5 @@
provider "aws" {
- region = "us-west-2"
+ region = "us-west-2"
default_tags {
tags = {
@@ -36,7 +36,7 @@ module "wandb_infra" {
zone_id = var.zone_id
subdomain = var.subdomain
- # license = var.wandb_license
+ license = var.wandb_license
bucket_name = var.bucket_name
bucket_kms_key_arn = var.bucket_kms_key_arn
@@ -87,6 +87,10 @@ module "wandb_app" {
# If we dont wait, tf will start trying to deploy while the work group is
# still spinning up
depends_on = [module.wandb_infra]
+
+ other_wandb_env = merge({
+ "GORILLA_CUSTOMER_SECRET_STORE_SOURCE" = "aws-secretmanager://${var.namespace}?namespace=${var.namespace}"
+ }, var.other_wandb_env)
}
output "bucket_name" {
diff --git a/examples/public-dns-external/variables.tf b/examples/public-dns-external/variables.tf
index c88dc631a..e0712159b 100644
--- a/examples/public-dns-external/variables.tf
+++ b/examples/public-dns-external/variables.tf
@@ -83,3 +83,9 @@ variable "allowed_inbound_ipv6_cidr" {
nullable = false
type = list(string)
}
+
+variable "other_wandb_env" {
+ type = map(string)
+ description = "Extra environment variables for W&B"
+ default = {}
+}
diff --git a/main.tf b/main.tf
index f87145ede..cc223b556 100644
--- a/main.tf
+++ b/main.tf
@@ -141,6 +141,7 @@ module "acm" {
locals {
acm_certificate_arn = local.create_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
url = local.acm_certificate_arn == null ? "http://${local.fqdn}" : "https://${local.fqdn}"
+ domain_filter = var.custom_domain_filter == null || var.custom_domain_filter == "" ? local.fqdn : var.custom_domain_filter
internal_app_port = 32543
}
@@ -148,7 +149,7 @@ locals {
module "app_eks" {
source = "./modules/app_eks"
- fqdn = local.fqdn
+ fqdn = local.domain_filter
namespace = var.namespace
kms_key_arn = local.kms_key_arn
@@ -187,7 +188,7 @@ module "app_lb" {
acm_certificate_arn = local.acm_certificate_arn
zone_id = var.zone_id
- fqdn = local.fqdn
+ fqdn = var.enable_dummy_dns ? "old.${local.fqdn}" : local.fqdn
extra_fqdn = var.extra_fqdn
allowed_inbound_cidr = var.allowed_inbound_cidr
allowed_inbound_ipv6_cidr = var.allowed_inbound_ipv6_cidr
@@ -216,63 +217,87 @@ module "redis" {
kms_key_arn = local.kms_key_arn
}
+locals {
+ max_lb_name_length = 32 - length("-alb-k8s")
+ lb_name_truncated = "${substr(var.namespace, 0, local.max_lb_name_length)}-alb-k8s"
+}
+
+module "wandb" {
+ source = "wandb/wandb/helm"
+ version = "1.2.0"
+
+ depends_on = [
+ module.database,
+ module.app_eks,
+ module.redis,
+ ]
+ operator_chart_version = "1.1.0"
+ controller_image_tag = "1.10.1"
+
+ spec = {
+ values = {
+ global = {
+ host = local.url
+ license = var.license
+
+ extraEnv = var.other_wandb_env
+
+ bucket = {
+ provider = "s3"
+ name = local.bucket_name
+ region = data.aws_s3_bucket.file_storage.region
+ kmsKey = local.use_external_bucket ? var.bucket_kms_key_arn : local.kms_key_arn
+ }
+
+ mysql = {
+ host = module.database.endpoint
+ password = module.database.password
+ user = module.database.username
+ database = module.database.database_name
+ port = module.database.port
+ }
+
+ redis = {
+ host = module.redis.0.host
+ port = "${module.redis.0.port}?tls=true&ttlInSeconds=604800"
+ }
+ }
+
+ ingress = {
+ class = "alb"
+
+ annotations = {
+ "alb.ingress.kubernetes.io/load-balancer-name" = local.lb_name_truncated
+ "alb.ingress.kubernetes.io/inbound-cidrs" = <<-EOF
+ ${join("\\,", var.allowed_inbound_cidr)}
+ EOF
+ "external-dns.alpha.kubernetes.io/hostname" = var.enable_operator_alb ? local.fqdn : ""
+ "external-dns.alpha.kubernetes.io/ingress-hostname-source" = "annotation-only"
+ "alb.ingress.kubernetes.io/scheme" = "internet-facing"
+ "alb.ingress.kubernetes.io/target-type" = "ip"
+ "alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]"
+ "alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn
+ }
+ }
+
+ app = var.enable_operator_alb ? {} : {
+ extraEnv = {
+ "GORILLA_GLUE_LIST" = "true"
+ }
+ }
+
+ mysql = { install = false }
+ redis = { install = false }
+
+ weave = {
+ persistence = {
+ provider = "efs"
+ efs = {
+ fileSystemId = module.app_eks.efs_id
+ }
+ }
+ }
+ }
+ }
+}
-# Comming soon!
-# module "wandb" {
-# source = "wandb/wandb/helm"
-# version = "1.2.0"
-
-# depends_on = [
-# module.database,
-# module.app_eks,
-# module.redis,
-# ]
-
-# operator_chart_version = "1.1.0"
-# controller_image_tag = "1.10.1"
-
-# spec = {
-# values = {
-# global = {
-# host = local.url
-# license = var.license
-
-# bucket = {
-# provider = "s3"
-# name = local.bucket_name
-# region = data.aws_s3_bucket.file_storage.region
-# kmsKey = local.kms_key_arn
-# }
-
-# mysql = {
-# host = module.database.endpoint
-# password = module.database.password
-# username = module.database.username
-# database = module.database.database_name
-# port = module.database.port
-# }
-
-# redis = {
-# host = module.redis.0.host
-# port = "${module.redis.0.port}?tls=true"
-# }
-# }
-
-# ingress = {
-# class = "alb"
-
-# annotations = {
-# "alb.ingress.kubernetes.io/load-balancer-name" = "${var.namespace}-alb-k8s"
-# "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0"
-# "alb.ingress.kubernetes.io/scheme" = "internet-facing"
-# "alb.ingress.kubernetes.io/target-type" = "ip"
-# "alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]"
-# "alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn
-# }
-# }
-
-# mysql = { install = false }
-# redis = { install = false }
-# }
-# }
-# }
diff --git a/modules/app_eks/efs.tf b/modules/app_eks/efs.tf
new file mode 100644
index 000000000..e8963a9e4
--- /dev/null
+++ b/modules/app_eks/efs.tf
@@ -0,0 +1,42 @@
+resource "random_pet" "efs" {
+ length = 2
+}
+
+resource "aws_efs_file_system" "storage_class" {
+ creation_token = "${var.namespace}-${random_pet.efs.id}"
+ encrypted = true
+ performance_mode = "generalPurpose"
+ throughput_mode = "elastic"
+}
+
+resource "aws_efs_backup_policy" "storage_class" {
+ file_system_id = aws_efs_file_system.storage_class.id
+
+ backup_policy {
+ status = "DISABLED"
+ }
+}
+
+resource "aws_security_group" "storage_class_nfs" {
+ name = "${var.namespace}-${random_pet.efs.id}"
+ description = "Security group for NFS traffic"
+ vpc_id = var.network_id
+}
+
+resource "aws_security_group_rule" "nfs_ingress" {
+ description = "NFS inbound"
+ type = "ingress"
+ from_port = 2049
+ to_port = 2049
+ protocol = "tcp"
+ security_group_id = aws_security_group.storage_class_nfs.id
+ source_security_group_id = aws_security_group.primary_workers.id
+}
+
+resource "aws_efs_mount_target" "storage_class" {
+ for_each = { for index, subnet in var.network_private_subnets : index => subnet }
+
+ file_system_id = aws_efs_file_system.storage_class.id
+ subnet_id = each.value
+ security_groups = [aws_security_group.storage_class_nfs.id]
+}
diff --git a/modules/app_eks/external_dns/external_dns.tf b/modules/app_eks/external_dns/external_dns.tf
index 15f826aeb..00651b1ec 100644
--- a/modules/app_eks/external_dns/external_dns.tf
+++ b/modules/app_eks/external_dns/external_dns.tf
@@ -21,12 +21,19 @@ resource "helm_release" "external_dns" {
}
set {
- name = "domainFilters[0]"
+ name = "domainFilters[0]"
value = var.fqdn
}
+ set {
+ name = "policy"
+ value = "sync"
+ }
+
set {
name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
value = aws_iam_role.default.arn
}
-}
\ No newline at end of file
+
+
+}
diff --git a/modules/app_eks/external_dns/variables.tf b/modules/app_eks/external_dns/variables.tf
index 4e33cb7fa..0626c3d25 100644
--- a/modules/app_eks/external_dns/variables.tf
+++ b/modules/app_eks/external_dns/variables.tf
@@ -1,5 +1,5 @@
variable "namespace" {
- type = string
+ type = string
}
variable "oidc_provider" {
diff --git a/modules/app_eks/iam-policies.tf b/modules/app_eks/iam-policies.tf
index f0a62b1c2..6b0b11c6d 100644
--- a/modules/app_eks/iam-policies.tf
+++ b/modules/app_eks/iam-policies.tf
@@ -37,4 +37,9 @@ resource "aws_iam_policy" "node_s3" {
lifecycle {
create_before_destroy = false
}
-}
\ No newline at end of file
+}
+
+resource "aws_iam_policy" "secrets_manager" {
+ name = "${var.namespace}-secrets-manager"
+ policy = data.aws_iam_policy_document.secrets_manager.json
+}
diff --git a/modules/app_eks/iam-policy-docs.tf b/modules/app_eks/iam-policy-docs.tf
index 6b9cd7007..4e7f27b48 100644
--- a/modules/app_eks/iam-policy-docs.tf
+++ b/modules/app_eks/iam-policy-docs.tf
@@ -57,3 +57,18 @@ data "aws_iam_policy_document" "node_s3" {
]
}
}
+
+data "aws_iam_policy_document" "secrets_manager" {
+ statement {
+ actions = [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:UpdateSecret",
+ "secretsmanager:DeleteSecret",
+ "secretsmanager:PutSecretValue",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:DeleteSecretVersion"
+ ]
+ effect = "Allow"
+ resources = ["arn:aws:secretsmanager:*:${data.aws_caller_identity.current.account_id}:secret:${var.namespace}*"]
+ }
+}
diff --git a/modules/app_eks/iam-role-attachments.tf b/modules/app_eks/iam-role-attachments.tf
index 3417a5139..e82fe63b1 100644
--- a/modules/app_eks/iam-role-attachments.tf
+++ b/modules/app_eks/iam-role-attachments.tf
@@ -28,6 +28,11 @@ resource "aws_iam_role_policy_attachment" "eks_cni" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
}
+resource "aws_iam_role_policy_attachment" "eks_efs" {
+ role = aws_iam_role.node.name
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy"
+}
+
resource "aws_iam_role_policy_attachment" "eks_worker_node" {
role = aws_iam_role.node.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
@@ -42,3 +47,8 @@ resource "aws_iam_role_policy_attachment" "ebs_csi" {
role = aws_iam_role.node.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
}
+
+resource "aws_iam_role_policy_attachment" "node_secrets_manager" {
+ role = aws_iam_role.node.name
+ policy_arn = aws_iam_policy.secrets_manager.arn
+}
diff --git a/modules/app_eks/lb_controller/controller.tf b/modules/app_eks/lb_controller/controller.tf
index e6a572f04..eff2042c6 100644
--- a/modules/app_eks/lb_controller/controller.tf
+++ b/modules/app_eks/lb_controller/controller.tf
@@ -3,7 +3,7 @@ resource "helm_release" "aws_load_balancer_controller" {
repository = "https://aws.github.io/eks-charts"
chart = "aws-load-balancer-controller"
namespace = "kube-system"
- version = "1.6.1"
+ version = "1.6.2"
set {
name = "clusterName"
diff --git a/modules/app_eks/lb_controller/variables.tf b/modules/app_eks/lb_controller/variables.tf
index be3e27a47..49fe5944b 100644
--- a/modules/app_eks/lb_controller/variables.tf
+++ b/modules/app_eks/lb_controller/variables.tf
@@ -1,5 +1,5 @@
variable "namespace" {
- type = string
+ type = string
}
variable "oidc_provider" {
diff --git a/modules/app_eks/main.tf b/modules/app_eks/main.tf
index a8883fda4..063ff7295 100644
--- a/modules/app_eks/main.tf
+++ b/modules/app_eks/main.tf
@@ -15,19 +15,25 @@ resource "aws_eks_addon" "eks" {
]
}
-resource "aws_eks_addon" "vpc_cni" {
- cluster_name = var.namespace
- addon_name = "vpc-cni"
- depends_on = [module.eks]
+resource "aws_eks_addon" "efs" {
+ cluster_name = module.eks.cluster_id
+ addon_name = "aws-efs-csi-driver"
+ addon_version = "v1.7.1-eksbuild.1" # Ensure this version is compatible
+ resolve_conflicts = "OVERWRITE"
+ depends_on = [
+ module.eks
+ ]
}
-locals {
- managed_policy_arns = concat([
- "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
- "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
- "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
- ], var.eks_policy_arns)
-}
+# removed due to conflict with
+# AWS Load Balancer Controller
+# being installed with Helm.
+# See: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/
+#resource "aws_eks_addon" "vpc_cni" {
+# cluster_name = var.namespace
+# addon_name = "vpc-cni"
+# depends_on = [module.eks]
+#}
module "eks" {
source = "terraform-aws-modules/eks/aws"
@@ -60,19 +66,21 @@ module "eks" {
node_groups = {
primary = {
- version = var.cluster_version,
- desired_capacity = var.desired_capacity,
- max_capacity = 5,
- min_capacity = 2,
- instance_types = var.instance_types,
- iam_role_arn = aws_iam_role.node.arn,
- create_launch_template = local.encrypt_ebs_volume,
- disk_encrypted = local.encrypt_ebs_volume,
- disk_kms_key_id = var.kms_key_arn,
- force_update_version = local.encrypt_ebs_volume,
# IMDsv2
- metadata_http_tokens = "required",
+ create_launch_template = local.encrypt_ebs_volume,
+ desired_capacity = 2,
+ disk_encrypted = local.encrypt_ebs_volume,
+ disk_kms_key_id = var.kms_key_arn,
+ disk_type = "gp3"
+ enable_monitoring = true
+ force_update_version = local.encrypt_ebs_volume,
+ iam_role_arn = aws_iam_role.node.arn,
+ instance_types = var.instance_types,
+ max_capacity = 5,
metadata_http_put_response_hop_limit = 2
+ metadata_http_tokens = "required",
+ min_capacity = 2,
+ version = var.cluster_version,
}
}
diff --git a/modules/app_eks/outputs.tf b/modules/app_eks/outputs.tf
index 0bf3c8b6b..304b51db8 100644
--- a/modules/app_eks/outputs.tf
+++ b/modules/app_eks/outputs.tf
@@ -1,12 +1,19 @@
+output "autoscaling_group_names" {
+ value = { for name, value in module.eks.node_groups : name => lookup(lookup(lookup(value, "resources")[0], "autoscaling_groups")[0], "name") }
+}
output "cluster_id" {
value = module.eks.cluster_id
description = "ID of the created EKS cluster"
}
-output "autoscaling_group_names" {
- value = { for name, value in module.eks.node_groups : name => lookup(lookup(lookup(value, "resources")[0], "autoscaling_groups")[0], "name") }
+output "efs_id" {
+ value = aws_efs_file_system.storage_class.id
}
output "node_role" {
value = aws_iam_role.node
-}
\ No newline at end of file
+}
+
+output "primary_workers_security_group_id" {
+ value = aws_security_group.primary_workers.id
+}
diff --git a/modules/app_eks/variables.tf b/modules/app_eks/variables.tf
index 766f69166..25d466197 100644
--- a/modules/app_eks/variables.tf
+++ b/modules/app_eks/variables.tf
@@ -62,8 +62,8 @@ variable "kms_key_arn" {
variable "instance_types" {
description = "EC2 Instance type for primary node group."
+ nullable = false
type = list(string)
- default = ["m4.large"]
}
variable "lb_security_group_inbound_id" {
diff --git a/modules/file_storage/outputs.tf b/modules/file_storage/outputs.tf
index 3e6815e5b..9beae402f 100644
--- a/modules/file_storage/outputs.tf
+++ b/modules/file_storage/outputs.tf
@@ -20,4 +20,4 @@ output "bucket_queue_name" {
output "bucket_queue_arn" {
value = var.create_queue ? aws_sqs_queue.file_storage.0.arn : null
-}
\ No newline at end of file
+}
diff --git a/modules/networking/main.tf b/modules/networking/main.tf
index 328f234b6..21382052d 100644
--- a/modules/networking/main.tf
+++ b/modules/networking/main.tf
@@ -30,10 +30,10 @@ module "vpc" {
single_nat_gateway = false
private_subnet_tags = {
- "kubernetes.io/role/internal-elb" = "1"
+ "kubernetes.io/role/internal-elb" = "1"
}
public_subnet_tags = {
- "kubernetes.io/role/elb" = "1"
+ "kubernetes.io/role/elb" = "1"
}
}
diff --git a/outputs.tf b/outputs.tf
index 5d9a20efb..43e880484 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -55,4 +55,3 @@ output "url" {
value = local.url
description = "The URL to the W&B application"
}
-
diff --git a/variables.tf b/variables.tf
index bfce5cdfa..75b1313fe 100644
--- a/variables.tf
+++ b/variables.tf
@@ -97,6 +97,12 @@ variable "external_dns" {
description = "Using external DNS. A `subdomain` must also be specified if this value is true."
}
+variable "custom_domain_filter" {
+ description = "A custom domain filter to be used by external-dns instead of the default FQDN. If not set, the local FQDN is used."
+ type = string
+ default = null
+}
+
# Sometimes domain name and zone name dont match, so lets explicitly ask for
# both. Also is just life easier to have both even though in most cause it may
# be redundant info.
@@ -117,6 +123,19 @@ variable "subdomain" {
description = "Subdomain for accessing the Weights & Biases UI. Default creates record at Route53 Route."
}
+variable "enable_dummy_dns" {
+ type = bool
+ default = false
+ description = "Boolean indicating whether or not to enable dummy DNS for the old alb"
+}
+
+
+variable "enable_operator_alb" {
+ type = bool
+ default = false
+ description = "Boolean indicating whether to use operatore ALB (true) or not (false)."
+}
+
variable "extra_fqdn" {
type = list(string)
default = []
@@ -339,7 +358,13 @@ variable "elasticache_node_type" {
# ##########################################
# # Weights & Biases #
# ##########################################
-# variable "license" {
-# type = string
-# description = "Weights & Biases license key."
-# }
+variable "license" {
+ type = string
+ description = "Weights & Biases license key."
+}
+
+variable "other_wandb_env" {
+ type = map(any)
+ description = "Extra environment variables for W&B"
+ default = {}
+}