Terraform Module Variables
Here are the variables that can be passed into the RIME module:
variable "create_managed_helm_release" {
description = <<EOT
Whether to deploy a RIME Helm chart onto the provisioned infrastructure managed by Terraform.
Changing the state of this variable will either install/uninstall the RIME deployment
once the change is applied in Terraform. If you want to install the RIME package manually,
set this to false and use the generated values YAML file to deploy the release
on the provisioned infrastructure.
EOT
type = bool
default = false
}
variable "helm_values_output_dir" {
description = <<EOT
The directory where to write the generated values YAML files used to configure each Helm release.
For each namespace in `k8s_namespaces`, a Helm chart "$helm_values_output_dir/values_$namespace.yaml"
will be created.
EOT
type = string
default = ""
}
variable "image_registry_config" {
description = <<EOT
The configuration for the RIME Image Registry service, which manages custom images
for running RIME stress tests with different Python model requirements:
* enable: whether or not to enable the RIME Image Registry service.
* repository_prefix: the prefix used for all repositories created
and managed by the RIME Image Registry service.
EOT
type = object({
enable = bool
repository_prefix = string
})
default = {
enable = true
repository_prefix = "rime-managed-images"
}
# See https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html
# for repository naming rules.
validation {
condition = !var.image_registry_config.enable || can(regex("^[a-z][a-z0-9]*(?:[/_-][a-z0-9]+)*$", var.image_registry_config.repository_prefix))
error_message = "The repository prefix must be 1 or more lowercase alphanumeric words separated by a '-', '_', or '/' where the first character is a letter."
}
}
variable "k8s_namespaces" {
description = <<EOT
All Kubernetes namespaces where the RIME Helm chart is to be installed.
A Helm chart will be constructed for each of these called "$helm_values_output_dir/values_$namespace.yaml".
For manual installation of these Helm charts, be sure to install them in their intended namespace.
EOT
type = list(object({
namespace = string
primary = bool
}))
default = [
{
namespace = "default"
primary = true
}
]
validation {
condition = length([for k8s_namespace in var.k8s_namespaces : k8s_namespace if k8s_namespace.primary]) == 1
error_message = "Must have one and only one primary namespace."
}
}
variable "resource_name_suffix" {
description = <<EOT
A suffix to use with the names of resources created by this module.
If not given, a random UUID will be used instead.
EOT
type = string
default = ""
}
variable "rime_docker_backend_image" {
description = "The name of the Docker image for RIME's backend services."
type = string
default = "robustintelligencehq/rime-backend"
}
variable "rime_docker_frontend_image" {
description = "The name of the Docker image for RIME's frontend services."
type = string
default = "robustintelligencehq/rime-frontend"
}
variable "rime_docker_image_builder_image" {
description = "The name of the Docker image for RIME's image builder service."
type = string
default = "robustintelligencehq/rime-image-builder"
}
# Note: this docker image must be specified as the specific image for a given
# client's model testing so it does not have a default.
variable "rime_docker_model_testing_image" {
description = "The name of the Docker image for RIME's model testing jobs."
type = string
}
variable "rime_docker_secret_name" {
description = "The name of the Kubernetes secret used to pull the Docker image for RIME's backend services."
type = string
default = "rimecreds"
}
variable "dns_config" {
description = <<EOT
Configuration for rime dns config. Should be structured like
{
create_route53: bool (default true)
rime_domain: string (required)
acm_domain: string (default rime_domain) Only add this if your acm cert base domain is different from the rime domain
}
If create_route53 is false, it is expected that you have a valid zone and cert for rime_domain already created
EOT
type = map(any)
}
variable "rime_repository" {
description = "Repository URL where to locate the requested RIME chart for the give `rime_version`."
type = string
}
variable "rime_version" {
description = "The version of the RIME software to be installed."
type = string
}
variable "s3_authorized_bucket_path_arns" {
description = <<EOT
A list of all S3 bucket path arns of which RIME will be granted access to.
Each path must be of the form:
arn:aws:s3:::<BUCKET>/sub/path
where <BUCKET> is the name of the S3 bucket and `sub/path` comprises
some path within the bucket. You can also use wildcards '?' or '*' within
the arn specification (e.g. 'arn:aws:s3:::datasets/*').
EOT
type = list(string)
}
variable "install_cluster_autoscaler" {
description = "Whether or not to install the cluster autoscaler."
type = bool
default = false
}
variable "cluster_name" {
description = "Name of eks cluster."
type = string
default = ""
}
variable "install_external_dns" {
description = "Whether or not to install external dns."
type = bool
default = false
}
variable "install_datadog" {
description = "Whether or not to install the Datadog Agent."
type = bool
default = false
}
variable "create_eks" {
description = "Whether or not to create a new EKS cluster to run RIME on. If false, cluster_name must be the name of an already provisioned cluster."
type = bool
default = true
}
variable "vpc_id" {
description = "VPC where the cluster and workers will be deployed. Must be specified if create_eks is true."
type = string
default = ""
}
variable "private_subnet_ids" {
description = "A list of private subnet ids to place the EKS cluster and workers within. Must be specified if create_eks is true"
type = list(string)
default = []
}
variable "public_subnet_ids" {
description = "A list of public subnet ids for EKS cluster load balancers to work in"
type = list(string)
default = []
}
variable "cluster_version" {
description = "Kubernetes version to use for the EKS cluster."
type = string
default = "1.20"
}
variable "node_ssh_key" {
description = "EC2 ssh key to be added to nodes for ssh access. This is only applicable if create_eks is true"
type = string
default = ""
}
variable "tags" {
description = "A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only."
type = map(string)
default = {}
}
variable "server_worker_group_min_size" {
description = "Minimum size of the server worker group. Must be >= 1"
type = number
default = 4
validation {
condition = var.server_worker_group_min_size >= 1
error_message = "Server worker group min size must be greater than or equal to 1."
}
}
variable "server_worker_group_max_size" {
description = "Maximum size of the server worker group. Must be >= min size. For best performance we recommend >= 10 nodes as the max size."
type = number
default = 10
}
variable "model_testing_worker_group_instance_types" {
description = "Instance types for the model testing worker group. Will spin up one asg per instance type"
type = list(string)
default = ["t2.large"]
}
variable "model_testing_worker_group_min_size" {
description = "Minimum size of the model testing worker group. Must be >= 1"
type = number
default = 0
validation {
condition = var.model_testing_worker_group_min_size >= 0
error_message = "Model testing worker group min size must be greater than or equal to 0."
}
}
variable "model_testing_worker_group_max_size" {
description = "Maximum size of the model testing worker group. Must be >= min size. For best performance we recommend >= 10 nodes as the max size."
type = number
default = 10
}
variable "map_roles" {
description = "Additional IAM roles to add to the aws-auth configmap. You will need to set this for any role you want to allow access to eks"
type = list(object({
rolearn = string
username = string
groups = list(string)
}))
default = []
}
variable "map_users" {
description = "Additional IAM users to add to the aws-auth configmap. You will need to set this for any role you want to allow access to eks."
type = list(object({
userarn = string
username = string
groups = list(string)
}))
default = []
}
variable "mongo_db_size" {
description = "MongoDb volume size"
type = string
default = "32Gi"
}
variable "install_velero" {
description = "Whether or not to install Velero."
type = bool
default = false
}
variable "velero_backup_schedule" {
description = "Backup schedule time in cron time string format."
type = string
default = "0 2 * * *"
}
variable "velero_backup_ttl" {
description = "A suffix to name the IAM policy and role with."
type = string
default = "336h"
}
variable "allow_ecr_pull" {
description = "Allow nodes to pull from ecr"
type = bool
default = true
}
variable "lb_security_group_rules" {
description = <<EOT
Configuration for lb security group rules. Should be structured like
{
type = string
from_port = string
to_port = string
protocol = string
description = string
cidr_blocks = string
ipv6_cidr_blocks = list(string)
self = bool
prefix_list_ids = list(string)
source_security_group_id = string
}
See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule for details
EOT
type = list(object({
type = string
from_port = number
to_port = number
protocol = string
description = string
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
self = bool
prefix_list_ids = list(string)
source_security_group_id = string
}))
default = []
}
variable "verbose" {
description = "Whether to use verbose mode for RIME application services."
type = bool
default = false
}
variable "rime_secrets_name" {
description = "Name of secrets manager secret where Rime values are stored"
type = string
default = "rime-secrets"
}