Infrastructure base deployment streamlines the process of provisioning environments across AWS, Azure, and GCP. It supports automation and customizable configurations, making it ideal for multi-cloud strategies and hybrid deployments.
The general default parameters below outline the minimum requirements for setting up a new environment. These settings can be customised further to meet specific needs.
terraform:
variables:
region: eu-central-1
ip_range_k8s: "10.0.0.0/16"
ip_range_service: "10.1.0.0/16"
dns_common_name: ""
| Variable name | Value example/ default value | Description |
region |
eu-central-1 |
AWS region to provision environment in. |
ip_range_k8s |
"10.0.0.0/16" |
The IPv4 CIDR block for the AWS VPC, where the environment be resided |
ip_range_service |
"10.1.0.0/16" |
The IPv4 CIDR block for the AWS VPC, where the other service be resided, such as Lambdas, or RDS insntances. |
dns_common_name |
"" |
DNS domain name associated with the environment. |
Node pool configurations can be adjusted to suit the needs of the environment. For instance, additional node pools can be provisioned to support specific workloads (e.g., GPU-intensive tasks) or to enforce the use of SPOT instances exclusively for certain stateless workloads.
By default, two node pools are configured: main and data.
terraform:
variables:
nodepools:
main:
enabled: true
type: generalPurpose
labels:
workloads-type: generalPurpose
requirements:
kubernetes.io/arch: ["amd64"]
kubernetes.io/os: ["linux"]
karpenter.sh/capacity-type: ["spot"]
karpenter.k8s.aws/instance-size: ["xlarge", "2xlarge", "4xlarge"]
karpenter.k8s.aws/instance-family: ["m5", "m6i", "m7i", "t3", "t2"]
expireAfter: 720h
terminationGracePeriod: 48h
limits:
cpu: 320
memory: 1280Gi
distruption:
consolidationPolicy: WhenEmptyOrUnderutilized
consolidateAfter: 1m
budgets:
- nodes: 10%
dataDisk:
volumeSize: 50Gi
volumeType: gp3
deleteOnTermination: true
encrypted: false 2. Data Node Pool
• Purpose: Persistent workloads (e.g., databases, StatefulSets).
• Key Features: Uses on-demand instances with support for persistent storage.
terraform:
variables:
nodepools:
data:
type: persistentData
enabled: true
labels:
workloads-type: persistentData
requirements:
kubernetes.io/arch: ["amd64"]
kubernetes.io/os: ["linux"]
karpenter.sh/capacity-type: ["on-demand"]
karpenter.k8s.aws/instance-size: ["xlarge", "2xlarge", "4xlarge"]
karpenter.k8s.aws/instance-family: ["c5", "c6i", "c7i", "r5", "r6i", "r7i"]
expireAfter: 720h
terminationGracePeriod: 48h
limits:
cpu: 320
memory: 1280Gi
distruption:
consolidationPolicy: WhenEmptyOrUnderutilized
consolidateAfter: 1m
budgets:
- nodes: 10%
dataDisk:
volumeSize: 50Gi
volumeType: gp3
deleteOnTermination: true
encrypted: trueNew node pools can be added with predefined or custom configurations.
terraform:
variables:
nodepools:
newNodepool:
# labels:
# workloads-type: stateless
requirements:
kubernetes.io/arch: ["amd64"]
kubernetes.io/os: ["linux"]
karpenter.sh/capacity-type: ["spot"]
karpenter.k8s.aws/instance-size: ["xlarge", "2xlarge", "4xlarge"]
karpenter.k8s.aws/instance-family: ["m5", "m6i", "m7i", "t3", "t2"]
# taints:
# - key: example.com/special-taint
# effect: NoSchedule
# startupTaints:
# - key: example.com/another-taint
# effect: NoSchedule
expireAfter: 720h
#terminationGracePeriod: 48h
#weight: 100
limits:
cpu: 320
memory: 1280Gi
#nvidia.com/gpu: 2
distruption:
consolidationPolicy: WhenEmptyOrUnderutilized
consolidateAfter: 1m
budgets:
- nodes: 10%
# # On Weekdays during business hours, don't do any deprovisioning.
# - schedule: "0 9 * * mon-fri"
# duration: 8h
# nodes: "0"
dataDisk:
volumeSize: 50Gi
volumeType: gp3
deleteOnTermination: true
# iops: 100
encrypted: false
# kubelet:
# systemReserved:
# cpu: 100m
# memory: 100Mi
# ephemeral-storage: 1GiUse existing types (persistentData or generalPurpose) to inherit default values.
For a complete list of available parameters, refer to the documentation.
VPC endpoints enable secure connections to AWS services without public IP addresses. Traffic remains within the AWS network for enhanced security. Learn more in AWS documentation.
terraform:
variables:
vpc_endpoints:
s3:
create: false
service: "s3"
service_type: "Gateway"
dynamodb:
create: false
service: "dynamodb"
service_type: "Gateway"
ecr_api:
create: false
service: "ecr.api"
private_dns_enabled: true
ecr_dkr:
create: false
service: "ecr.dkr"
private_dns_enabled: true
some_serice_endpoint:
service_name: "com.amazonaws.us-west-2.ec2"
private_dns_enabled: true
auto_accept: falseThere two ways of providing vpc endpoint's configuration:
service : This is suitable supported AWS services like EC2, S3, etc.service_name : This works for any privateLink endpoint provisioned.