Skip to content

Latest commit

 

History

History

complete

README.md

Example: Complete (includes pre-configured Wayfinder SSO)

Deployment

  1. Create a DNS Zone in AWS Route53 and ensure the domain is delegated to the AWS nameservers.
  2. Create an AWS Secrets Manager Secret with your Product Licence Key and IDP details:
$ aws secretsmanager create-secret --name wayfinder-secrets

$ cat secret.json
{
  "licenceKey": "LICENCE-KEY",
  "idpClientId": "CLIENT-ID",
  "idpClientSecret": "CLIENT-SECRET",
  "idpServerUrl": "IDP-SERVER-URL",
  "idpAzureTenantId": ""
}

$ aws secretsmanager put-secret-value --secret-id wayfinder-secrets --secret-string file://secret.json
  1. Copy the terraform.tfvars.example file to terraform.tfvars and update with your values.
  2. Run terraform init -upgrade -backend-config="bucket=BUCKET-NAME" -backend-config="key=STATE-FILE.tfstate" -backend-config="encrypt=true" -backend-config="dynamodb_table=TABLE-NAME" -backend-config="region=AWS-REGION"
  3. Run terraform apply

Updating Docs

The terraform-docs utility is used to generate this README. Follow the below steps to update:

  1. Make changes to the .terraform-docs.yml file
  2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
  3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Providers

Name Version
aws ~> 5.0

Inputs

Name Description Type Default Required
clusterissuer_email The email address to use for the cert-manager cluster issuer. string n/a yes
dns_zone_name The local DNS zone to use (e.g. wayfinder.example.com). string n/a yes
wayfinder_instance_id The instance ID to use for Wayfinder. string n/a yes
access_entries Map of access entries to add to the cluster. 
map(object({
    kubernetes_groups = optional(list(string))
    principal_arn     = string
    policy_associations = optional(map(object({
      policy_arn = string
      access_scope = object({
        namespaces = optional(list(string))
        type       = string
      })
    })))
  }))
 {} no
availability_zones List of availability zones to deploy into. list(string) 
[
  "eu-west-2a",
  "eu-west-2b",
  "eu-west-2c"
]
 no
aws_secretsmanager_name The name of the AWS Secrets Manager secret to fetch, which contains IDP configuration. string "wayfinder-secrets" no
create_localadmin_user Whether to create a localadmin user for access to the Wayfinder Portal and API. bool false no
disable_internet_access Whether to disable internet access for EKS and the Wayfinder ingress controller. bool false no
disable_local_login Whether to disable local login for Wayfinder. Note: An IDP must be configured within Wayfinder, otherwise you will not be able to log in. bool false no
environment The environment name we are provisioning. string "production" no
idp_provider The Identity Provider type to configure for Wayfinder (supported: generic, aad). string "generic" no
tags Tags to apply to all resources. map(any) {} no
vpc_cidr CIDR block for the Wayfinder VPC. string "10.0.0.0/21" no
vpc_private_subnets List of private subnets in the Wayfinder VPC. list(string) 
[
  "10.0.0.0/24",
  "10.0.1.0/24",
  "10.0.2.0/24"
]
 no
vpc_public_subnets List of public subnets in the Wayfinder VPC. list(string) 
[
  "10.0.3.0/24",
  "10.0.4.0/24",
  "10.0.5.0/24"
]
 no

Outputs

Name Description
cluster_name The name of the Wayfinder EKS cluster
wayfinder_api_url The URL for the Wayfinder API
wayfinder_ui_url The URL for the Wayfinder UI