Skip to content

Commit

Permalink
Merge pull request #11 from francesco-racciatti/feat-support-custom-c…
Browse files Browse the repository at this point in the history 
…a-certificate
  • Loading branch information
@francesco-racciatti
francesco-racciatti authored Jan 12, 2023
2 parents 5fab174 + ff3848e commit c1a7f11
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 16 deletions.
32 changes: 17 additions & 15 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,21 +66,23 @@ No modules.

## Inputs

| Name | Description | Type | Default | Required |
|---------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------|:--------:|
| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Sysdig Access Key as either clear text or SecretsManager-backed secret reference (expected pattern: `arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]`) | `string` | n/a | yes |
| <a name="input_agent_image"></a> [agent\_image](#input\_agent\_image) | Orchestrator agent image | `string` | `"quay.io/sysdig/orchestrator-agent:latest"` | no |
| <a name="input_agent_tags"></a> [agent\_tags](#input\_agent\_tags) | Comma separated list of tags for this agent | `string` | `""` | no |
| <a name="input_assign_public_ip"></a> [assign\_public\_ip](#input\_assign\_public\_ip) | Provisions a public IP for the service. Required when using an Internet Gateway for egress. | `bool` | `false` | no |
| <a name="input_check_collector_certificate"></a> [check\_collector\_certificate](#input\_check\_collector\_certificate) | Whether to check the collector certificate when connecting. Mainly for development. | `string` | `"true"` | no |
| <a name="input_collector_host"></a> [collector\_host](#input\_collector\_host) | Sysdig collector host | `string` | `"collector.sysdigcloud.com"` | no |
| <a name="input_collector_port"></a> [collector\_port](#input\_collector\_port) | Sysdig collector port | `string` | `"6443"` | no |
| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | Default tags for all Sysdig Fargate Orchestrator resources | `map(string)` | <pre>{<br> "Application": "sysdig",<br> "Module": "fargate-orchestrator-agent"<br>}</pre> | no |
| <a name="input_name"></a> [name](#input\_name) | Identifier for module resources | `string` | `"sysdig-fargate-orchestrator"` | no |
| <a name="input_orchestrator_port"></a> [orchestrator\_port](#input\_orchestrator\_port) | Port for the workload agent to connect | `number` | `6667` | no |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs. | `list(string)` | n/a | yes |
| <a name="input_tags"></a> [tags](#input\_tags) | Extra tags for all Sysdig Fargate Orchestrator resources | `map(string)` | `{}` | no |
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where the orchestrator should be installed | `string` | n/a | yes |
| Name | Description | Type | Default | Required |
|-------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|---------------------------------------------------------------------------------------------|:--------:|
| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Sysdig Access Key as either clear text or SecretsManager-backed secret reference (expected pattern: `arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]`) | `string` | n/a | yes |
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where the orchestrator should be installed | `string` | n/a | yes |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs. | `list(string)` | n/a | yes |
| <a name="input_agent_image"></a> [agent\_image](#input\_agent\_image) | Orchestrator agent image | `string` | `"quay.io/sysdig/orchestrator-agent:latest"` | no |
| <a name="input_agent_tags"></a> [agent\_tags](#input\_agent\_tags) | Comma separated list of tags for this agent | `string` | `""` | no |
| <a name="input_assign_public_ip"></a> [assign\_public\_ip](#input\_assign\_public\_ip) | Provisions a public IP for the service. Required when using an Internet Gateway for egress. | `bool` | `false` | no |
| <a name="input_check_collector_certificate"></a> [check\_collector\_certificate](#input\_check\_collector\_certificate) | Whether to check the collector certificate when connecting. Mainly for development. | `string` | `"true"` | no |
| <a name="input_collector_host"></a> [collector\_host](#input\_collector\_host) | Sysdig collector host | `string` | `"collector.sysdigcloud.com"` | no |
| <a name="input_collector_port"></a> [collector\_port](#input\_collector\_port) | Sysdig collector port | `string` | `"6443"` | no |
| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | Default tags for all Sysdig Fargate Orchestrator resources | `map(string)` | <pre>{<br> "Application": "sysdig",<br> "Module": "fargate-orchestrator-agent"<br>}</pre> | no |
| <a name="input_name"></a> [name](#input\_name) | Identifier for module resources | `string` | `"sysdig-fargate-orchestrator"` | no |
| <a name="input_orchestrator_port"></a> [orchestrator\_port](#input\_orchestrator\_port) | Port for the workload agent to connect | `number` | `6667` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Extra tags for all Sysdig Fargate Orchestrator resources | `map(string)` | `{}` | no |
| <a name="input_collector_ca_certificate"></a> [collector\_ca\_certificate](#collector\_ca\_certificate) | Configures the collector custom CA certificate | `object({type=string, value=string, path=string})` | `({type="base64", value="", path="/ssl/cert.pm"})` | no |


## Outputs

Expand Down
14 changes: 13 additions & 1 deletion task.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,19 @@ locals {
{
name = "ADDITIONAL_CONF",
value = format("agentino_port: %s", tostring(var.orchestrator_port))
}
},
{
name = "COLLECTOR_CA_CERTIFICATE_TYPE",
value = var.collector_ca_certificate.type
},
{
name = "COLLECTOR_CA_CERTIFICATE_VALUE",
value = var.collector_ca_certificate.value
},
{
name = "COLLECTOR_CA_CERTIFICATE_PATH",
value = var.collector_ca_certificate.path
},
]
)
}
Expand Down
14 changes: 14 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,17 @@ variable "default_tags" {
Module = "fargate-orchestrator-agent"
}
}

variable "collector_ca_certificate" {
description = "Configures the collector custom CA certificate"
type = object({
type = string
value = string
path = string
})
default = ({
type = "base64"
value = ""
path = "/ssl/cert.pem"
})
}

0 comments on commit c1a7f11

Please sign in to comment.