From f508113b6da58b5888398292c4ee567a14057519 Mon Sep 17 00:00:00 2001 From: francesco-racciatti Date: Wed, 11 Jan 2023 12:31:39 +0100 Subject: [PATCH 1/3] docs: highlight mandatory parameters Signed-off-by: francesco-racciatti --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9216ebb..3c89304 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,8 @@ No modules. | Name | Description | Type | Default | Required | |---------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------|:--------:| | [access\_key](#input\_access\_key) | Sysdig Access Key as either clear text or SecretsManager-backed secret reference (expected pattern: `arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]`) | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | ID of the VPC where the orchestrator should be installed | `string` | n/a | yes | +| [subnets](#input\_subnets) | A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs. | `list(string)` | n/a | yes | | [agent\_image](#input\_agent\_image) | Orchestrator agent image | `string` | `"quay.io/sysdig/orchestrator-agent:latest"` | no | | [agent\_tags](#input\_agent\_tags) | Comma separated list of tags for this agent | `string` | `""` | no | | [assign\_public\_ip](#input\_assign\_public\_ip) | Provisions a public IP for the service. Required when using an Internet Gateway for egress. | `bool` | `false` | no | @@ -78,9 +80,8 @@ No modules. | [default\_tags](#input\_default\_tags) | Default tags for all Sysdig Fargate Orchestrator resources | `map(string)` | 
{
  "Application": "sysdig",
  "Module": "fargate-orchestrator-agent"
}
| no | | [name](#input\_name) | Identifier for module resources | `string` | `"sysdig-fargate-orchestrator"` | no | | [orchestrator\_port](#input\_orchestrator\_port) | Port for the workload agent to connect | `number` | `6667` | no | -| [subnets](#input\_subnets) | A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs. | `list(string)` | n/a | yes | | [tags](#input\_tags) | Extra tags for all Sysdig Fargate Orchestrator resources | `map(string)` | `{}` | no | -| [vpc\_id](#input\_vpc\_id) | ID of the VPC where the orchestrator should be installed | `string` | n/a | yes | + ## Outputs From df3ba2226516c5a7ebd9a93bb8906547938cecb1 Mon Sep 17 00:00:00 2001 From: francesco-racciatti Date: Wed, 11 Jan 2023 12:32:00 +0100 Subject: [PATCH 2/3] feat: support custom collector CA certificate Signed-off-by: francesco-racciatti --- task.tf | 14 +++++++++++++- variables.tf | 14 ++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/task.tf b/task.tf index d1c6e7e..c12a58f 100644 --- a/task.tf +++ b/task.tf @@ -37,7 +37,19 @@ locals { { name = "ADDITIONAL_CONF", value = format("agentino_port: %s", tostring(var.orchestrator_port)) - } + }, + { + name = "COLLECTOR_CA_CERTIFICATE_TYPE", + value = var.collector_ca_certificate.type + }, + { + name = "COLLECTOR_CA_CERTIFICATE_VALUE", + value = var.collector_ca_certificate.value + }, + { + name = "COLLECTOR_CA_CERTIFICATE_PATH", + value = var.collector_ca_certificate.path + }, ] ) } diff --git a/variables.tf b/variables.tf index 5fea068..78d1b95 100644 --- a/variables.tf +++ b/variables.tf @@ -94,3 +94,17 @@ variable "default_tags" { Module = "fargate-orchestrator-agent" } } + +variable "collector_ca_certificate" { + description = "Configures the collector custom CA certificate" + type = object({ + type = string + value = string + path = string + }) + default = ({ + type = "base64" + value = "" + path = "/ssl/cert.pem" + }) +} From 2b55d377ad15410cb383b25929a4dce7ce3d6d7f Mon Sep 17 00:00:00 2001 From: francesco-racciatti Date: Wed, 11 Jan 2023 12:36:53 +0100 Subject: [PATCH 3/3] docs: update documentation Signed-off-by: francesco-racciatti --- README.md | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 3c89304..55ede4c 100644 --- a/README.md +++ b/README.md @@ -66,21 +66,22 @@ No modules. ## Inputs -| Name | Description | Type | Default | Required | -|---------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------|:--------:| -| [access\_key](#input\_access\_key) | Sysdig Access Key as either clear text or SecretsManager-backed secret reference (expected pattern: `arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]`) | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | ID of the VPC where the orchestrator should be installed | `string` | n/a | yes | -| [subnets](#input\_subnets) | A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs. | `list(string)` | n/a | yes | -| [agent\_image](#input\_agent\_image) | Orchestrator agent image | `string` | `"quay.io/sysdig/orchestrator-agent:latest"` | no | -| [agent\_tags](#input\_agent\_tags) | Comma separated list of tags for this agent | `string` | `""` | no | -| [assign\_public\_ip](#input\_assign\_public\_ip) | Provisions a public IP for the service. Required when using an Internet Gateway for egress. | `bool` | `false` | no | -| [check\_collector\_certificate](#input\_check\_collector\_certificate) | Whether to check the collector certificate when connecting. Mainly for development. | `string` | `"true"` | no | -| [collector\_host](#input\_collector\_host) | Sysdig collector host | `string` | `"collector.sysdigcloud.com"` | no | -| [collector\_port](#input\_collector\_port) | Sysdig collector port | `string` | `"6443"` | no | -| [default\_tags](#input\_default\_tags) | Default tags for all Sysdig Fargate Orchestrator resources | `map(string)` | 
{
  "Application": "sysdig",
  "Module": "fargate-orchestrator-agent"
}
| no | -| [name](#input\_name) | Identifier for module resources | `string` | `"sysdig-fargate-orchestrator"` | no | -| [orchestrator\_port](#input\_orchestrator\_port) | Port for the workload agent to connect | `number` | `6667` | no | -| [tags](#input\_tags) | Extra tags for all Sysdig Fargate Orchestrator resources | `map(string)` | `{}` | no | +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|---------------------------------------------------------------------------------------------|:--------:| +| [access\_key](#input\_access\_key) | Sysdig Access Key as either clear text or SecretsManager-backed secret reference (expected pattern: `arn:aws:secretsmanager:region:accountId:secret:secretName[:jsonKey:versionStage:versionId]`) | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | ID of the VPC where the orchestrator should be installed | `string` | n/a | yes | +| [subnets](#input\_subnets) | A list of subnets that can access the internet and are reachable by instrumented services. The subnets must be in at least 2 different AZs. | `list(string)` | n/a | yes | +| [agent\_image](#input\_agent\_image) | Orchestrator agent image | `string` | `"quay.io/sysdig/orchestrator-agent:latest"` | no | +| [agent\_tags](#input\_agent\_tags) | Comma separated list of tags for this agent | `string` | `""` | no | +| [assign\_public\_ip](#input\_assign\_public\_ip) | Provisions a public IP for the service. Required when using an Internet Gateway for egress. | `bool` | `false` | no | +| [check\_collector\_certificate](#input\_check\_collector\_certificate) | Whether to check the collector certificate when connecting. Mainly for development. | `string` | `"true"` | no | +| [collector\_host](#input\_collector\_host) | Sysdig collector host | `string` | `"collector.sysdigcloud.com"` | no | +| [collector\_port](#input\_collector\_port) | Sysdig collector port | `string` | `"6443"` | no | +| [default\_tags](#input\_default\_tags) | Default tags for all Sysdig Fargate Orchestrator resources | `map(string)` | 
{
  "Application": "sysdig",
  "Module": "fargate-orchestrator-agent"
}
| no | +| [name](#input\_name) | Identifier for module resources | `string` | `"sysdig-fargate-orchestrator"` | no | +| [orchestrator\_port](#input\_orchestrator\_port) | Port for the workload agent to connect | `number` | `6667` | no | +| [tags](#input\_tags) | Extra tags for all Sysdig Fargate Orchestrator resources | `map(string)` | `{}` | no | +| [collector\_ca\_certificate](#collector\_ca\_certificate) | Configures the collector custom CA certificate | `object({type=string, value=string, path=string})` | `({type="base64", value="", path="/ssl/cert.pm"})` | no | ## Outputs