Skip to content

Opscontrol configuration

Platform specific configuration

Name Description Type Default Required
vsphere_host vSphere host string n/a yes
vsphere_username vSphere username string n/a yes
vsphere_password vSphere password string n/a yes
vsphere_allow_unverified_ssl Allow insecure SSL to vSphere APIs bool n/a yes
vsphere_datacenter vSphere datacenter name string n/a yes
vsphere_datastore vSphere datastore name string n/a yes
vsphere_cluster vSphere cluster name string n/a yes
vsphere_resource_pool vSphere resource pool name string n/a yes
nsxt_host NSX-T host string n/a yes
nsxt_username NSX-T username string n/a yes
nsxt_password NSX-T password string n/a yes
nsxt_allow_unverified_ssl Allow insecure SSL to NSX-T APIs bool n/a yes
nsxt_remote_auth Use remote authorization when connecting to NSX-T APIs bool false no
nsxt_max_retries The maximum number of retires before failing an API request number 100 no
nsxt_retry_min_delay The minimum delay, in milliseconds, between API retries number 1000 no
nsxt_retry_max_delay The maximum delay, in milliseconds, between API retries number 5000 no
overlay_transport_zone_name NSX-T overlay transport zone name string n/a yes
tier0_router_name NSX-T Tier-0 router/gateway name string n/a yes
edge_cluster_name NSX-T edge cluster name string n/a yes
env_name Environment name string n/a yes
opscontrol_base_domain DNS domain for the opscontrol string n/a yes
public_dns_ip Public DNS server IP address string n/a yes
dns_instance_public_ip Public IP address of the DNS instance string null no
dns_instance_private_ip Private IP address of the DNS instance string null no
network_cidr Whole network CIDR string n/a yes
subnets_cidr_mask Subnets default CIDR mask number 26 no
dmz_subnet_cidr DMZ subnet CIDR string null no
dmz_router_ip DMZ network router/gateway IP address in CIDR format string null no
dmz_dhcp_server_ip DMZ network DHCP server IP address in CIDR format string null no
dmz_dhcp_server_range_start First IP address from DMZ network DHCP server range string null no
dmz_dhcp_server_range_end Last IP address from DMZ network DHCP server range string null no
mgmt_subnet_cidr MGMT subnet CIDR string null no
mgmt_router_ip MGMT network router/gateway IP address in CIDR format string null no
mgmt_dhcp_server_ip MGMT network DHCP server IP address in CIDR format string null no
mgmt_dhcp_server_range_start First IP address from MGMT network DHCP server range string null no
mgmt_dhcp_server_range_end Last IP address from MGMT network DHCP server range string null no
control_plane_subnet_cidr control_plane subnet CIDR string null no
control_plane_router_ip control_plane network router/gateway IP address in CIDR format string null no
control_plane_dhcp_server_ip control_plane network DHCP server IP address in CIDR format string null no
control_plane_dhcp_server_range_start First IP address from control_plane network DHCP server range string null no
control_plane_dhcp_server_range_end Last IP address from control_plane network DHCP server range string null no
control_plane_api_port K8S API port number 6443 no
control_plane_ingress_ports K8S Ingress ports list(number) 
[
  80,
  443
]
 no
control_plane_lb_public_ip Public IP address of the Control Plane LB string null no
control_plane_lb_app_profile_name Name of the application profile used by the Control Plane LB (Used only by the Policy API) string "default-tcp-lb-app-profile" no
control_plane_lb_ingress_active_monitor_paths Path of the active monitor K8S LB Pool (Used only by the Policy API) list(string) 
[
  "/infra/lb-monitor-profiles/default-icmp-lb-monitor"
]
 no
control_plane_lb_api_active_monitor_paths Path of the active monitor K8S LB Pool (Used only by the Policy API) list(string) 
[
  "/infra/lb-monitor-profiles/default-icmp-lb-monitor"
]
 no
enable_gateway_policy Enable Gateway Firewall bool true no
env_cidrs CIDRs of the environments list(string) n/a yes
opscontrol_whitelist_out List of CIDRs to which traffic from opscontrol is allowed list(string) 
[
  "0.0.0.0/0"
]
 no
control_plane_api_whitelist_in List of CIDR's from which acccess to k8s_api is allowed list(string) n/a yes
jumpbox_whitelist_ssh_in List of CIDRs from which SSH to jumpbox is allowed list(string) n/a yes
control_plane_node_ports_enabled Enable TCP/UDP and whitelist node ports bool false no
control_plane_node_ports_whitelist List of CIDRs node ports to open list(string) [] no
control_plane_node_ports_tcp TCP node ports list(string) [] no
control_plane_node_ports_udp UDP node ports list(string) [] no
jumpbox_ip Jumpbox IP address string null no
jumpbox_template_name Jumpbox template name string n/a yes
jumpbox_network_name Jumpbox custom network name string "" no
jumpbox_network_cidr Jumpbox custom network CIDR string "" no
jumpbox_gateway_ip Jumpbox custom gateway IP address string "" no
vm_hardware_version vSphere VM hardware version number 13 no
vmware_tools_upgrade_policy VMware tools upgrade policy. Possible values: manual, upgradeAtPowerCycle. Default: manual. string "manual" no
sensitive_data_vsphere_ca_filename vSphere CA filename string "vsphere_ca" no
sensitive_data_nsxt_ca_filename NSXT CA filename string "nsxt_ca" no
sensitive_data_storage_container_name Container name for keys string "sensitive-data" no
sensitive_data_git_private_key_filename GIT private key filename string "git-devops" no
sensitive_data_git_private_key_password GIT private key password string "" no
sensitive_data_jumpbox_public_key_filename Jumpbox public key filename string "jumpbox-devops.pub" no
sensitive_data_jumpbox_private_key_filename Jumpbox private key filename string "jumpbox-devops" no
sensitive_data_jumpbox_private_key_password Jumpbox private key password string "" no
sensitive_data_dns_public_key_filename DNS public key filename string "dns-devops.pub" no
sensitive_data_dns_private_key_filename DNS private key filename string "dns-devops" no
sensitive_data_dns_private_key_password DNS private key password string "" no
sensitive_data_k8s_public_key_filename K8S public key filename string "k8s-devops.pub" no
sensitive_data_k8s_private_key_filename K8S private key filename string "k8s-devops" no
sensitive_data_k8s_private_key_password K8S private key password string "" no
sensitive_data_traefik_crt_filename Traefik control plane certificate filename string "" no
sensitive_data_traefik_crt_chain_filename Traefik control plane certificate chain filename string "" no
sensitive_data_traefik_key_filename Traefik control plane certificate private key filename string "" no
sensitive_data_traefik_key_password Traefik control plane certificate private key password string "" no
sensitive_data_offline_root_ca_crt_filename Offline Root CA certificate filename string "" no
sensitive_data_offline_root_ca_crt_chain_filename Offline Root CA certificate chain filename string "" no
sensitive_data_offline_root_ca_key_filename Offline Root CA private key filename string "" no
sensitive_data_offline_root_ca_key_password Offline Root CA private key password string "" no
sensitive_data_trusted_ca_crt_filenames List of files containing trusted CA certificates list(string) [] no
root_ca_key_size Size (in bits) of the Root CA RSA key number 4096 no
root_ca_validity_period How long (in days) Root CA remains valid number 3650 no
intermediate_ca_key_size Size (in bits) of the Intermediate CA RSA key number 4096 no
intermediate_ca_validity_period How long (in days) Intermediate CA remains valid number 3650 no
service_crt_key_size Size (in bits) of the service certificate RSA key number 2048 no
service_crt_validity_period How long (in days) service certificate remains valid number 365 no
ca_country Sets the Country (C) field of the generated certificate string "" no
ca_province Sets the State/Province (ST) field of the generated certificate string "" no
ca_locality Sets the Locality (L) field of the generated certificate string "" no
ca_organization Sets the Organization (O) field of the generated certificate string "" no
ca_organizational_unit Sets the Organizational Unit (OU) field of the generated certificate string "" no
ingestor_port Ingestor port number 30514 no
elasticsearch_port ElasticSearch port number 30920 no
ssh_allowed_hosts List of hostnames, separated by space, which has StrictHostKeyChecking set to no string "ssh.dev.azure.com github.com" no
config_repository_url Git URI to the config repository string n/a yes
config_repository_branch Git branch name in the config repository string n/a yes
docker_registry_url Docker registry URL string n/a yes
docker_registry_username Docker registry username string "" no
docker_registry_password Docker registry password string "" no
docker_registry_proxy_cache_project Name of the Docker registry proxy cache project string n/a yes
docker_registry_cloudboostr_project Name of the Docker registry Cloudboostr project string n/a yes
cloudboostr_image_name Name of the Cloudboostr Docker image string n/a yes
cloudboostr_image_tag Tag of the Cloudboostr Docker image string n/a yes
infrastructure_state_bucket_name Bucket name for infrastructure state string n/a yes
backups_bucket_name Bucket name for backups string n/a yes
extensions_bucket_name Bucket name for extension files string n/a yes
extensions_dns_directory Directory name for dns extension files in extensions bucket string "vsphere/opscontrol/cb-dns-deployment" no
extensions_dns_properties Properties filename for extension ops string "dns.properties" no
extensions_concourse_directory Directory name for concourse extension files in extensions bucket string "vsphere/opscontrol/cb-concourse-deployment" no
extensions_concourse_properties Properties filename for extension ops string "concourse.properties" no
extensions_elk_directory Directory name for elk extension files in extensions bucket string "vsphere/opscontrol/cb-elk-deployment" no
extensions_elk_properties Properties filename for extension ops string "elk.properties" no
extensions_prometheus_directory Directory name for prometheus extension files in extensions bucket string "vsphere/opscontrol/cb-prometheus-deployment" no
extensions_prometheus_properties Properties filename for extension ops string "prometheus.properties" no
extensions_control_plane_directory Directory name for kubernetes control plane extension files in extensions bucket string "vsphere/opscontrol/cb-control-plane-deployment" no
extensions_control_plane_properties Properties filename for extension ops string "control-plane.properties" no
extensions_keycloak_directory Directory name for keycloak extension files in keycloak bucket string "vsphere/opscontrol/cb-keycloak-deployment" no
extensions_keycloak_properties Properties filename for extension ops string "keycloak.properties" no
http_proxy_url HTTP proxy url in format http://:@: string "" no
https_proxy_url HTTPS proxy url in format http://:@: string "" no
no_proxy No proxy comma separated urls/ips string "" no
control_plane_template_name Template used for the Kubernetes VMs string n/a yes
k8s_master_count Number of k8s master nodes number 0 no
control_plane_master_ips IPs used for the Kubernetes master nodes list(string) null no
control_plane_master_cpu CPU used for the Kubernetes master nodes string 2 no
control_plane_master_cores_per_socket The number of cores per socket in the virtual machine string 1 no
control_plane_master_ram RAM used for the Kubernetes master nodes string 4096 no
control_plane_master_network_name Network used for the Kubernetes master nodes string "" no
control_plane_master_gateway_ip Gateway used for the Kubernetes master nodes string "" no
control_plane_master_network_cidr Network cidr used for the Kubernetes master nodes string "" no
firewall_logging_enabled Enable NSX-T policy firewall logging bool true no
k8s_worker_count Number of k8s worker nodes number 0 no
control_plane_worker_ips IPs used for the Kubernetes worker nodes list(string) null no
control_plane_worker_cpu CPU used for the Kubernetes worker nodes string 4 no
control_plane_worker_cores_per_socket The number of cores per socket in the virtual machine string 1 no
control_plane_worker_ram RAM used for the Kubernetes worker nodes [MB] string 4096 no
control_plane_worker_disk Storage used for the Kubernetes worker nodes [GB] string 200 no
control_plane_worker_network_name Network used for the Kubernetes worker nodes string "" no
control_plane_worker_gateway_ip Gateway used for the Kubernetes worker nodes string "" no
control_plane_worker_network_cidr Network cidr used for the Kubernetes worker nodes string "" no
ntp_servers Custom list of NTP servers that should be used on VMs list(string) [] no
cpu_hot_add_enabled Allow CPUs to be added to the virtual machine while it is powered on bool false no
memory_hot_add_enabled Allow memory to be added to the virtual machine while it is powered on bool false no
dns_template_name Template used for the DNS VMs string n/a yes
elasticsearch_deployment_enabled Enables or disables ELK deployment with Elasticsearch/OpenSearch + Filebeat + Kibana bool true no
velero_snapshot_volumes Enables or disables snapshot volumes option in Velero backup bool true no
velero_deploy_restic Enables or disables restic in Velero bool true no
opscontrol_networks Opscontrol networks and settings 
map(object({
    index                   = number
    cidr                    = optional(string)
    gateway_ip              = optional(string)
    router_ip               = optional(string)
    dhcp_server_ip          = optional(string)
    dhcp_server_range_start = optional(string)
    dhcp_server_range_end   = optional(string)
  }))
 
{
  "control_plane": {
    "index": 1
  },
  "dmz": {
    "index": 2
  },
  "mgmt": {
    "index": 0
  }
}
 no
k8s_create_standard_storage_class Indicates if standard storage class should be created bool true no
k8s_set_standard_storage_class_as_default Indicates if standard storage class should be set as a default bool true no
k8s_standard_storage_class_name Name of the standard storage class string "standard-storage-class" no
k8s_storage_class Name of the storage class to use for deployments string "standard-storage-class" no
Name Description Type Default Required
aws_access_key AWS access_key for the account string n/a yes
aws_secret_key AWS secret for the account string n/a yes
aws_region AWS region string n/a yes
azs List of availability zones (This should be 2 element list) list(string) n/a yes
ami_name The name of the AMI string n/a yes
public_dns_ip Public DNS server IP address string "8.8.8.8" no
sensitive_data_storage_container_name Container name for keys string "sensitive-data" no
sensitive_data_git_private_key_filename GIT private key filename string "git-devops" no
sensitive_data_git_private_key_password GIT private key password string "" no
sensitive_data_jumpbox_public_key_filename Jumpbox public key filename string "jumpbox-devops.pub" no
sensitive_data_jumpbox_private_key_filename Jumpbox private key filename string "jumpbox-devops" no
sensitive_data_jumpbox_private_key_password Jumpbox private key password string "" no
sensitive_data_dns_public_key_filename DNS public key filename string "dns-devops.pub" no
sensitive_data_dns_private_key_filename DNS private key filename string "dns-devops" no
sensitive_data_dns_private_key_password DNS private key password string "" no
sensitive_data_k8s_public_key_filename K8S public key filename string "k8s-devops.pub" no
sensitive_data_k8s_private_key_filename K8S private key filename string "k8s-devops" no
sensitive_data_k8s_private_key_password K8S private key password string "" no
sensitive_data_traefik_crt_filename Traefik control plane certificate filename string "" no
sensitive_data_traefik_key_filename Traefik control plane certificate private key filename string "" no
sensitive_data_traefik_key_password Traefik control plane certificate private key password string "" no
sensitive_data_offline_root_ca_key_password Offline Root CA private key password string "" no
sensitive_data_offline_root_ca_key_filename Offline Root CA private key filename string "" no
sensitive_data_offline_root_ca_crt_filename Offline Root CA certificate filename string "" no
sensitive_data_offline_root_ca_chain_filename Offline Root CA chain filename string "" no
sensitive_data_trusted_ca_crt_filenames List of files containing trusted CA certificates list(string) [] no
root_ca_key_size Size (in bits) of the Root CA RSA key number 4096 no
root_ca_validity_period How long (in days) Root CA remains valid number 3650 no
intermediate_ca_key_size Size (in bits) of the Intermediate CA RSA key number 4096 no
intermediate_ca_validity_period How long (in days) Intermediate CA remains valid number 3650 no
service_crt_key_size Size (in bits) of the service certificate RSA key number 2048 no
service_crt_validity_period How long (in days) service certificate remains valid number 365 no
ca_country Sets the Country (C) field of the generated certificate string "" no
ca_province Sets the State/Province (ST) field of the generated certificate string "" no
ca_locality Sets the Locality (L) field of the generated certificate string "" no
ca_organization Sets the Organization (O) field of the generated certificate string "" no
ca_organizational_unit Sets the Organizational Unit (OU) field of the generated certificate string "" no
jumpbox_whitelist_ssh_in List of CIDRs from which SSH to jumpbox is allowed list(string) n/a yes
opscontrol_whitelist_out List of CIDRs to which (except env) traffic from opscontrol is allowed (e.g. proxy) list(string) 
[
  "0.0.0.0/0"
]
 no
env_cidrs List of CIDRs of envs to and from which traffic is allowed list(string) 
[
  "10.0.0.0/8"
]
 no
jumpbox_instance_type AWS VM type that should be used for jumpbox string n/a yes
dns_instance_type VM instance type that should be used for DNS string n/a yes
env_name Prefix appended to the resources names string "opscontrol" no
hosted_zone_id The ID of the hosted zone to contain DNS records string n/a yes
opscontrol_base_domain Base domain name to all services in opscontrol string n/a yes
network_cidr Whole network CIDR string "10.96.0.0/16" no
config_repository_url Git URI to the config repository string n/a yes
config_repository_branch Git branch name in the config repository string n/a yes
infrastructure_state_bucket_name Bucket name for infrastructure state string n/a yes
backups_bucket_name Bucket name for backups string n/a yes
extensions_bucket_name Bucket name for extension files string n/a yes
extensions_dns_directory Directory name for dns extension files in extensions bucket string "aws/opscontrol/cb-dns-deployment" no
extensions_dns_properties Properties filename for extension ops string "dns.properties" no
extensions_concourse_directory Directory name for concourse extension files in extensions bucket string "aws/opscontrol/cb-concourse-deployment" no
extensions_concourse_properties Properties filename for extension ops string "concourse.properties" no
extensions_elk_directory Directory name for elk extension files in extensions bucket string "aws/opscontrol/cb-elk-deployment" no
extensions_elk_properties Properties filename for extension ops string "elk.properties" no
extensions_prometheus_directory Directory name for prometheus extension files in extensions bucket string "aws/opscontrol/cb-prometheus-deployment" no
extensions_prometheus_properties Properties filename for extension ops string "prometheus.properties" no
extensions_control_plane_directory Directory name for kubernetes control plane extension files in extensions bucket string "aws/opscontrol/cb-control-plane-deployment" no
extensions_control_plane_properties Properties filename for extension ops string "control-plane.properties" no
extensions_keycloak_directory Directory name for keycloak extension files in keycloak bucket string "aws/opscontrol/cb-keycloak-deployment" no
extensions_keycloak_properties Properties filename for extension ops string "keycloak.properties" no
ingestor_port Ingestor port number 30514 no
elasticsearch_port ElasticSearch port number 30920 no
ssh_allowed_hosts List of hostnames, separated by space, which has StrictHostKeyChecking set to no string "ssh.dev.azure.com github.com" no
http_proxy_url Http proxy url in format http://:@: string "" no
https_proxy_url Https proxy url in format http://:@: string "" no
no_proxy No proxy commaseparated urls/ips string "" no
k8s_master_instance_type Instance type for k8s master nodes string n/a yes
k8s_worker_instance_type Instance type for k8s worker nodes string n/a yes
k8s_worker_count Number of k8s worker instances number 3 no
k8s_worker_volume_size K8s worker volume size number 40 no
k8s_worker_volume_type K8s worker volume type string "standard" no
k8s_worker_iam_instance_profile K8s worker IAM instance profile string n/a yes
k8s_master_count Number of k8s master instances number 3 no
k8s_master_volume_size K8s master volume size number 40 no
k8s_master_volume_type K8s master volume type string "standard" no
k8s_master_iam_instance_profile K8s master IAM instance profile string n/a yes
docker_registry_url Docker registry URL string n/a yes
docker_registry_username Docker registry username string "" no
docker_registry_password Docker registry password string "" no
docker_registry_proxy_cache_project Name of the Docker registry proxy cache project string n/a yes
docker_registry_cloudboostr_project Name of the Docker registry Cloudboostr project string n/a yes
cloudboostr_image_name Name of the Cloudboostr Docker image string n/a yes
cloudboostr_image_tag Tag of the Cloudboostr Docker image string n/a yes
elasticsearch_deployment_enabled Enables or disables ELK deployment with Elasticsearch/OpenSearch + Filebeat + Kibana bool true no
velero_snapshot_volumes Enables or disables snapshot volumes option in Velero backup bool true no
velero_deploy_restic Enables or disables restic in Velero bool true no
opscontrol_networks Opscontrol networks and settings 
map(object({
    index                   = number
    cidr                    = optional(string)
    gateway_ip              = optional(string)
    router_ip               = optional(string)
    dhcp_server_ip          = optional(string)
    dhcp_server_range_start = optional(string)
    dhcp_server_range_end   = optional(string)
  }))
 
{
  "control_plane_az1": {
    "index": 1
  },
  "control_plane_az2": {
    "index": 2
  },
  "dmz_az1": {
    "index": 3
  },
  "dmz_az2": {
    "index": 4
  },
  "mgmt": {
    "index": 0
  }
}
 no
k8s_create_standard_storage_class Indicates if standard storage class should be created bool true no
k8s_set_standard_storage_class_as_default Indicates if standard storage class should be set as a default bool true no
k8s_standard_storage_class_name Name of the standard storage class string "standard-storage-class" no
k8s_storage_class Name of the storage class to use for deployments string "standard-storage-class" no
Name Description Type Default Required
azure_subscription_id Azure subscription ID string n/a yes
azure_client_id Azure client ID string n/a yes
azure_client_secret Azure client secret string n/a yes
azure_tenant_id Azure tenant ID string n/a yes
public_dns_ip Public DNS IP string "8.8.8.8" no
sensitive_data_storage_container_name Container name for keys string "sensitive-data" no
sensitive_data_git_private_key_filename GIT private key filename string "git-devops" no
sensitive_data_git_private_key_password GIT private key password string "" no
sensitive_data_jumpbox_public_key_filename Jumpbox public key filename string "jumpbox-devops.pub" no
sensitive_data_jumpbox_private_key_filename Jumpbox private key filename string "jumpbox-devops" no
sensitive_data_jumpbox_private_key_password Jumpbox private key password string "" no
sensitive_data_dns_public_key_filename DNS public key filename string "dns-devops.pub" no
sensitive_data_dns_private_key_filename DNS private key filename string "dns-devops" no
sensitive_data_dns_private_key_password DNS private key password string "" no
sensitive_data_k8s_public_key_filename K8S public key filename string "k8s-devops.pub" no
sensitive_data_k8s_private_key_filename K8S private key filename string "k8s-devops" no
sensitive_data_k8s_private_key_password K8S private key password string "" no
sensitive_data_traefik_crt_filename Traefik control plane certificate filename string "" no
sensitive_data_traefik_key_filename Traefik control plane certificate private key filename string "" no
sensitive_data_traefik_key_password Traefik control plane certificate private key password string "" no
sensitive_data_offline_root_ca_key_password Offline Root CA private key password string "" no
sensitive_data_offline_root_ca_key_filename Offline Root CA private key filename string "" no
sensitive_data_offline_root_ca_crt_filename Offline Root CA certificate filename string "" no
sensitive_data_offline_root_ca_chain_filename Offline Root CA chain filename string "" no
sensitive_data_trusted_ca_crt_filenames List of files containing trusted CA certificates list(string) [] no
root_ca_key_size Size (in bits) of the Root CA RSA key number 4096 no
root_ca_validity_period How long (in days) Root CA remains valid number 3650 no
intermediate_ca_key_size Size (in bits) of the Intermediate CA RSA key number 4096 no
intermediate_ca_validity_period How long (in days) Intermediate CA remains valid number 3650 no
service_crt_key_size Size (in bits) of the service certificate RSA key number 2048 no
service_crt_validity_period How long (in days) service certificate remains valid number 365 no
ca_country Sets the Country (C) field of the generated certificate string "" no
ca_province Sets the State/Province (ST) field of the generated certificate string "" no
ca_locality Sets the Locality (L) field of the generated certificate string "" no
ca_organization Sets the Organization (O) field of the generated certificate string "" no
ca_organizational_unit Sets the Organizational Unit (OU) field of the generated certificate string "" no
jumpbox_whitelist_ssh_in List of CIDRs from which SSH to jumpbox is allowed list(string) n/a yes
opscontrol_whitelist_out List of CIDRs to which (except env) traffic from opscontrol is allowed (e.g. proxy) list(string) 
[
  "0.0.0.0/0"
]
 no
env_cidrs List of CIDRs of envs to and from which traffic is allowed list(string) 
[
  "10.0.0.0/8"
]
 no
jumpbox_vm_size Azure VM size that should be used for jumpbox string n/a yes
dns_vm_size Azure VM size that should be used for dns string n/a yes
dns_instance_public_ip Floating IP created manually for the DNS string n/a yes
dns_instance_private_ip Private IP address of the DNS instance string "10.96.2.141" no
dns_vm_public_ip_resource_id Id of Public IP address resource of the DNS instance in Azure string n/a yes
env_name Prefix appended to the resources names string "opscontrol" no
opscontrol_base_domain Base domain name to all services in opscontrol string n/a yes
vm_admin_username Admin username that should be used for instance's general settings string n/a yes
vm_source_image VM image details for instances 
object({
    publisher = string
    offer     = string
    sku       = string
    version   = string
  })
 n/a yes
vm_disk_sku VM disk SKU string "StandardSSD_LRS" no
vm_disk_size VM disk size string "64" no
network_cidr Whole network CIDR string "10.96.0.0/16" no
network_location Location for the network string n/a yes
network_resource_group_name Resource group name for the network string n/a yes
mgmt_subnet_cidr Management subnet CIDR string "10.96.1.0/26" no
mgmt_gateway_ip IP for management subnet gateway string "10.96.1.1" no
mgmt_reserved_ips Management reserved IP range list(string) 
[
  "10.96.1.2-10.96.1.20"
]
 no
application_gateway_subnet_cidr Application gateway subnet CIDR string "10.96.2.128/26" no
dmz_subnet_cidr DMZ subnet CIDR string "10.96.2.0/26" no
dmz_gateway_ip IP for dmz subnet gateway string "10.96.2.1" no
dmz_reserved_ips DMZ reserved IP range list(string) 
[
  "10.96.2.2-10.96.2.20"
]
 no
dmz_static_ips DMZ static IP list(string) 
[
  "10.96.2.21-10.96.2.30"
]
 no
telemetry_subnet_cidr Telemetry subnet CIDR string "10.96.8.0/22" no
telemetry_gateway_ip IP for telemetry subnet gateway string "10.96.8.1" no
telemetry_reserved_ips Telemetry reserved IP ranges list(string) 
[
  "10.96.8.2-10.96.8.20"
]
 no
telemetry_static_ips Telemetry static IP ranges list(string) 
[
  "10.96.8.21-10.96.8.30"
]
 no
config_repository_url Git URI to the config repository string n/a yes
config_repository_branch Git branch name in the config repository string n/a yes
infrastructure_state_bucket_name Bucket name for infrastructure state string n/a yes
backups_bucket_name Bucket name for backups string n/a yes
extensions_bucket_name Bucket name for extension files string n/a yes
extensions_dns_directory Directory name for dns extension files in extensions bucket string "azure/opscontrol/cb-dns-deployment" no
extensions_dns_properties Properties filename for extension ops string "dns.properties" no
extensions_concourse_directory Directory name for concourse extension files in extensions bucket string "azure/opscontrol/cb-concourse-deployment" no
extensions_concourse_properties Properties filename for extension ops string "concourse.properties" no
extensions_elk_directory Directory name for elk extension files in extensions bucket string "azure/opscontrol/cb-elk-deployment" no
extensions_elk_properties Properties filename for extension ops string "elk.properties" no
extensions_prometheus_directory Directory name for prometheus extension files in extensions bucket string "azure/opscontrol/cb-prometheus-deployment" no
extensions_prometheus_properties Properties filename for extension ops string "prometheus.properties" no
extensions_control_plane_directory Directory name for kubernetes control plane extension files in extensions bucket string "azure/opscontrol/cb-control-plane-deployment" no
extensions_control_plane_properties Properties filename for extension ops string "control-plane.properties" no
extensions_keycloak_directory Directory name for keycloak extension files in keycloak bucket string "azure/opscontrol/cb-keycloak-deployment" no
extensions_keycloak_properties Properties filename for extension ops string "keycloak.properties" no
ssh_allowed_hosts List of hostnames, separated by space, which has StrictHostKeyChecking set to no string "ssh.dev.azure.com github.com" no
http_proxy_url Http proxy url in format http://:@: string "" no
https_proxy_url Https proxy url in format http://:@: string "" no
no_proxy No proxy commaseparated urls/ips string "" no
k8s_master_vm_size Instance type for k8s master nodes string n/a yes
k8s_worker_vm_size Instance type for k8s worker nodes string n/a yes
k8s_worker_count Number of k8s worker instances number 3 no
k8s_worker_iam_instance_profile K8s worker IAM instance profile string n/a yes
k8s_master_count Number of k8s master instances number 3 no
k8s_master_iam_instance_profile K8s master IAM instance profile string n/a yes
docker_registry_url Docker registry URL string n/a yes
docker_registry_username Docker registry username string "" no
docker_registry_password Docker registry password string "" no
docker_registry_proxy_cache_project Name of the Docker registry proxy cache project string n/a yes
docker_registry_cloudboostr_project Name of the Docker registry Cloudboostr project string n/a yes
cloudboostr_image_name Name of the Cloudboostr Docker image string n/a yes
cloudboostr_image_tag Tag of the Cloudboostr Docker image string n/a yes
elasticsearch_deployment_enabled Enables or disables ELK deployment with Elasticsearch/OpenSearch + Filebeat + Kibana bool true no
velero_snapshot_volumes Enables or disables snapshot volumes option in Velero backup bool true no
velero_deploy_restic Enables or disables restic in Velero bool true no
ingestor_port Ingestor port number 30514 no
elasticsearch_port ElasticSearch port number 30920 no
k8s_create_standard_storage_class Indicates if standard storage class should be created bool true no
k8s_set_standard_storage_class_as_default Indicates if standard storage class should be set as a default bool true no
k8s_standard_storage_class_name Name of the standard storage class string "standard-storage-class" no
k8s_storage_class Name of the storage class to use for deployments string "standard-storage-class" no 
## Required fields

Required fields does not provide default value thus it is required to fill them before the deployment.

#### Openstack credentials

* **auth_url** - Openstack authorization URL
* **user_name** - Openstack account username
* **password** - Openstack account password
* **tenant_name** - Openstack project (tenant) name
* **tenant_id** - Openstack project (tenant) id
* **domain_name** - Openstack domain name

* **region** - Openstack network region
* **storage_region** - Openstack containers (swift) region

#### Configuration

* **jumpbox_image_name** - Openstack VM image name that should be used for jumpbox
* **jumpbox_flavor_name** - Openstack VM flavor name that should be used for jumpbox (`openstack flavor list`)
* **ext_net_name** - Name of external network defined in openstack (this can be retrieved via `openstack network list`)

## Optional fields

Optional fields provide default value. They are mainly used for configuration customization.

#### Openstack credentials

* **auth_version** - Openstack Keystone identity service version (2 or 3) 
(default = "3")

* **insecure** - Allow insecure connections to Openstack APIs 
(default = "false")


#### Subnets

* **mgmt_subnet_cidr** - Management subnet CIDR 
(default = "10.96.1.0/26")

* **dmz_subnet_cidr** - DMZ subnet CIDR 
(default = "10.96.2.0/26")

* **dmz_gateway_ip** - IP for dmz subnet gateway 
(default = "10.96.2.1")

* **dmz_reserved_ips** - DMZ reserved IP range 
(default = "10.96.2.2-10.96.2.20")

* **telemetry_subnet_cidr** - Telemetry subnet CIDR 
(default = "10.96.4.0/22")

* **telemetry_gateway_ip** - IP for telemetry subnet gateway 
(default = "10.96.4.1")

* **telemetry_reserved_ips** - Telemetry reserved IP range 
(default = ["10.96.4.2-10.96.4.10"])

* **telemetry_static_ips** - Telemetry reserved IP range 
(default = ["10.96.4.11-10.96.4.20"])

### Load Balancers

* **control_plane_lb_private_ip** - Control plane lb ip in dmz reserved IP
(default = "10.96.2.13")


## Proxy and network configuration

Additionaly proxy can be configured if required in the network.

* **ssh_allowed_hosts** - SSH allowed hosts for GIT repostiory

* **http_proxy_url** - HTTP proxy URL
* **https_proxy_url** - HTTPS proxy URL
* **no_proxy** - No proxy values