Configuration

Configurations affecting how your platform gets built.

Keeping with the theme of building an opinionated platform, most configurations are optional.

When field with the type Object are optional, you can omit them entirely, or use {}. For such fields, the defaults are be specified in their own spec table.

CLI Spec

Field
Type
Description
Required

environmentName

String

The name of the environment that will be created and managed by the CLI. This name is also used in naming a lot of resources, like the eks cluster, the vpc and so on. This name should follow these rules:

  1. All lower-case

  2. Alpha-numeric, with - and _ allowed

  3. Must start with a letter

  4. Not more than 16 characters in length

Yes

aws

Configurations for all components deployed on AWS, including vpc, eks and so on

Yes

kubernetes

Configurations for all services and operators running on the kubernetes cluster

No

AWS Spec

Field
Type
Description
Required

region

String

The name of the AWS region where you want to deploy your infrastructure. The name is the canonical name of the region like us-east-2 or eu-west-3

Yes

vpc

Configurations related to the vpc, subnets and other networking components

No

eks

Configurations for the eks cluster, and related components like node-groups and logging

No

routing

Configurations related to enabling public access for your services. Including Route53 zone creation, ACM TLS certificate and so on

No

VPC Spec

Field
Type
Description
Required
Default

cidr

String

The IPv4 network range for the VPC, in CIDR notation.

No

10.8.0.0/16

privateSubnets

Configuration for the private subnets to be attached to the VPC. These subnets are where all the eks workloads (your service pods) will be deployed

No

publicSubnets

Configuration for the private subnets to be attached to the VPC. Used for allowing public ingress/egress out of your Kubernetes cluster.

No

EKS Spec

Field
Type
Description
Required
Default

version

String

No

1.29

nodeGroups

No

logging

Configurations for Cloudwatch Logging for the EKS cluster

No

Routing Spec

The SSL cert is created and managed using AWS Certificate Manager. These certificates are free, and can be renewed automatically. There's also an option for you to import certificates bought from third-party providers.

Field
Type
Description
Required
Default

createSSLCert

Boolean

Whether CLI should create TLS/SSL certificate in AWS Certificate Manager

No

true

sslCertARN

String

Yes, If createSSLCert is set to false

domainName

String

The public DNS domain-name for to use with your services. This is usually the top-level domain for your organizations, like example.com

Yes

enableWildcardSubdomains

Boolean

If the SSL cert should allow wild-card for sub-domains. If the domain you are using is example.com, setting this to true will allow *.example.com

No

true

subjectAlternativeNames

Array[String]

No

[]

createHostedZoneForDomain

Boolean

No

true

Subnet Spec

Field
Type
Description
Required

cidr

String

The IPv4 network range for this subnet, in CIDR notation. This CIDR must be contained within the CIDR for the VPC to which this subnet is going to be attached.

Yes

EKSNodeGroup Spec

Field
Type
Description
Required

name

String

The name of this node-group. If you create multiple node-groups, all node-group names must be unique within an EKS cluster

This name should follow these rules:

  1. At most 63 characters in length.

  2. Must start with a letter or digit, but can also include hyphens and underscores for the remaining characters

Yes

instanceType

String

Yes

minNodes

Integer

The minimum number of worker nodes. Must be a number greater than 0.

Yes

maxNodes

Integer

The maximum number of worker nodes. Must be larger than or equal to minNodes

Yes

capacityType

String

One of the following values

  1. SPOT

  2. ON_DEMAND

Yes

amiType

String

One of the following values

  1. AL2_x86_64

  2. AL2_x86_64_GPU

  3. AL2_ARM_64

  4. BOTTLEROCKET_ARM_64

  5. BOTTLEROCKET_x86_64

  6. BOTTLEROCKET_ARM_64_NVIDIA

  7. BOTTLEROCKET_x86_64_NVIDIA

Yes

EKSLogging Spec

Amazon EKS control plane logging provides audit and diagnostic logs directly from the Amazon EKS control plane to CloudWatch Logs in your account. In clusters created by NotOps, this logging is enabled by default for certain components.

Field
Type
Description
Required

logTypes

Array[String]

Yes. You can specify an empty array to disable all control-plane logs

retentionDays

Integer

The number of days to retain the control-plane logs in Cloudwatch. Must be one of the values from 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653

Yes

Kubernetes Spec

Field
Type
Description
Required
Default

global

The shared config that will be applied to all services installed by the CLI

No

{}

argocd

Object

No

awsLoadBalancerController

Object

No

externalSecrets

Object

No

istio

Object

Configuration for the following Istio helm charts:

The three charts here have namespaced configs and a shared config under a key global. Because the configs are namespaced, we can provide a single config object that works with all three.

No

istioIngressGateway

Object

No

karpenter

Object

No

K8sGlobal Spec

Field
Type
Description
Required
Default

docker

Global configuration related to Docker, like docker-registry

No

{}

secrets

No

{}

K8sDocker Spec

Field
Type
Description
Required

registryUrl

String

The docker registry URL where you have mirrored the images for all the Kubernetes services deployed by the CLI If this is a private registry, you must specify the imagePullSecret config that provides the credentials for pulling from that registry

No

K8sSecrets Spec

Field
Type
Description
Required
Default

dockerImagePull

No

{}

K8sImagePullSecret Spec

Field
Type
Description
Required

name

String

Yes

providerType

String

One of:

  1. AWS_SECRETS_MANAGER

(only one provider supported at the moment)

Yes

config

Provider specific configuration, with details about the secret

One of:

Yes

K8sImagePullSecretConfig Spec

This config object will differ based on the type of the Secret Provider used. See K8sImagePullSecret Spec for a list of supported providers.

AWS_SECRETS_MANAGER

Field
Type
Description
Required

path

String

Yes

Last updated