Configuration
Configurations affecting how your platform gets built.
Keeping with the theme of building an opinionated platform, most configurations are optional.
When field with the type Object
are optional, you can omit them entirely, or use {}
. For such fields, the defaults are be specified in their own spec table.
CLI Spec
environmentName
String
The name of the environment that will be created and managed by the CLI. This name is also used in naming a lot of resources, like the eks
cluster, the vpc
and so on.
This name should follow these rules:
All lower-case
Alpha-numeric, with
-
and_
allowedMust start with a letter
Not more than 16 characters in length
Yes
aws
Configurations for all components deployed on AWS, including vpc
, eks
and so on
Yes
kubernetes
Configurations for all services and operators running on the kubernetes cluster
No
AWS Spec
region
String
The name of the AWS region where you want to deploy your infrastructure. The name is the canonical name of the region like us-east-2
or eu-west-3
Yes
vpc
Configurations related to the vpc
, subnets
and other networking components
No
eks
Configurations for the eks
cluster, and related components like node-groups and logging
No
routing
Configurations related to enabling public access for your services. Including Route53
zone creation, ACM
TLS certificate and so on
No
VPC Spec
cidr
String
The IPv4
network range for the VPC, in CIDR notation.
No
10.8.0.0/16
privateSubnets
Configuration for the private subnets to be attached to the VPC. These subnets are where all the eks
workloads (your service pods) will be deployed
No
publicSubnets
Configuration for the private subnets to be attached to the VPC. Used for allowing public ingress/egress out of your Kubernetes cluster.
No
EKS Spec
version
String
No
1.29
nodeGroups
No
logging
Configurations for Cloudwatch Logging for the EKS cluster
No
Routing Spec
The SSL cert is created and managed using AWS Certificate Manager. These certificates are free, and can be renewed automatically. There's also an option for you to import certificates bought from third-party providers.
createSSLCert
Boolean
Whether CLI should create TLS/SSL certificate in AWS Certificate Manager
No
true
sslCertARN
String
Yes, If createSSLCert
is set to false
domainName
String
The public DNS domain-name for to use with your services. This is usually the top-level domain for your organizations, like example.com
Yes
enableWildcardSubdomains
Boolean
If the SSL cert should allow wild-card for sub-domains. If the domain you are using is example.com
, setting this to true
will allow *.example.com
No
true
subjectAlternativeNames
Array[String]
No
[]
createHostedZoneForDomain
Boolean
No
true
Subnet Spec
cidr
String
The IPv4
network range for this subnet, in CIDR notation. This CIDR must be contained within the CIDR for the VPC to which this subnet is going to be attached.
Yes
EKSNodeGroup Spec
name
String
The name of this node-group. If you create multiple node-groups, all node-group names must be unique within an EKS cluster
This name should follow these rules:
At most 63 characters in length.
Must start with a letter or digit, but can also include hyphens and underscores for the remaining characters
Yes
instanceType
String
Yes
minNodes
Integer
The minimum number of worker nodes. Must be a number greater than 0.
Yes
maxNodes
Integer
The maximum number of worker nodes. Must be larger than or equal to minNodes
Yes
capacityType
String
One of the following values
SPOT
ON_DEMAND
Yes
amiType
String
One of the following values
AL2_x86_64
AL2_x86_64_GPU
AL2_ARM_64
BOTTLEROCKET_ARM_64
BOTTLEROCKET_x86_64
BOTTLEROCKET_ARM_64_NVIDIA
BOTTLEROCKET_x86_64_NVIDIA
Yes
EKSLogging Spec
Amazon EKS control plane logging provides audit and diagnostic logs directly from the Amazon EKS control plane to CloudWatch Logs in your account. In clusters created by NotOps, this logging is enabled by default for certain components.
logTypes
Array[String]
Yes. You can specify an empty array to disable all control-plane logs
retentionDays
Integer
The number of days to retain the control-plane logs in Cloudwatch. Must be one of the values from 1
, 3
, 5
, 7
, 14
, 30
, 60
, 90
, 120
, 150
, 180
, 365
, 400
, 545
, 731
, 1096
, 1827
, 2192
, 2557
, 2922
, 3288
, 3653
Yes
Kubernetes Spec
global
The shared config that will be applied to all services installed by the CLI
No
{}
argocd
Object
No
awsLoadBalancerController
Object
No
externalSecrets
Object
No
istio
Object
Configuration for the following Istio helm charts:
The three charts here have namespaced configs and a shared config under a key global
. Because the configs are namespaced, we can provide a single config object that works with all three.
No
istioIngressGateway
Object
No
karpenter
Object
No
K8sGlobal Spec
docker
Global configuration related to Docker, like docker-registry
No
{}
secrets
No
{}
K8sDocker Spec
registryUrl
String
The docker registry URL where you have mirrored the images for all the Kubernetes services deployed by the CLI
If this is a private registry, you must specify the imagePullSecret
config that provides the credentials for pulling from that registry
No
K8sSecrets Spec
dockerImagePull
No
{}
K8sImagePullSecret Spec
name
String
Yes
providerType
String
One of:
AWS_SECRETS_MANAGER
(only one provider supported at the moment)
Yes
config
Provider specific configuration, with details about the secret
One of:
Yes
K8sImagePullSecretConfig Spec
This config object will differ based on the type of the Secret Provider used. See K8sImagePullSecret Spec for a list of supported providers.
AWS_SECRETS_MANAGER
path
String
Yes
Last updated