Overview
This directory contains reference documentation for all the Panfactum OpenTofu (Terraform) modules which can be found here.
Module Types
We categorize each module into one of the following types:
- Direct: Intended to be deployed directly into your system via Terragrunt.
- Submodule: Intended to be used as child module in your own OpenTofu modules.
Common Variables
Many (not all) modules share these variables which mutate module behavior in a standard way. These are not
automatically injected by Terragrunt and require manual configuration, however we recommend setting them on
a regional or environmental basis using the extra_inputs Terragrunt variable.
While these are documented on each module's individual reference page, we also provide a complete list here for convenience:
| Value | Type | Default | Description |
|---|---|---|---|
pull_through_cache_enabled | bool | false | Whether to use the pull through cached provided by aws_ecr_pull_through_cache for sourcing container images rather than directly pulling from public registries. |
node_image_cache_enabled | bool | false | Whether to pre-pull images to every node. Requires the kube_fledged operator to have been deployed. |
enhanced_ha_enabled | bool | true | Whether Kubernetes modules should be deployed with enhanced high-availability (HA) scheduling constraints to improve availability. Disabling will change availability from 99.99% to 99.9% but will save approximately 33% in base cluster costs. |
panfactum_scheduler_enabled | bool | false | Whether to use the bin-packing scheduler provided by kube_scheduler. Using this will reduce cluster costs by approximately 25-33% with no additional impact, but requires the scheduler be deployed. |
vpa_enabled | bool | false | Whether to automatically enable vertical pod autoscaling for the Pods in the Kubernetes module. Requires kube_vpa to have been deployed. |
monitoring_enabled | bool | false | (Alpha) Whether to automatically install Prometheus scrapers and Grafana dashboards for the components in the module. Requires kube_monitoring to have been deployed. |
canary_enabled | bool | false | (Alpha) Whether to install synthetic healthchecks for the components in the module. Requires kube_argo to have been deployed. |
eks_cluster_name | string | N/A | The name of the EKS cluster where the module is deployed to. Used for setting up IAM permissions. |
aws_iam_ip_allow_list | list(string) | [] | All created IAM roles are only allowed to be used by internal IP addresses. This allows you to provide extra CIDR blocks from which IAM roles can be used. |
vault_domain | string | N/A | The public domain name of Vault running in the cluster where the module is deployed. Used to set up federated authz/n. |