Overview
This directory contains reference documentation for all the Panfactum OpenTofu (Terraform) modules which can be found here.
Module Types
We categorize each module into one of the following types:
- Direct: Intended to be deployed directly into your system via Terragrunt.
- Submodule: Intended to be used as child module in your own OpenTofu modules.
Standard Variables
All Panfactum modules comes with the following common variables. These are automatically injected if you are using our Terragrunt scaffolding.
These are not documented on each module's individual reference page as they are simply used for tagging.
| Value | Type | Description |
|---|---|---|
environment | string | The name of the environment the infrastructure is being deployed into |
region | string | The region the infrastructure is being deployed into. |
extra_trags | map(string) | Extra tags or labels to add to the created resources. |
pf_root_module | string | The name of the root Panfactum module in the module tree. |
pf_module | string | The name of the Panfactum module where the containing resources are directly defined. |
pf_stack_version | string | Which version of the Panfactum stack is being used (git ref). |
pf_stack_commit | string | The commit hash for the version of the Panfactum stack being used. |
is_local | bool | Whether this module is a part of a local development deployment. |
Common Variables
Many (not all) modules share these variables which mutate module behavior in a standard way. These are not
automatically injected by Terragrunt and require manual configuration, however we recommend setting them on
a regional or environmental basis using the extra_inputs Terragrunt variable.
While these are documented on each module's individual reference page, we also provide a complete list here for convenience:
| Value | Type | Default | Description |
|---|---|---|---|
pull_through_cache_enabled | bool | false | Whether to use the pull through cached provided by aws_ecr_pull_through_cache for sourcing container images rather than directly pulling from public registries. |
node_image_cache_enabled | bool | false | Whether to pre-pull images to every node. Requires the kube_fledged operator to have been deployed. |
enhanced_ha_enabled | bool | true | Whether Kubernetes modules should be deployed with enhanced high-availability (HA) scheduling constraints to improve availability. Disabling will change availability from 99.99% to 99.9% but will save approximately 33% in base cluster costs. |
panfactum_scheduler_enabled | bool | false | Whether to use the bin-packing scheduler provided by kube_scheduler. Using this will reduce cluster costs by approximately 25-33% with no additional impact, but requires the scheduler be deployed. |
vpa_enabled | bool | false | Whether to automatically enable vertical pod autoscaling for the Pods in the Kubernetes module. Requires kube_vpa to have been deployed. |
monitoring_enabled | bool | false | (Alpha) Whether to automatically install Prometheus scrapers and Grafana dashboards for the components in the module. Requires kube_monitoring to have been deployed. |
canary_enabled | bool | false | (Alpha) Whether to install synthetic healthchecks for the components in the module. Requires kube_argo to have been deployed. |
eks_cluster_name | string | N/A | The name of the EKS cluster where the module is deployed to. Used for setting up IAM permissions. |
aws_iam_ip_allow_list | list(string) | [] | All created IAM roles are only allowed to be used by internal IP addresses. This allows you to provide extra CIDR blocks from which IAM roles can be used. |
vault_domain | string | N/A | The public domain name of Vault running in the cluster where the module is deployed. Used to set up federated authz/n. |