mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-19 21:51:09 +02:00
1329a6b506
The previous strategy for provisioning infrastructure targets was to use the cheapest instances that could reliably perform as Vault cluster nodes. With this change we introduce a new model for target node infrastructure. We've replaced on-demand instances for a spot fleet. While the spot price fluctuates based on dynamic pricing, capacity, region, instance type, and platform, cost savings for our most common combinations range between 20-70%. This change only includes spot fleet targets for Vault clusters. We'll be updating our Consul backend bidding in another PR. * Create a new `vault_cluster` module that handles installation, configuration, initializing, and unsealing Vault clusters. * Create a `target_ec2_instances` module that can provision a group of instances on-demand. * Create a `target_ec2_spot_fleet` module that can bid on a fleet of spot instances. * Extend every Enos scenario to utilize the spot fleet target acquisition strategy and the `vault_cluster` module. * Update our Enos CI modules to handle both the `aws-nuke` permissions and also the privileges to provision spot fleets. * Only use us-east-1 and us-west-2 in our scenario matrices as costs are lower than us-west-1. Signed-off-by: Ryan Cragun <me@ryan.ec>
62 lines
1.5 KiB
HCL
62 lines
1.5 KiB
HCL
variable "ami_id" {
|
|
description = "The machine image identifier"
|
|
type = string
|
|
}
|
|
|
|
variable "awskms_unseal_key_arn" {
|
|
type = string
|
|
description = "The AWSKMS key ARN if using the awskms unseal method. If specified the instances will be granted kms permissions to the key"
|
|
default = null
|
|
}
|
|
|
|
variable "cluster_name" {
|
|
type = string
|
|
description = "A unique cluster identifier"
|
|
default = null
|
|
}
|
|
|
|
variable "common_tags" {
|
|
description = "Common tags for cloud resources"
|
|
type = map(string)
|
|
default = { "Project" : "Enos" }
|
|
}
|
|
|
|
variable "instance_count" {
|
|
description = "The number of target instances to create"
|
|
type = number
|
|
default = 3
|
|
}
|
|
|
|
variable "instance_type" {
|
|
description = "The instance machine type"
|
|
type = string
|
|
default = "t3.small"
|
|
}
|
|
|
|
variable "project_name" {
|
|
description = "A unique project name"
|
|
type = string
|
|
}
|
|
|
|
variable "spot_price_max" {
|
|
description = "Unused shim variable to match target_ec2_spot_fleet"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ssh_allow_ips" {
|
|
description = "Allowlisted IP addresses for SSH access to target nodes. The IP address of the machine running Enos will automatically allowlisted"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "ssh_keypair" {
|
|
description = "SSH keypair used to connect to EC2 instances"
|
|
type = string
|
|
}
|
|
|
|
variable "vpc_id" {
|
|
description = "The identifier of the VPC where the target instances will be created"
|
|
type = string
|
|
}
|