The following attributes are available for modifying an okctl environment
The AWS Account ID where your okctl environment will live. This is the account that will own all resources that
Name can be anything, but should define the scope of the cluster. Meaning if the cluster is scoped to one product, you might want to name it the name of the product. If the cluster contains all services and products owned by a team, the team name might be more fitting.
Region defines the AWS region to prefer when creating resources
The cluster root domain defines the domain of which to create services beneath. For example;
okctl will setup ArgoCD
which has a frontend. The frontend will be available at https://argocd.<clusterRootDomain>.
For example, for Cognito it will be https://auth.<clusterRootDomain>
okctl to be able to setup ArgoCD correctly for you, it needs to know what repository on Github that will contain
The name of the repository
The organization that owns the repository
The folder to place infrastructure files
Defines which users can access everything connected to Cognito. Applications connected to Cognito include: ArgoCD UI, Grafana.
The email of the user to add as an admin of the
ArgoCD is a service that watches a repository for Kubernetes charts and ensures the defined resources are running as declared in the cluster
Autoscaler automatically adjusts the size of pods and nodes in your cluster depending on load
AWS Load Balancer Controller handles routing from the internet to your application running inside your
Kubernetes cluster. If you want your applications and services accessible from the internet, this needs to be enabled
Block storage provides persistent storage for your cluster (Persistent Volumes)
Cognito is an authentication provider that okctl uses to control access to different resources, like ArgoCD and Grafana
External DNS handles defining the necessary DNS records required to route traffic to your defined service or application
External Secrets fetches secrets from external sources and exposes them as native Kubernetes secrets inside the cluster
KubePromStack enables Prometheus and Grafana for metrics
Promtail scrapes logs from pods and feeds them to Loki
Loki collects logs and exposes them as a data source in Grafana
Tempo collects traces and exposes them as a data source in Grafana. Supports formats like jaeger, zipkin, open telemetry
Name defines the name of the database to provision
Namespace defines which namespace to place the database information in. There will be created a Kubernetes Secret containing the administrator credentials and a config map for connection details.
User defines which admin user to provision for administrative operations
okctl creates a Virtual Private Cloud for you which it organizes all the intended resources that require networking. A
VPC is mandatory, but can be configured by the following attributes.
CIDR defines the VPC IP range. Leave this be if you don't know what it is/does
HighAvailability means we create redundancy in the network setup. If set to true we will create a NAT gateway per public subnet, instead of routing all traffic through one.