Skip to content

Control Planes Options

kontfix.controlPlanes#

Control plane configurations organized by region

Type: attribute set of attribute set of (submodule)

Default: { }

Example:

{
  us = {
    dev = {
      auth_type = "pinned_client_certs";
      aws = {
        enable = true;
        region = "us-east-1";
        tags = {
          environment = "development";
          team = "platform";
        };
      };
      create_certificate = true;
      description = "Development control plane for applications";
      name = "dev-app";
      storage_backend = [
        "hcv"
      ];
      system_account = {
        enable = true;
        generate_token = true;
      };
      upload_ca_certificate = true;
    };
  };
}

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.auth_type#

Authentication type for the control plane

Type: one of “pki_client_certs”, “pinned_client_certs”

Default: "pinned_client_certs"

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.aws#

AWS provider configuration

Type: submodule

Default: { }

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.aws.enable#

Whether to enable AWS provider. Enable this option to have the aws provider generated for this control plane.

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.aws.profile#

AWS profile name to use

Type: string

Default: ""

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.aws.region#

AWS region for resources

Type: string

Default: ""

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.aws.tags#

AWS tags to apply when using AWS storage backend. Mandatory for using aws backend.

Type: attribute set of string

Default: { }

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.ca_certificate#

Custom CA certificate for this control plane (overrides defaults.pki_ca_certificate)

Type: null or string

Default: null

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.cluster_type#

Supported control plane types

Type: one of “CLUSTER_TYPE_CONTROL_PLANE”, “CLUSTER_TYPE_K8S_INGRESS_CONTROLLER”, “CLUSTER_TYPE_CONTROL_PLANE_GROUP”

Default: "CLUSTER_TYPE_CONTROL_PLANE"

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.create_certificate#

Whether to use Kontfix to create and manage cluster certificates for Konnect control plane and dataplane communication.

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.custom_plugins#

List of custom plugins schemas to be uploaded to the control plane

Type: list of string

Default: [ ]

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.description#

Description of the control plane

Type: string

Default: ""

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.labels#

Labels for the control plane

Type: attribute set of string

Default: { }

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.members#

List of member control plane names. Only used when the control plane cluster_type is CLUSTER_TYPE_CONTROL_PLANE_GROUP.

Type: list of string

Default: [ ]

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.name#

Name of the control plane (if not provided, the key will be used)

Type: null or string

Default: null

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.output#

Whether to output the control plane details in terraform output

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.pki_backend#

PKI backend used to generate certificate for control plane using pki_client_certs auth type

Type: value “hcv” (singular enum)

Default: "hcv"

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.storage_backend#

Storage backend options

Type: list of (one of “local”, “hcv”, “aws”)

Default:

[
  "local"
]

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.store_cluster_config#

Whether to store cluster configuration to respective backend when certificate is not managed by Kontfix

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.system_account#

System account configuration

Type: submodule

Default: { }

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.system_account.enable#

Whether to create an individual system account for this control plane

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.system_account.generate_token#

Whether to generate an access token for the system account (stored in storage backend)

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix

kontfix.controlPlanes.<region>.<controlPlane>.upload_ca_certificate#

Whether to upload CA certificate to the control plane. This option is set to true when create_certificate is true. If you use PKI backend, make sure either ca_certificate of your control plane or kontfix.defaults.pki_ca_certificate is used.

Type: boolean

Default: false

Declared by: - controlPlanes/default.nix