This module provides a working example of how to configure the network that the Exocompute EKS cluster will run on. While there are many networking designs this module takes the example of the EKS cluster running on 2 private subnets. Internet access is provided via a NAT gateway to a public subnet, which the module also defines. It is also important to note that this module tags the subnets and any other resources so that the EKS cluster will consume and use them. The minimum network ports have been opened in the NACLs and Security Groups for the Exocompute cluster to function, either privately or publicly.
There are a few services you'll need in order to get this project off the ground:
- Terraform v1.5.6 or greater
- Install the AWS CLI - Needed for Terraform to authenticate with AWS
module "polaris-aws-cloud-native-exocompute-networking" {
source = "rubrikinc/polaris-cloud-native-exocompute-networking/aws"
aws_exocompute_subnet_public_cidr = "172.21.0.0/24"
aws_exocompute_subnet_1_cidr = "172.21.1.0/24"
aws_exocompute_subnet_2_cidr = "172.21.2.0/24"
aws_exocompute_vpc_cidr = "172.21.0.0/16"
}- Relax the AWS provider version constraint to
>=5.26.0. - Dynamically look up the primary and secondary availability zones from the set of available zones for the region.
Previously the availability zones were hardcoded to
aandb. Theuse_availability_zones_a_and_binput variable can be set totrueto restore the previous behavior.
| Name | Version |
|---|---|
| terraform | >=1.5.6 |
| aws | >=5.26.0 |
| Name | Version |
|---|---|
| aws | 6.10.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_eks_cluster_name | EKS cluster name. | string |
"Rubrik-Exocompute-Customer-Managed" |
no |
| aws_exocompute_igw_name | Name for the Internet Gateway that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute Internet Gateway" |
no |
| aws_exocompute_nat_eip_name | Name for the Elastic IP that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute NAT EIP" |
no |
| aws_exocompute_nat_gateway_name | Name for the NAT Gateway that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute NAT Gateway" |
no |
| aws_exocompute_private_route_table_name | Name for the private route table that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute Private Route Table" |
no |
| aws_exocompute_public_route_table_name | Name for the public route table that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute Public Route Table" |
no |
| aws_exocompute_security_group_control_plane_name | Name for the security group that Exocompute will use for the EKS control plane in the AWS account and region. | string |
"Exocompute-eks-control-plane-customer-managed" |
no |
| aws_exocompute_security_group_worker_node_name | Name for the security group that Exocompute will use for the EKS nodes in the AWS account and region. | string |
"Exocompute-eks-worker-node-customer-managed" |
no |
| aws_exocompute_subnet_1_cidr | Subnet 1 CIDR for the AWS account hosting Exocompute. | string |
n/a | yes |
| aws_exocompute_subnet_2_cidr | Subnet 2 CIDR for the AWS account hosting Exocompute. | string |
n/a | yes |
| aws_exocompute_subnet_private_1_name | Name for the first private subnet that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute Subnet 1" |
no |
| aws_exocompute_subnet_private_2_name | Name for the second private subnet that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute Subnet 2" |
no |
| aws_exocompute_subnet_public_cidr | Public subnet CIDR for the AWS account hosting Exocompute. | string |
n/a | yes |
| aws_exocompute_subnet_public_name | Name for the public subnet that Exocompute will use in the AWS account and region. | string |
"Rubrik Exocompute Public Subnet" |
no |
| aws_exocompute_vpc_cidr | VPC CIDR for the AWS account hosting Exocompute. | string |
n/a | yes |
| aws_exocompute_vpc_endpoint_autoscaling_name | Autoscaling VPC endpoint name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC Autoscaling Endpoint" |
no |
| aws_exocompute_vpc_endpoint_ec2_name | EC2 VPC endpoint name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC EC2 Endpoint" |
no |
| aws_exocompute_vpc_endpoint_ecr_api_name | ECR API VPC endpoint name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC ECR API Endpoint" |
no |
| aws_exocompute_vpc_endpoint_ecr_dkr_name | ECR DKR VPC endpoint name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC ECR DKR Endpoint" |
no |
| aws_exocompute_vpc_endpoint_eks_name | EKS VPC endpoint name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC EKS Endpoint" |
no |
| aws_exocompute_vpc_endpoint_s3_name | S3 VPC endpoint name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC S3 Endpoint" |
no |
| aws_exocompute_vpc_name | VPC name for the AWS account hosting Exocompute. | string |
"Rubrik Exocompute VPC" |
no |
| use_availability_zones_a_and_b | Setting this variable to true forces the use of availability zones a and b for the subnets in the VPC. The default behavior is to use the first two availability zones in the region. |
bool |
false |
no |
| Name | Description |
|---|---|
| aws_security_group_control-plane_id | n/a |
| aws_security_group_worker-node_id | n/a |
| rsc_exocompute_subnet_1_id | n/a |
| rsc_exocompute_subnet_2_id | n/a |