Requirements

Name Version
azuread 2.47.0
azurerm 3.88.0
random 3.6.0

Providers

Name Version
azurerm 3.88.0
random 3.6.0

Modules

Name Source Version
container_registry ../modules/container-registry n/a
container_registry_tasks ../modules/container-registry-tasks n/a
datascience_large_nodepool ../modules/kubernetes-node-pool n/a
diagnostics_workspace ../modules/diagnostics-workspace n/a
gpu_nodepool ../modules/kubernetes-node-pool n/a
jupyter_admins ../modules/entra-id-security-group n/a
jupyter_users ../modules/entra-id-security-group n/a
jupytersp ../modules/entra-id-app-registration n/a
keda ../modules/kubernetes-deployment-script n/a
key_vault ../modules/keyvault n/a
keycloak_database ../modules/sql-database n/a
kubernetes_cluster ../modules/kubernetes-cluster-kubenet n/a
kubernetes_cluster_configuration ../../kubernetes n/a
ohdsisp ../modules/entra-id-app-registration n/a
postgresql ../modules/postgresql-single-server n/a
resource_group ../modules/resource-group n/a
sql_server ../modules/sql-server n/a
storage_account ../modules/storage-account n/a
supersetsp ../modules/entra-id-app-registration n/a

Resources

Name Type
azurerm_key_vault_secret.admin_password resource
azurerm_key_vault_secret.jupyter_cookie_secret resource
random_bytes.jupyter_cookie_secret resource
azurerm_client_config.current data source

Inputs

Name Description Type Default Required
apply_nsg_rules apply NSG rules bool true no
branch_name The branch to follow on source control string "main" no
cluster_admin_ids A list of groups with admin access over the cluster list(string) <pre>[
“1fff09c5-0c5d-42e7-b3b6-e60f5b445de6”
]</pre>		 no
datascience_large_nodepool_vm_size VM Sku for the large datascience node pools string "Standard_E8as_v5" no
defender_log_analytics_workspace_id ID of the log analytics workspace used by the microsoft defender configuration on k8s string null no
dns_prefix The prefix for any DNS records on the private DNS string n/a yes
dns_zone The DNS zone for any DNS records on private DNS string n/a yes
enable_gitops Enable the gitops bool true no
enable_hub_dns Installs the private zone dns into the hub network bool true no
environment_name Name of the environment (in lowercase) string "sandbox" no
flux_url The URL of the flux repository used to configure the environment string "https://github.com/lsc-sde/iac-flux-lscsde" no
gpu_nodepool_vm_size VM Sku for the GPU node pools string "Standard_NC6s_v3" no
hub_subscription_id The ID of the hub subscription string "5bb2478d-e497-4ca1-964e-4aaa9f754a5d" no
hub_virtual_network_id The id of the hub virtual network we’re linking to string "/subscriptions/de97be38-945e-4824-a44b-5b101c0e048b/resourceGroups/rg-icb-uks-plt-network/providers/Microsoft.Network/virtualNetworks/vnet-icb-uks-plt-azFirewall" no
ip_rules List of allowed IP addresses list(string) <pre>[
“208.127.197.187”
]</pre>		 no
k8s_admin_group Group string "1fff09c5-0c5d-42e7-b3b6-e60f5b445de6" no
keycloak_database_enabled Provision an Keycloak database bool false no
keycloak_db_sku_name Name of the SKU for the keycloak database string "S0" no
keyvault_allowed_ips List list(string) [] no
keyvault_public_network_access_enabled Allow public access to the key vault bool false no
keyvault_purge_protection_enabled Enable Purge protection bool false no
kubernetes_nsg_priority_start priority id for kubernetes nsg to start number 100 no
kubernetes_sku_tier The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, Standard (which includes the Uptime SLA) and Premium. Defaults to Free. string "Free" no
kubernetes_version The kubernetes version to install onto the cluster string "1.28.10" no
location Location to deploy the resources string "uksouth" no
network_resource_group_name Name of the network resource group string "test-network-spoke-network-rg" no
network_security_group_name Name of the network security group string "test-network-spoke-network-subnet" no
nginx_load_balancer IP adddress for NGINX Ingress Controller Internal Load Balancer string "172.18.16.230" no
owners A list of object ID’s for users that will own (and therefore be able to manage) any Entra ID objects list(string) n/a yes
pat_token THE PAT_TOKEN used to open the repositories string n/a yes
prefect_hostname Address to assign to the prefect server string "ai.xlthtr.nhs.uk" no
prefect_postgresql_password Password for the prefect postgresql server string "LetMePass@135" no
prefix Naming prefix string "lscsandboxsde" no
private_zone_resource_group_name Name of the resource group containing the private zones string "" no
proxy_address Address of the proxy server string "" no
sql_server_enabled Provision an SQL Server bool false no
subnet_id Id of the subnet where the cluster is to be installed string "/subscriptions/5bb2478d-e497-4ca1-964e-4aaa9f754a5d/resourceGroups/test-network-spoke-network-rg/providers/Microsoft.Network/virtualNetworks/test-network-spoke-network-vnet/subnets/test-network-spoke-network-subnet" no
subscription_id The ID of the hub subscription string "5bb2478d-e497-4ca1-964e-4aaa9f754a5d" no
tags List of tags to generate map(string) <pre>{
“Environment”: “Dev”,
“ManagedBy”: “Research Software Design Authority”,
“Product”: “LSC SDE”,
“Purpose”: “Secure Data Environment”,
“Repository”: “https://github.com/lsc-sde/k8s-iac.git”
}</pre>		 no
virtual_network_id The id of the virtual network we’re linking to string "/subscriptions/5bb2478d-e497-4ca1-964e-4aaa9f754a5d/resourceGroups/test-network-spoke-network-rg/providers/Microsoft.Network/virtualNetworks/test-network-spoke-network-vnet" no

Outputs

No outputs.