View on GitHub

dss

InterUSS Platform's implementation of the ASTM DSS concept for RID and flight coordination.

Terraform variables

terraform-google-dss

The following table describes the variables of this terraform module.

Variable name Type Default value Description
google_project_name string

Name of the GCP project hosting the future cluster
google_zone string

GCP zone hosting the kubernetes cluster List of available zones: https://cloud.google.com/compute/docs/regions-zones#available

Example: europe-west6-a
google_dns_managed_zone_name string

GCP DNS zone name to automatically manage DNS entries.

Leave it empty to manage it manually.
google_machine_type string

GCP machine type used for the Kubernetes node pool. Example: n2-standard-4 for production, e2-medium for development
app_hostname string

Fully-qualified domain name of your HTTPS Gateway ingress endpoint.

Example: dss.example.com
db_hostname_suffix string

The domain name suffix shared by all of your databases nodes. For instance, if your database nodes were addressable at 0.db.example.com, 1.db.example.com and 2.db.example.com (CockroachDB) or 0.master.db.example.com, 1.tserver.db.example.com (Yugabyte), then the value would be db.example.com. Example: db.example.com
datastore_type string "cockroachdb"

Type of datastore used

Supported technologies: cockroachdb, yugabyte
node_count number

Number of Kubernetes nodes which should correspond to the desired CockroachDB nodes. Currently, only single node or three nodes deployments are supported.

Example: 3
cluster_name string

Name of the kubernetes cluster that will host this DSS instance (should generally describe the DSS instance being hosted)

Example: dss-che-1
kubernetes_version string

Desired version of the Kubernetes cluster control plane and nodes.

Supported versions: 1.24 to 1.32
google_kubernetes_storage_class string

GCP Kubernetes Storage Class to use for CockroachDB and Prometheus persistent volumes. See https://cloud.google.com/kubernetes-engine/docs/concepts/persistent-volumes for more details and available options.

Example: standard
crdb_hostname_suffix string ""

This variable has been renamed to db_hostname_suffix and is left to warn users about migration.
image string

URL of the DSS docker image.

Official public images are available on Docker Hub: https://hub.docker.com/r/interuss/dss/tags See /build/README.md Docker images section to learn how to build and publish your own image.

Example: docker.io/interuss/dss:latest or docker.io/interuss/dss:v0.14.0
image_pull_secret string ""

Secret name of the credentials to access the image registry. If the image specified in VAR_DOCKER_IMAGE_NAME requires authentication, you can use the following command to store the credentials as secrets:

kubectl create secret -n VAR_NAMESPACE docker-registry VAR_DOCKER_IMAGE_PULL_SECRET
--docker-server=DOCKER_REGISTRY_SERVER
--docker-username=DOCKER_USER
--docker-password=DOCKER_PASSWORD
--docker-email=DOCKER_EMAIL

Replace VAR_DOCKER_IMAGE_PULL_SECRET with the secret name (for instance: private-registry-credentials). For docker hub private repository, use docker.io as DOCKER_REGISTRY_SERVER and an access token as DOCKER_PASSWORD.

Example: docker-registry
authorization object({
'public_key_pem_path': '${optional(string)}',
'jwks': "${optional(object({
'endpoint': '${string}',
'key_id': '${string}'})
)}"})

One of public_key_pem_path or jwks should be provided but not both.

  • public_key_pem_path If providing the access token public key via JWKS, do not provide this parameter. If providing a .pem file directly as the public key to validate incoming access tokens, specify the name of this .pem file here as /public-certs/YOUR-KEY-NAME.pem replacing YOUR-KEY-NAME as appropriate. For instance, if using the provided us-demo.pem, use the path /public-certs/us-demo.pem. Note that your .pem file should be built in the docker image or mounted manually.

    Example 1 (dummy auth):

    {
  public_key_pem_path = "/test-certs/auth2.pem"
}

    Example 2:

    {
  public_key_pem_path = "/jwt-public-certs/us-demo.pem"
}

  • jwks If providing a .pem file directly as the public key to validate incoming access tokens, do not provide this parameter.

    • endpoint If providing the access token public key via JWKS, specify the JWKS endpoint here. Example: https://auth.example.com/.well-known/jwks.json
    • key_id: If providing the access token public key via JWKS, specify the kid (key ID) of they appropriate key in the JWKS file referenced above. Example:
    {
  jwks = {
    endpoint = "https://auth.example.com/.well-known/jwks.json"
    key_id = "9C6DF78B-77A7-4E89-8990-E654841A7826"
  }
}
enable_scd bool true

Set this boolean true to enable ASTM strategic conflict detection functionality
should_init bool none

Set to false if joining an existing pool, true if creating the first DSS instance for a pool. When set true, this can initialize the data directories on your cluster, and prevent you from joining an existing pool.

Only used for CockroachDB with Tanka

Example: true
desired_rid_db_version string "latest"

Desired RID DB schema version. Use latest to use the latest schema version.

Example: 4.0.0
desired_scd_db_version string "latest"

Desired SCD DB schema version. Use latest to use the latest schema version.

Example: 3.1.0
crdb_image_tag string

Version tag of the CockroachDB image. Until v.16, the recommended CockroachDB version is v21.2.7. From v.17, the recommended CockroachDB version is v24.1.3.

Example: v24.1.3
crdb_cluster_name string

A string that specifies a CRDB cluster name. This is used together to ensure that all newly created nodes join the intended cluster when you are running multiple clusters. The CRDB cluster is automatically given a randomly-generated name if an empty string is provided. The CRDB cluster name must be 6-20 characters in length, and can include lowercase letters, numbers, and dashes (but no leading or trailing dashes). A cluster's name cannot be edited after it is created.

At the moment, this variable is only used for helm charts deployments.

Example: interuss-us-production
crdb_locality string

Unique name for your DSS instance. Currently, we recommend "<ORG_NAME>_<CLUSTER_NAME>", and the = character is not allowed. However, any unique (among all other participating DSS instances) value is acceptable.

Example: <ORGNAME_CLUSTER_NAME>
crdb_external_nodes list(string) []

Fully-qualified domain name of existing CRDB nodes outside of the cluster if you are joining an existing pool. Example: ["0.db.dss.example.com", "1.db.dss.example.com", "2.db.dss.example.com"]
kubernetes_namespace string "default"

Namespace where to deploy Kubernetes resources. Only default is supported at the moment.

Example: default
yugabyte_cloud string "dss"

Cloud of yugabyte instances, used for partionning.

Should be set to dss unless you're doing advanced partitionning.
yugabyte_region string "uss-1"

Region of yugabyte instances, used for partionning.

Should be different from others USS in a cluster.
yugabyte_zone string "zone"

Zone of yugabyte instances, used for partionning.

Should be set to zone unless you're doing advanced partitionning.
yugabyte_light_resources bool false

Enable light resources reservation for yugabyte instances.

Useful for a dev cluster when you don't want to overload your kubernetes cluster.
yugabyte_external_nodes list(string) []

Fully-qualified domain name of existing yugabyte master nodes outside of the cluster if you are joining an existing pool. Example: ["0.master.db.dss.example.com", "1.master.db.dss.example.com", "2.master.db.dss.example.com"]