Skip to content

terraform-ibm-modules/terraform-ibm-icd-elasticsearch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

271 Commits
.github
.github
 
 
common-dev-assets @ 95f6c1e
common-dev-assets @ 95f6c1e
 
 
examples
examples
 
 
images
images
 
 
modules/fscloud
modules/fscloud
 
 
reference-architecture
reference-architecture
 
 
scripts
scripts
 
 
solutions/standard
solutions/standard
 
 
tests
tests
 
 
.catalog-onboard-pipeline.yaml
.catalog-onboard-pipeline.yaml
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.releaserc
.releaserc
 
 
.secrets.baseline
.secrets.baseline
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
ci
ci
 
 
cra-config.yaml
cra-config.yaml
 
 
cra-tf-validate-ignore-rules.json
cra-tf-validate-ignore-rules.json
 
 
ibm_catalog.json
ibm_catalog.json
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
renovate.json
renovate.json
 
 
variables.tf
variables.tf
 
 
version.tf
version.tf
 
 

Repository files navigation

ICD Elasticsearch Module

Graduated (Supported) latest release pre-commit Renovate enabled semantic-release

Overview

This module implements an instance of the IBM Cloud Databases for Elasticsearch service.

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXXXXXX"
  region           = "us-south"
}

module "icd_elasticsearch" {
  source            = "terraform-ibm-modules/icd-elasticsearch/ibm"
  version           = "X.X.X"  # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
  region            = "us-south"
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • Databases for Elasticsearch service
      • Editor role access

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.70.0, <2.0.0
null >= 3.2.1, < 4.0.0
time >= 0.9.1

Modules

Name Source Version
cbr_rule terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module 1.28.1

Resources

Name Type
ibm_database.elasticsearch resource
ibm_iam_authorization_policy.policy resource
ibm_resource_key.service_credentials resource
ibm_resource_tag.elasticsearch_tag resource
null_resource.put_vectordb_model resource
null_resource.start_vectordb_model resource
time_sleep.wait_for_authorization_policy resource
ibm_database_connection.database_connection data source

Inputs

Name Description Type Default Required
access_tags A list of access tags to apply to the Databases for Elasticsearch instance created by the module. Learn more. list(string) [] no
admin_pass The password for the database administrator. If the admin password is null, the admin user ID cannot be accessed. You can specify more users in a user block. string null no
auto_scaling The rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. Learn more. 
object({
    disk = object({
      capacity_enabled             = optional(bool, false)
      free_space_less_than_percent = optional(number, 10)
      io_above_percent             = optional(number, 90)
      io_enabled                   = optional(bool, false)
      io_over_period               = optional(string, "15m")
      rate_increase_percent        = optional(number, 10)
      rate_limit_mb_per_member     = optional(number, 3670016)
      rate_period_seconds          = optional(number, 900)
      rate_units                   = optional(string, "mb")
    })
    memory = object({
      io_above_percent         = optional(number, 90)
      io_enabled               = optional(bool, false)
      io_over_period           = optional(string, "15m")
      rate_increase_percent    = optional(number, 10)
      rate_limit_mb_per_member = optional(number, 114688)
      rate_period_seconds      = optional(number, 900)
      rate_units               = optional(string, "mb")
    })
  })
 null no
backup_crn The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after both provisioning is complete and the new deployment that uses that data starts. Specify a backup CRN is in the format crn:v1:<...>:backup:. If not specified, the database is provisioned empty. string null no
backup_encryption_key_crn The CRN of a Hyper Protect Crypto Services use for encrypting the disk that holds deployment backups. There are limitation per region on the Hyper Protect Crypto Services and region for those services. See https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups string null no
cbr_rules The list of context-based restriction rules to create. 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
  }))
 [] no
elasticsearch_version The version of Databases for Elasticsearch to deploy. Possible values: 8.7, 8.10, 8.12, 8.15 which requires an Enterprise Platinum pricing plan. If no value is specified, the current preferred version for IBM Cloud Databases is used. string null no
elser_model_type Trained ELSER model to be used for Elastic's Natural Language Processing. Possible values: .elser_model_1, .elser_model_2 and .elser_model_2_linux-x86_64. Learn more string ".elser_model_2_linux-x86_64" no
enable_elser_model Set it to true to install and start the Elastic's Natural Language Processing model. Learn more bool false no
existing_kms_instance_guid The GUID of a Hyper Protect Crypto Services or Key Protect instance for the CRN specified in kms_key_crn and backup_encryption_key_crn. Applies only if kms_encryption_enabled is true, skip_iam_authorization_policy is false, and you specify values for kms_key_crn or backup_encryption_key_crn. string null no
kms_encryption_enabled Whether to specify the keys used to encrypt data in the database. Specify true to identify the encryption keys. If set to false, the data is encrypted with randomly generated keys. Learn more about Key Protect integration. Learn more about HPCS integration. bool false no
kms_key_crn The root key CRN of the Key Protect or Hyper Protect Crypto Services instance to use for disk encryption. Applies only if kms_encryption_enabled is true. string null no
member_cpu_count The dedicated CPU per member that is allocated. For shared CPU, set to 0. Learn more. number 0 no
member_disk_mb The disk that is allocated per member. Learn more. number 5120 no
member_host_flavor The host flavor per member. Learn more. string null no
member_memory_mb The memory per member that is allocated. Learn more number 4096 no
members The number of members that are allocated. Learn more. number 3 no
name The name of the Databases for Elasticsearch instance. string n/a yes
plan The pricing plan for the Databases for Elasticsearch instance. Must be enterprise or platinum if the elasticsearch_version variable is set to 8.10 or later. string "enterprise" no
region The region where you want to deploy your instance. string "us-south" no
resource_group_id The resource group ID where the Databases for Elasticsearch instance is created. string n/a yes
service_credential_names The map of name and role for service credentials that you want to create for the database. map(string) {} no
service_endpoints The type of endpoint of the database instance. Possible values: public, private, public-and-private. string "public" no
skip_iam_authorization_policy Whether to create an IAM authorization policy that permits all Databases for Elasticsearch instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance specified in the existing_kms_instance_guid variable. If set to false, specify a value for the KMS instance in the existing_kms_instance_guid variable. No policy is created if kms_encryption_enabled is false. bool false no
tags The list of tags to be added to the Databases for Elasticsearch instance. list(string) [] no
use_default_backup_encryption_key Whether to use the IBM Cloud Databases generated keys for backup encryption. bool false no
users The list of users that have access to the database. Multiple blocks are allowed. The user password must be 10-32 characters. In most cases, you can use IAM service credentials (by specifying service_credential_names) to control access to the database instance. This block creates native database users. Learn more. 
list(object({
    name     = string
    password = string # pragma: allowlist secret
    type     = optional(string)
    role     = optional(string)
  }))
 [] no

Outputs

Name Description
adminuser Database admin user name
cbr_rule_ids CBR rule ids created to restrict Elasticsearch
certificate_base64 Database connection certificate
crn Elasticsearch instance crn
guid Elasticsearch instance guid
hostname Database connection hostname
id Elasticsearch id
port Database connection port
service_credentials_json Service credentials json map
service_credentials_object Service credentials object
version Elasticsearch version

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

About

Implements an instance of the IBM Cloud Databases for Elasticsearch service.

Topics

elasticsearch terraform core-team ibm-cloud terraform-module supported graduated ibm-database icd-elasticsearch deployable-architecture

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

16 watching

Forks

1 fork
Report repository

Releases 110

v1.23.0 Latest
Nov 19, 2024
+ 109 releases

Packages

No packages published

Contributors 23

+ 9 contributors

Languages