Configuring your Grove cluster¶
There are two levels that you have to consider when doing configuration for Grove. The cluster and each individual instances. This page deals with the configuration options for the cluster.
There are two places to configure your cluster. Secrets should be configured repo's
private.yml. Any other
cluster configuration should be saved in
- The numeric ID of the GitLab project. Doesn't need to be set on GitLab CI as it can be autodetected (via
$CI_PROJECT_ID). For example the grove-template repo's project ID is 24377526
As part of the Grove setup you need to set up a deploy token. This field contains the generated username. You can also use your account's username.
This and the
GITLAB_PASSWORDfield are used for authenticating you to Gitlab's Terraform state backend and Container registry.
- As part of the Grove setup you need to set up a deploy token. This field contains the generated password.
- Contains the generated username.
- Contains the generated password.
- Your Gitlab container registry where the images that Grove creates will
be stored. It is of the form
foo/baris the GitLab repository.
AWS_ACCESS_KEY_ID: required for AWS clusters
- If your cluster runs on AWS, complete this field with your AWS access key.
AWS_SECRET_ACCESS_KEY: required for AWS clusters
- If your cluster runs on AWS, complete this field with your AWS secret key.
MONGODB_ATLAS_PUBLIC_KEY: required for AWS clusters
- Since AWS doesn't provide a MongoDB service, we need to use MongoDB Atlas. Complete this field with your MongoDB public key. For instructions, please visit the AWS documentation
MONGODB_ATLAS_PRIVATE_KEY: required for AWS clusters
- If running an AWS cluster, add your MongoDB private key to this field.
DIGITALOCEAN_TOKEN: required for Digital Ocean clusters
- For clusters running on Digital Ocean, you will need to complete this field to authenticate to the Digital Ocean API. You can create this token directly on Digital Ocean
TF_VAR_do_token: required for Digital Ocean clusters
- Contains the same value as
DIGITALOCEAN_TOKENand is used in the terraform scripts.
SPACES_ACCESS_KEY_ID: required for Digital Ocean clusters
- For Digital Ocean clusters, Grove makes use of their Spaces in lieu of Amazon's S3 service. Add your Spaces Access key to this field.
SPACES_SECRET_ACCESS_KEY: required for Digital Ocean clusters
- For Digital Ocean clusters, Grove makes use of their Spaces in lieu of Amazon's S3 service. Add your Spaces Secret key to this field.
Your New Relic API key in
NRAK-XXXformat. Synthetic monitors will be created for URLs under these settings:
- Your New Relic account id.
- A comma-separated string containing the list of emails to sent New Relic notifications to. Eg.
- us or eu depending on your New Relic account's region.
Other cluster configuration¶
The configuration options below are not secret and therefore belong in your repository's
The name of this cluster. Example: "myorg_aws_openedx". The name must satisfy these conditions:
- The length is at most 63 characters.
- It must contain only lowercase alphanumeric characters or '-'.
- It has to start and end with an alphabetic character.
- As well as end with an alphanumeric character.
- Unique in your service provider's account.
For minikube clusters, only the value "minikube" is allowed.
- The infrastructure provider to use for this cluster. One of
TF_VAR_cluster_domain: required for Digital Ocean clusters
The main domain of your cluster. Subdomains of this domain will be used to set up services such as openfaas and monitoring.
This domain needs to point to the DO or AWS load balancer, and a wildcard CNAME for subdomains pointing to the main domain has to be set up. Eg.
*.mycluster 300 IN CNAME mycluster.grove.com.
This setting is ignored by the
When setting up DNS for instances on Digital Ocean, create
CNAMErecords that point to this domain instead of
Arecords. Otherwise SSL certficates will not be provisioned on your cluster.
TF_VAR_aws_region: required for AWS clusters
- AWS specific, include the desired region in this setting.
TF_VAR_ami_id: optional, AWS only.
- AWS specific, specify the AWS AMI ID related to the region. For Ubuntu AMIs (if you want to use Codejail), use image IDs listed at https://cloud-images.ubuntu.com/aws-eks/.
TF_VAR_do_region: required for Digital Ocean clusters
- DigitalOcean specific, include the desired region in this setting.
- As the cluster auto-scales, what's the max. number of nodes you'll allow? Choose what you're comfortable with based on the # of instances and your scaling/budget needs.
TF_VAR_rds_instance_class: default(db.t3.micro), AWS only
- The RDS MySQL instance class used for AWS. Please visit the Amazon docs for more details.
TF_VAR_rds_min_storage: default(10), AWS only
- Your RDS cluster's minimum storage size in GB.
TF_VAR_rds_max_storage: default(15), AWS only
- Your RDS cluster's maximum storage size in GB.
TF_VAR_mongodbatlas_project_id: required, AWS only
- Your MongoDB Atlas project ID.
- GitLab CI deployment related jobs will only run on the specified branch.
- GitLab dependency proxy url. Make sure it ends with a slash.
Configure the Kubernetes resources for Grove services. This value should be a valid YAML string.Example Configuration
TF_VAR_k8s_resource_quotas: | nginx: limits: cpu: "200m" monitoring-opensearch: limits: cpu: "200m" requests: cpu: "200m" memory: 2Gi
For OpenSearch the default value for the CPU request is "1000m". When updating the limit, be explicit and set the request as well as the deployment will fail if the limit is less than the requets.
- To receive alerts from Alert Manager/Prometheus, update this configuration option. Complete documentation is available on the Cluster Monitoring page.
- Set the size of the PVC claim for the OpenSearch statefulset. Note that this value cannot be changed once the PVC has been created. For details view the Cluster Monitoring page.
- The number of days to retain logs in OpenSearch. For this setting to work
TF_VAR_monitoring_ingressneeds to be enabled.