add gatekeeper

SCT-Engineering · Apr 21, 2025 · 01bf24c · 01bf24c
1 parent 219c63f
commit 01bf24c
Show file tree

Hide file tree

Showing 2 changed files with 130 additions and 5 deletions.
diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl
@@ -179,11 +179,11 @@ locals {
   # PostgreSQL
   ################
 
-  os_shell_tag             = local.utilities_tag
-  # postgres_exporter_tag    = "0.16.0"
-  postgresql_repmgr_tag    = "17.4.0-alpine"
-  pgpool_tag               = "4.5.5"
-  postgresql_chart_version = "15.3.0"
+  # os_shell_tag             = local.utilities_tag
+  # # postgres_exporter_tag    = local.postgres_exporter_tag
+  # postgresql_repmgr_tag    = "17.4.0-alpine"
+  # pgpool_tag               = "4.5.5"
+  # postgresql_chart_version = "15.3.0"
 
   ################
   # Prometheus

diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl
@@ -0,0 +1,125 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gatekeeper.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.example.com"
+  }
+}
+
+dependency "eks-grafana" {
+  config_path                             = "../eks-grafana"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    namespace       = "telemetry"
+    internal_endpoint = {
+      hostname = "kubernetes-dashboard.telemetry.svc.cluster.local"
+      port_number = 80
+      url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/"
+    }
+  }
+}
+
+dependency "eks-k8s-dashboard" {
+  config_path                             = "../eks-k8s-dashboard"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    namespace       = "telemetry"
+    internal_endpoint = {
+      hostname = "kubernetes-dashboard.telemetry.svc.cluster.local"
+      port_number = 80
+      url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/"
+    }
+    dashboard-user-token = "Iamanextremelylongstring"
+  }
+}
+
+dependency "eks_keycloak" {
+  config_path                             = "../eks-keycloak"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    user_auth_realm = "mock.keycloak.example.com/auth"
+    client_id       = "mock-client-id"
+    client_secret   = "mock-client-secret"
+    namespace       = "keycloak"
+    user_secret     = "user-sso"
+  }
+}
+
+dependency "eks-kiali" {
+  config_path                             = "../eks-kiali"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    namespace       = "istio-system"
+    internal_endpoint = {
+      hostname = "kiali.telemetry.svc.cluster.local"
+      port_number = 80
+      url = "http://kiali.telemetry.svc.cluster.local:80/"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-dns",
+    "../eks-grafana",
+    "../eks-k8s-dashboard",
+    "../eks-keycloak",
+    "../eks-kiali",
+  ]
+}
+
+inputs = {
+  # Base Cluster Config
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+  profile        = include.root.inputs.aws_profile
+
+  # Gatekeeper Standard Config
+  gatekeeper_tag             = include.root.inputs.gatekeeper_tag
+  gatekeeper_version         = include.root.inputs.gatekeeper_chart_version
+  keycloak_ns                = dependency.eks_keycloak.outputs.namespace
+  user_secret                = dependency.eks_keycloak.outputs.user_secret
+  client_id                  = dependency.eks_keycloak.outputs.client_id
+  client_secret              = dependency.eks_keycloak.outputs.client_secret
+  keycloak_fqdn              = dependency.eks_keycloak.outputs.user_auth_realm
+
+  # Dashboard Gatekeeper Config 
+  dashboard_service_name     = "dashboard"
+  dashboard_ns               = dependency.eks-k8s-dashboard.outputs.namespace
+  dashboard_url              = dependency.eks-k8s-dashboard.outputs.internal_endpoint.url
+  dashboard_user_token       = dependency.eks-k8s-dashboard.outputs.dashboard-user-token
+
+  # Grafana Gatekeeper Config 
+  grafana_service_name       = "grafana"
+  grafana_ns                 = dependency.eks-grafana.outputs.namespace
+  grafana_url                = dependency.eks-grafana.outputs.internal_endpoint.url
+
+  # Kaili Gatekeeper Config 
+  kiali_service_name       = "kiali"
+  kiali_ns                 = dependency.eks-kiali.outputs.namespace
+  kiali_url                = dependency.eks-kiali.outputs.internal_endpoint.url
+}