-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
363 additions
and
224 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,169 @@ | ||
| locals { | ||
| # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) | ||
| account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) | ||
|
|
||
| # Automatically load region-level variables | ||
| region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) | ||
|
|
||
| # Which AWS_PROFILE to use to perform the operations | ||
| profile = local.account_vars.locals.aws_profile | ||
|
|
||
| # In which AWS region are operations being performed | ||
| region = local.region_vars.locals.aws_region | ||
|
|
||
| # Tags applied to AWS objects created | ||
| application_tags = { | ||
| "Project Name" = local.project_name | ||
| "ProjectNumber" = local.project_number | ||
| "CostAllocation" = local.organization | ||
| "Organization" = local.organization | ||
| "Environment" = local.account_vars.locals.environment | ||
| } | ||
|
|
||
| #################################################### | ||
| ## VPC Information | ||
| #################################################### | ||
| # Information about the VPC in which artifacts are being created | ||
|
|
||
| vpc_name = "vpc3-lab-dev" | ||
|
|
||
| #################################################### | ||
| ## EKS Configuration | ||
| #################################################### | ||
|
|
||
| # The name of the EKS cluster | ||
| cluster_name = "platform-eng-eks-mcm" | ||
|
|
||
| # The kubernetes version to use for the cluster | ||
| cluster_version = "1.30" | ||
|
|
||
| # The domain in which the cluster is being built | ||
| domain = local.account_vars.locals.domain_name | ||
|
|
||
| # The size of the disk for the worker nodes, in GB | ||
| # Loki claims 60 GB - 10g claims - 2 services each with 3 replicas | ||
| # Prometheus claims 10g | ||
| eks_instance_disk_size = 100 | ||
|
|
||
| # The VPC name in which the cluster will operate | ||
| eks_vpc_name = local.vpc_name | ||
|
|
||
| # The types of instances to use for the worker nodes | ||
| eks_instance_types = ["t3.xlarge", "m4.xlarge", "m5.xlarge"] | ||
|
|
||
| # How many worker nodes are desired | ||
| eks_ng_desired_size = 3 | ||
|
|
||
| # What is the maximum number of worker nodes allowed. | ||
| eks_ng_max_size = 10 | ||
|
|
||
| # What is the minimum number of worker nodes allowed. | ||
| eks_ng_min_size = 0 | ||
|
|
||
| # Namespace to use for operator installation | ||
| operators_namespace = "operators" | ||
|
|
||
| #################################################### | ||
| ## Cloudwatch Agent Configuration for EKS | ||
| #################################################### | ||
| # Uses cluster_name and region | ||
|
|
||
| # The namespace that cloudwatch-agent and fluentbit will be installed. | ||
| cw_namespace = "cloudwatch" | ||
|
|
||
| # How long the logs will be maintained within cloudwatch before deletion. | ||
| cw_log_retention_days = "30" | ||
|
|
||
| # Fluent Bit reads log files from the tail, and will capture only new | ||
| # logs after it is deployed. If you want the opposite, set | ||
| # fluent_bit_read_from_head='On' and it will collect all logs in the | ||
| # file system and set fluent_bit_read_from_tail='Off'. | ||
| cw_fluent_bit_read_from_head = "off" | ||
| cw_fluent_bit_read_from_tail = "on" | ||
|
|
||
| # Fluent Bit can integrate with prometheus and serve metrics. If the | ||
| # metrics server is desired, set this to "on" else set it to "off" to | ||
| # disable the metrics server | ||
| cw_fluent_bit_http_server = "on" | ||
|
|
||
| # When the metrics server is enabled, the port on which the server is to run. | ||
| cw_fluent_bit_http_port = "2020" | ||
|
|
||
| #################################################### | ||
| ## cert-manager Configuration | ||
| #################################################### | ||
| # Uses cluster_name and region | ||
|
|
||
| # The namespace that cert-manager will be installed. | ||
| cm_namespace = "cert-manager" | ||
|
|
||
| # The name of the cluster issuer to install | ||
| cm_cluster_issuer_name = "clusterissuer" | ||
|
|
||
| # How to issue certs: | ||
| # Intermediate CA - Request an intermediate CA from TCO and provide the | ||
| # name of the file here: | ||
| #cm_intermediate_ca_crt = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.bundle.crt" | ||
| #cm_intermediate_ca_key = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.key" | ||
| # | ||
| # ACM - Use aws-pca-issuer to request leaf certs from AWS ACM. | ||
| cm_acm = true | ||
|
|
||
| #################################################### | ||
| ## Istio Configuration | ||
| #################################################### | ||
| # Uses cluster_name and region | ||
|
|
||
| # The namespace that Istio will be installed. | ||
| istio_namespace = "istio-system" | ||
|
|
||
| istio_enable_telemetry = true | ||
|
|
||
| # Potentially allow istio to control traffic outbound from the cluster. | ||
| istio_enable_egressgateway = true | ||
|
|
||
| #################################################### | ||
| ## Keycloak Configuration | ||
| #################################################### | ||
| # Uses cluster_name and region | ||
|
|
||
| keycloak_enabled = true | ||
|
|
||
| # The namespace that Keycloak will be installed. | ||
| keycloak_namespace = "keycloak" | ||
|
|
||
| # The email address of the person considered the keycloak administrator | ||
| keycloak_admin_email = "robel.t.fesshaye@census.gov" | ||
|
|
||
| # Details about the database keycloak should use to store configuration data | ||
| keycloak_db_vendor = "postgresql" | ||
| keycloak_db_address = "adsd-rds-mft-sbox.c2tx3ocukdth.us-gov-east-1.rds.amazonaws.com" | ||
| keycloak_db_port = "5432" | ||
| keycloak_db_database = "keycloak" | ||
| keycloak_db_username = "keycloak" | ||
| keycloak_db_password = "a-secret-password" | ||
|
|
||
| #################################################### | ||
| ## log-trace-monitor configuration | ||
| #################################################### | ||
| log_trace_monitor_namespace = "default" | ||
| log_trace_monitor_create_namespace = false | ||
|
|
||
| #################################################### | ||
| ## Kubernetes Dashboard configuration | ||
| #################################################### | ||
| # Uses cluster_name and region | ||
|
|
||
| # The namespace that kubernetes dashboard will be installed. | ||
| kube_dashboard_namespace = "kube-dashboard" | ||
|
|
||
| #################################################### | ||
| ## Metrics Server configuration | ||
| #################################################### | ||
| # Uses cluster_name and region | ||
|
|
||
| # The namespace that metrics-server will be installed. | ||
| ms_namespace = "kube-system" | ||
|
|
||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
lab/us-gov-east-1/vpc/_mcmCluster/eks-cloudwatch/terragrunt.hcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| include "root" { | ||
| path = find_in_parent_folders() | ||
| } | ||
|
|
||
| locals { | ||
| tag_costallocation = "census:csvd:platformbaseline" | ||
| providers = ["kubernetes", "helm"] | ||
| } | ||
|
|
||
| terraform { | ||
| source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cloudwatch.git" | ||
| extra_arguments "retry_lock" { | ||
| commands = get_terraform_commands_that_need_locking() | ||
| arguments = ["-lock-timeout=20m"] | ||
| } | ||
| } | ||
|
|
||
| dependency "eks" { | ||
| config_path = "../eks" | ||
| } | ||
| dependency "eks-config" { | ||
| config_path = "../eks-config" | ||
| } | ||
|
|
||
| inputs = { | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.