apply to all clusters

SCT-Engineering · Nov 8, 2024 · 0d703a7 · 0d703a7
1 parent 204e81c
commit 0d703a7
Show file tree

Hide file tree

Showing 48 changed files with 480 additions and 1,064 deletions.
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
@@ -17,4 +17,8 @@ locals {
     "slim:schedule" = "8:00-17:00"
     "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
   }
+  eks_version = "0.1.1"
+  eks_enabled = true
+
+
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl
@@ -1,14 +1,15 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
+
 # Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
   cluster_endpoint_public_access           = true
-  cluster_name                             = "platform-eng-eks-test"
-  cluster_version                          = "1.30"
-  creator                                  = "srinivasa.nangunuri@census.gov"
+  cluster_name                             = "platform-eng-eks-mcm"
+  creator                                  = "matthew.c.morgan@census.gov"
   eks_instance_disk_size                   = 100
   eks_ng_desired_size                      = 2
-  eks_ng_max_size                          = 3
-  eks_ng_min_size                          = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 0
   enable_cluster_creator_admin_permissions = true
   terraform                                = true
   terragrunt                               = true

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl
@@ -1,10 +1,11 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -19,16 +20,21 @@ dependency "eks" {
   }
 }
 
+dependency "eks_config" {
+  config_path  = "../eks-config"
+  skip_outputs = true
+}
+
 inputs = {
   cluster_name                     = dependency.eks.outputs.cluster_name
   cluster_mailing_list             = dependency.eks.inputs.creator
   oidc_provider_arn                = dependency.eks.outputs.oidc_provider_arn
   profile                          = include.root.inputs.aws_profile
   region                           = include.root.inputs.aws_region
-  cert_manager_helm_chart          = "1.15.1"
-  cert_manager_cainjector_tag      = "v1.15.1"
-  cert_manager_controller_tag      = "v1.15.1"
-  cert_manager_startupapicheck_tag = "v1.15.1"
-  cert_manager_webhook_tag         = "v1.15.1"
-  cluster_issuer_name              = "cert-manager"
+  cert_manager_helm_chart          = include.root.inputs.cert_manager_helm_chart
+  cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
+  cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
+  cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
+  cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
+  cluster_issuer_name              = include.root.inputs.cluster_issuer_name
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl
@@ -1,14 +1,13 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
+
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
-# locals {
-#   tag_costallocation = "census:csvd:platformbaseline"
-# }
-
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -18,12 +17,15 @@ terraform {
 dependency "eks" {
   config_path = "../eks"
   mock_outputs = {
-    vpc_id                                          = "a-vpc-id"
+    cluster_certificate_authority_data              = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }]
+    cluster_endpoint                                = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com"
     cluster_name                                    = "a-cluster-name"
-    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ]
-    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
     eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"]
     oidc_provider_arn                               = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
+    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"]
+    token                                           = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }]
+    vpc_id                                          = "a-vpc-id"
   }
 }
 
@@ -36,7 +38,5 @@ inputs = {
   security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
   eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
   oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
-  # tags                                            = dependency.eks.inputs.tags
-  # tag_costallocation                              = local.tag_costallocation
-  # cluster_autoscaler_role_name                    = dependency.eks.outputs.cluster_autoscaler_role_name
+  kubectl_image_tag                               = include.root.inputs.kubectl_image_tag
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl
@@ -1,10 +1,11 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -14,17 +15,28 @@ terraform {
 dependency "eks" {
   config_path = "../eks"
   mock_outputs = {
-    zone_ids = ["Z12345678CA5FV1LIFBC5"]
+    subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"]
+  }
+}
+
+dependency "istio" {
+  config_path = "../eks-istio"
+  mock_outputs = {
+    istio_ingress_lb = {
+      dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com"
+      zone_id  = "ZABC123456DEF"
+    }
   }
 }
 
 inputs = {
-  cluster_name    = dependency.eks.inputs.cluster_name
-  profile         = include.root.inputs.aws_profile
-  region          = include.root.inputs.aws_region
-  subnets         = dependency.eks.outputs.subnets
-  tags            = dependency.eks.inputs.tags
-  vpc_domain_name = dependency.eks.inputs.vpc_domain_name
-  vpc_id          = dependency.eks.outputs.vpc_id
-  vpc_name        = dependency.eks.inputs.vpc_name
+  cluster_name      = dependency.eks.inputs.cluster_name
+  istio_ingress_lb  = dependency.istio.outputs.istio_ingress_lb
+  profile           = include.root.inputs.aws_profile
+  region            = include.root.inputs.aws_region
+  subnets           = dependency.eks.outputs.subnets
+  tags              = dependency.eks.inputs.tags
+  vpc_domain_name   = dependency.eks.inputs.vpc_domain_name
+  vpc_name          = dependency.eks.inputs.vpc_name
+  route53_endpoints = include.root.inputs.route53_endpoints
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl
@@ -1,10 +1,11 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -17,22 +18,23 @@ dependency "eks" {
     cluster_name = "a-cluster-name"
   }
 }
+
 dependency "eks-loki" {
   config_path = "../eks-loki"
   mock_outputs = {
     rwo_storage_class = "gp3-encrypted"
   }
 }
-# dependency "eks-tempo" {
-#   config_path  = "../eks-tempo"
-#   skip_outputs = true
-# }
 
 inputs = {
-  profile           = include.root.inputs.aws_profile
-  region            = include.root.inputs.aws_region
-  cluster_name      = dependency.eks.outputs.cluster_name
-  cluster_domain    = dependency.eks.inputs.vpc_domain_name
-  rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class
-  # datasources        = dependency.eks-loki.outputs.gateway_internal_endpoint
+  profile                       = include.root.inputs.aws_profile
+  region                        = include.root.inputs.aws_region
+  cluster_name                  = dependency.eks.outputs.cluster_name
+  cluster_domain                = dependency.eks.inputs.vpc_domain_name
+  public_hostname               = include.root.inputs.grafana_hostname
+  rwo_storage_class             = dependency.eks-loki.outputs.rwo_storage_class
+  grafana_chart_version         = include.root.inputs.grafana_chart_version
+  grafana_tag                   = include.root.inputs.grafana_tag
+  download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag
+  init_chown_data_image_tag     = include.root.inputs.init_chown_data_image_tag
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl
@@ -1,10 +1,11 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -26,6 +27,6 @@ inputs = {
   profile             = include.root.inputs.aws_profile
   region              = include.root.inputs.aws_region
   cluster_name        = dependency.eks.outputs.cluster_name
-  istio_chart_version = "1.22.1"
-  istio_version       = "1.22.1"
+  istio_chart_version = include.root.inputs.istio_version
+  istio_version       = include.root.inputs.istio_version
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl
@@ -0,0 +1,36 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name    = "a-cluster-name"
+    vpc_domain_name = "example.com"
+  }
+}
+
+dependency "eks-loki" {
+  config_path  = "../eks-loki"
+  skip_outputs = true
+}
+
+inputs = {
+  profile               = include.root.inputs.aws_profile
+  region                = include.root.inputs.aws_region
+  cluster_name          = dependency.eks.outputs.cluster_name
+  cluster_domain        = dependency.eks.inputs.vpc_domain_name
+  public_hostname       = include.root.inputs.dashboard_hostname
+  k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
+  # datasources        = dependency.eks-loki.outputs.gateway_internal_endpoint
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl
@@ -1,10 +1,11 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -35,4 +36,8 @@ inputs = {
   karpenter_node_group_name = dependency.eks.outputs.node_group_name
   oidc_provider_arn         = dependency.eks.outputs.oidc_provider_arn
   vpc_id                    = dependency.eks.outputs.vpc_id
+  karpenter_helm_chart      = include.root.inputs.karpenter_helm_chart
+  karpenter_tag             = include.root.inputs.karpenter_tag
+  kubectl_tag               = include.root.inputs.kubectl_image_tag
+
 }
diff --git a/.../eks-kiali.disable/terragrunt.hcl.disable → ...eks-test/eks-kiali/terragrunt.hcl.disable b/.../eks-kiali.disable/terragrunt.hcl.disable → ...eks-test/eks-kiali/terragrunt.hcl.disable
@@ -1,11 +1,12 @@
 include "root" {
-  path = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster"
-  source = "../../../../../../../tfmod-kiali"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}"
+  # source = "../../../../../../../tfmod-kiali"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -53,9 +54,12 @@ dependency "eks-grafana" {
 }
 
 inputs = {
+  kiali_operator_version = include.root.inputs.kiali_operator_version
+  kiali_application_version = include.root.inputs.kiali_application_version
+
   profile                 = include.root.inputs.aws_profile
   cluster_domain          = dependency.eks.inputs.vpc_domain_name
-  operators_namespace     = dependency.eks.inputs.operators_ns
+  operators_namespace     = "operators"
   cluster_name            = dependency.eks.outputs.cluster_name
   certificate_issuer      = dependency.eks-cert-manager.outputs.cluster_issuer_name
   prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl
@@ -1,10 +1,11 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
@@ -22,10 +23,22 @@ dependency "eks-istio" {
   config_path  = "../eks-istio"
   skip_outputs = true
 }
+dependency "eks-prometheus" {
+  config_path  = "../eks-prometheus"
+  skip_outputs = true
+}
 
 inputs = {
-  profile           = include.root.inputs.aws_profile
-  region            = include.root.inputs.aws_region
-  cluster_name      = dependency.eks.outputs.cluster_name
-  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+  profile                         = include.root.inputs.aws_profile
+  region                          = include.root.inputs.aws_region
+  cluster_name                    = dependency.eks.outputs.cluster_name
+  oidc_provider_arn               = dependency.eks.outputs.oidc_provider_arn
+  loki_chart_version              = include.root.inputs.loki_chart_version
+  loki_tag                        = include.root.inputs.loki_tag
+  canary_tag                      = include.root.inputs.canary_tag
+  enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag
+  gateway_tag                     = include.root.inputs.gateway_tag
+  memcached_tag                   = include.root.inputs.memcached_tag
+  exporter_tag                    = include.root.inputs.exporter_tag
+  sidecar_tag                     = include.root.inputs.sidecar_tag
 }