continuous updates

SCT-Engineering · Aug 12, 2024 · 130ad05 · 130ad05
1 parent dea4c49
commit 130ad05
Show file tree

Hide file tree

Showing 14 changed files with 376 additions and 155 deletions.
diff --git a/lab/us-gov-east-1/vpc/cluster/common_vars.hcl b/lab/us-gov-east-1/vpc/cluster/common_vars.hcl
@@ -0,0 +1,170 @@
+locals {
+  # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+
+  # Automatically load region-level variables
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+
+  # Which AWS_PROFILE to use to perform the operations
+  profile = local.account_vars.locals.aws_profile
+
+  # In which AWS region are operations being performed
+  region = local.region_vars.locals.aws_region
+
+  # Tags applied to AWS objects created
+  application_tags = {
+    "Project Name"   = local.project_name
+    "ProjectNumber"  = local.project_number
+    "CostAllocation" = local.organization
+    "Organization"   = local.organization
+    "Environment"    = local.account_vars.locals.environment
+  }
+
+  ####################################################
+  ## VPC Information
+  ####################################################
+  # Information about the VPC in which artifacts are being created
+
+  vpc_name = "vpc3-lab-dev"
+
+  ####################################################
+  ## EKS Configuration
+  ####################################################
+
+  # The name of the EKS cluster
+  cluster_name = "platform-eng-eks-test"
+
+  # The kubernetes version to use for the cluster
+  cluster_version = "1.30"
+
+  # The domain in which the cluster is being built
+  domain = local.account_vars.locals.vpc_domain_name
+
+  # The size of the disk for the worker nodes, in GB
+  # Loki claims 60 GB - 10g claims - 2 services each with 3 replicas
+  # Prometheus claims 10g
+  # Tempo claims 10g x 3 replicas
+  eks_instance_disk_size = 120
+
+  # The VPC name in which the cluster will operate
+  eks_vpc_name = local.vpc_name
+
+  # The types of instances to use for the worker nodes
+  eks_instance_types = ["t3.xlarge", "m4.xlarge", "m5.xlarge"]
+
+  # How many worker nodes are desired
+  eks_ng_desired_size = 1
+
+  # What is the maximum number of worker nodes allowed.
+  eks_ng_max_size = 10
+
+  # What is the minimum number of worker nodes allowed.
+  eks_ng_min_size = 1
+
+  # Namespace to use for operator installation
+  operators_namespace = "operators"
+
+  ####################################################
+  ## Cloudwatch Agent Configuration for EKS
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that cloudwatch-agent and fluentbit will be installed.
+  cw_namespace = "cloudwatch"
+
+  # How long the logs will be maintained within cloudwatch before deletion.
+  cw_log_retention_days = "30"
+
+  # Fluent Bit reads log files from the tail, and will capture only new
+  # logs after it is deployed. If you want the opposite, set
+  # fluent_bit_read_from_head='On' and it will collect all logs in the
+  # file system and set fluent_bit_read_from_tail='Off'.
+  cw_fluent_bit_read_from_head = "off"
+  cw_fluent_bit_read_from_tail = "on"
+
+  # Fluent Bit can integrate with prometheus and serve metrics.  If the
+  # metrics server is desired, set this to "on" else set it to "off" to
+  # disable the metrics server
+  cw_fluent_bit_http_server = "on"
+
+  # When the metrics server is enabled, the port on which the server is to run.
+  cw_fluent_bit_http_port = "2020"
+
+  ####################################################
+  ## cert-manager Configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that cert-manager will be installed.
+  cm_namespace = "cert-manager"
+
+  # The name of the cluster issuer to install
+  cm_cluster_issuer_name = "clusterissuer"
+
+  # How to issue certs:
+  # Intermediate CA - Request an intermediate CA from TCO and provide the
+  #   name of the file here:
+  #cm_intermediate_ca_crt = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.bundle.crt"
+  #cm_intermediate_ca_key = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.key"
+  #
+  # ACM - Use aws-pca-issuer to request leaf certs from AWS ACM.
+  cm_acm = true
+
+  ####################################################
+  ## Istio Configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that Istio will be installed.
+  istio_namespace = "istio-system"
+
+  istio_enable_telemetry = true
+
+  # Potentially allow istio to control traffic outbound from the cluster.
+  istio_enable_egressgateway = true
+
+  ####################################################
+  ## Keycloak Configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  keycloak_enabled = true
+
+  # The namespace that Keycloak will be installed.
+  keycloak_namespace = "keycloak"
+
+  # The email address of the person considered the keycloak administrator
+  keycloak_admin_email = "robel.t.fesshaye@census.gov"
+
+  # Details about the database keycloak should use to store configuration data
+  keycloak_db_vendor   = "postgresql"
+  keycloak_db_address  = "adsd-rds-mft-sbox.c2tx3ocukdth.us-gov-east-1.rds.amazonaws.com"
+  keycloak_db_port     = "5432"
+  keycloak_db_database = "keycloak"
+  keycloak_db_username = "keycloak"
+  keycloak_db_password = "a-secret-password"
+
+  ####################################################
+  ## log-trace-monitor configuration
+  ####################################################
+  log_trace_monitor_namespace        = "default"
+  log_trace_monitor_create_namespace = false
+
+  ####################################################
+  ## Kubernetes Dashboard configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that kubernetes dashboard will be installed.
+  kube_dashboard_namespace = "kube-dashboard"
+
+  ####################################################
+  ## Metrics Server configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that metrics-server will be installed.
+  ms_namespace = "kube-system"
+
+
+}
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-cert-manager/terragrunt.hcl
@@ -16,8 +16,20 @@ dependency "eks" {
   config_path = "../eks"
 }
 
+dependency "eks-metrics-server" {
+  config_path = "../eks-metrics-server"
+}
+
 inputs = {
-  cluster_name  = dependency.eks.inputs.cluster_name
-  profile       = dependency.eks.inputs.profile
-  contact_email = "srinivasa.nangunuri@census.gov"
+  cluster_name                     = dependency.eks.inputs.cluster_name
+  cluster_mailing_list             = dependency.eks.inputs.creator
+  oidc_provider_arn                = dependency.eks.outputs.oidc_provider_arn
+  profile                          = dependency.eks.inputs.profile
+  region                           = dependency.eks.inputs.region
+  cert_manager_helm_chart          = "1.15.1"
+  cert_manager_cainjector_tag      = "v1.15.1"
+  cert_manager_controller_tag      = "v1.15.1"
+  cert_manager_startupapicheck_tag = "v1.15.1"
+  cert_manager_webhook_tag         = "v1.15.1"
+  namespace                        = "cert-manager"
 }
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl
@@ -1,53 +1,19 @@
-locals {
-  # In which AWS region are operations being performed
-  # vpc_id                                         = "vpc-0280f77b373744eaa"
-  # profile                                        = "224384469011-lab-dev-gov.inf-admin-t3"
-  # cluster_name                                   = "platform-eng-eks-test"
-  # subnets                                        = [
-  #                                                   "subnet-078b228071c609a50",
-  #                                                   "subnet-02c2250b9ec2dd6a2",
-  #                                                   "subnet-07a6339be3670fb41",
-  #                                                 ]
-  # security_group_all_worker_mgmt_id               = "sg-02b62e91afdbeba6b"
-  # eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"]
-
-  # region                                          = "us-gov-east-1"
-  # oidc_provider_arn                               = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828"
+include "root" {
+  path = find_in_parent_folders()
+}
 
+locals {
   tag_costallocation = "census:csvd:platformbaseline"
-  region             = "us-gov-east-1"
-  tags = {
-
-    "eks-cluster-name"      = "platform-eng-eks-test"
-    "CostAllocation"        = "census:csvd:platformbaseline"
-    "boc:tf_module_version" = "1.0.0"
-    "boc:created_by"        = "terraform"
-  }
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=karpenter"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]
   }
 }
 
-remote_state {
-  backend = "s3"
-  generate = {
-    path      = "backend.tf"
-    if_exists = "overwrite_terragrunt"
-  }
-  config = {
-    bucket  = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
-    key     = "platform-eks-test-config/terraform.tfstate"
-    region  = "us-gov-east-1"
-    encrypt = true
-    #dynamodb_table = "my-lock-table"
-  }
-}
-
 dependency "eks" {
   config_path = "../eks"
 }
@@ -56,12 +22,11 @@ inputs = {
   profile                                         = dependency.eks.inputs.profile
   vpc_id                                          = dependency.eks.outputs.vpc_id
   cluster_name                                    = dependency.eks.inputs.cluster_name
-  cluster_autoscaler_role_name                    = dependency.eks.outputs.cluster_autoscaler_role_name
   subnets                                         = dependency.eks.outputs.subnets
   security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
   eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
   oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
-  tags                                            = local.tags
+  tags                                            = dependency.eks.inputs.tags
   tag_costallocation                              = local.tag_costallocation
-  region                                          = local.region
+  region                                          = dependency.eks.inputs.region
 }
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-istio/provider.tf b/lab/us-gov-east-1/vpc/cluster/eks-istio/provider.tf
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-istio/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-istio/terragrunt.hcl
@@ -1,3 +1,7 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
 terraform {
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=1.0.4"
   extra_arguments "retry_lock" {
@@ -6,28 +10,17 @@ terraform {
   }
 }
 
-remote_state {
-  backend = "s3"
-  generate = {
-    path      = "backend.tf"
-    if_exists = "overwrite_terragrunt"
-  }
-  config = {
-    bucket  = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
-    key     = "platform-eks-test-istio/terraform.tfstate"
-    region  = "us-gov-east-1"
-    encrypt = true
-  }
-}
-
 dependency "eks" {
   config_path = "../eks"
 }
+dependency "eks-cert-manager" {
+  config_path = "../eks-cert-manager"
+}
 
 inputs = {
   profile             = dependency.eks.inputs.profile
   cluster_name        = dependency.eks.inputs.cluster_name
-  region              = "us-gov-east-1"
+  region              = dependency.eks.inputs.region
   istio_chart_version = "1.22.1"
   istio_version       = "1.22.1"
 }
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-karpenter/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-karpenter/terragrunt.hcl
@@ -0,0 +1,29 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+locals {
+  tag_costallocation = "census:csvd:platformbaseline"
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=mcmCluster"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+
+inputs = {
+  profile                   = dependency.eks.inputs.profile
+  cluster_endpoint          = dependency.eks.outputs.cluster_endpoint
+  cluster_name              = dependency.eks.inputs.cluster_name
+  karpenter_node_group_name = dependency.eks.outputs.node_group_name
+  oidc_provider_arn         = dependency.eks.outputs.oidc_provider_arn
+  region                    = dependency.eks.inputs.region
+  vpc_id                    = dependency.eks.outputs.vpc_id
+}
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-loki/provider.tf b/lab/us-gov-east-1/vpc/cluster/eks-loki/provider.tf