From 130ad0558e3ee09b4c6c0d36f40dd14331098507 Mon Sep 17 00:00:00 2001 From: Srini Nangunuri Date: Mon, 12 Aug 2024 16:56:45 -0400 Subject: [PATCH] continuous updates --- lab/us-gov-east-1/vpc/cluster/common_vars.hcl | 170 ++++++++++++++++++ .../cluster/eks-cert-manager/terragrunt.hcl | 18 +- .../vpc/cluster/eks-config/terragrunt.hcl | 49 +---- .../vpc/cluster/eks-istio/provider.tf | 17 -- .../vpc/cluster/eks-istio/terragrunt.hcl | 23 +-- .../vpc/cluster/eks-karpenter/terragrunt.hcl | 29 +++ .../vpc/cluster/eks-loki/provider.tf | 17 -- .../vpc/cluster/eks-loki/terragrunt.hcl | 26 ++- .../cluster/eks-metrics-server/terragrunt.hcl | 28 +++ .../vpc/cluster/eks-prometheus/terragrunt.hcl | 2 +- .../vpc/cluster/eks/.terraform.lock.hcl | 26 +-- .../vpc/cluster/eks/terragrunt.hcl | 36 ++-- .../vpc/cluster/terragrunt-hcl.bak | 67 +++++++ lab/us-gov-east-1/vpc/cluster/terragrunt.hcl | 23 ++- 14 files changed, 376 insertions(+), 155 deletions(-) create mode 100644 lab/us-gov-east-1/vpc/cluster/common_vars.hcl delete mode 100644 lab/us-gov-east-1/vpc/cluster/eks-istio/provider.tf create mode 100644 lab/us-gov-east-1/vpc/cluster/eks-karpenter/terragrunt.hcl delete mode 100644 lab/us-gov-east-1/vpc/cluster/eks-loki/provider.tf create mode 100644 lab/us-gov-east-1/vpc/cluster/eks-metrics-server/terragrunt.hcl create mode 100644 lab/us-gov-east-1/vpc/cluster/terragrunt-hcl.bak diff --git a/lab/us-gov-east-1/vpc/cluster/common_vars.hcl b/lab/us-gov-east-1/vpc/cluster/common_vars.hcl new file mode 100644 index 0000000..ffb0d20 --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/common_vars.hcl @@ -0,0 +1,170 @@ +locals { + # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + + # Automatically load region-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + + # Which AWS_PROFILE to use to perform the operations + profile = local.account_vars.locals.aws_profile + + # In which AWS region are operations being performed + region = local.region_vars.locals.aws_region + + # Tags applied to AWS objects created + application_tags = { + "Project Name" = local.project_name + "ProjectNumber" = local.project_number + "CostAllocation" = local.organization + "Organization" = local.organization + "Environment" = local.account_vars.locals.environment + } + + #################################################### + ## VPC Information + #################################################### + # Information about the VPC in which artifacts are being created + + vpc_name = "vpc3-lab-dev" + + #################################################### + ## EKS Configuration + #################################################### + + # The name of the EKS cluster + cluster_name = "platform-eng-eks-test" + + # The kubernetes version to use for the cluster + cluster_version = "1.30" + + # The domain in which the cluster is being built + domain = local.account_vars.locals.vpc_domain_name + + # The size of the disk for the worker nodes, in GB + # Loki claims 60 GB - 10g claims - 2 services each with 3 replicas + # Prometheus claims 10g + # Tempo claims 10g x 3 replicas + eks_instance_disk_size = 120 + + # The VPC name in which the cluster will operate + eks_vpc_name = local.vpc_name + + # The types of instances to use for the worker nodes + eks_instance_types = ["t3.xlarge", "m4.xlarge", "m5.xlarge"] + + # How many worker nodes are desired + eks_ng_desired_size = 1 + + # What is the maximum number of worker nodes allowed. + eks_ng_max_size = 10 + + # What is the minimum number of worker nodes allowed. + eks_ng_min_size = 1 + + # Namespace to use for operator installation + operators_namespace = "operators" + + #################################################### + ## Cloudwatch Agent Configuration for EKS + #################################################### + # Uses cluster_name and region + + # The namespace that cloudwatch-agent and fluentbit will be installed. + cw_namespace = "cloudwatch" + + # How long the logs will be maintained within cloudwatch before deletion. + cw_log_retention_days = "30" + + # Fluent Bit reads log files from the tail, and will capture only new + # logs after it is deployed. If you want the opposite, set + # fluent_bit_read_from_head='On' and it will collect all logs in the + # file system and set fluent_bit_read_from_tail='Off'. + cw_fluent_bit_read_from_head = "off" + cw_fluent_bit_read_from_tail = "on" + + # Fluent Bit can integrate with prometheus and serve metrics. If the + # metrics server is desired, set this to "on" else set it to "off" to + # disable the metrics server + cw_fluent_bit_http_server = "on" + + # When the metrics server is enabled, the port on which the server is to run. + cw_fluent_bit_http_port = "2020" + + #################################################### + ## cert-manager Configuration + #################################################### + # Uses cluster_name and region + + # The namespace that cert-manager will be installed. + cm_namespace = "cert-manager" + + # The name of the cluster issuer to install + cm_cluster_issuer_name = "clusterissuer" + + # How to issue certs: + # Intermediate CA - Request an intermediate CA from TCO and provide the + # name of the file here: + #cm_intermediate_ca_crt = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.bundle.crt" + #cm_intermediate_ca_key = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.key" + # + # ACM - Use aws-pca-issuer to request leaf certs from AWS ACM. + cm_acm = true + + #################################################### + ## Istio Configuration + #################################################### + # Uses cluster_name and region + + # The namespace that Istio will be installed. + istio_namespace = "istio-system" + + istio_enable_telemetry = true + + # Potentially allow istio to control traffic outbound from the cluster. + istio_enable_egressgateway = true + + #################################################### + ## Keycloak Configuration + #################################################### + # Uses cluster_name and region + + keycloak_enabled = true + + # The namespace that Keycloak will be installed. + keycloak_namespace = "keycloak" + + # The email address of the person considered the keycloak administrator + keycloak_admin_email = "robel.t.fesshaye@census.gov" + + # Details about the database keycloak should use to store configuration data + keycloak_db_vendor = "postgresql" + keycloak_db_address = "adsd-rds-mft-sbox.c2tx3ocukdth.us-gov-east-1.rds.amazonaws.com" + keycloak_db_port = "5432" + keycloak_db_database = "keycloak" + keycloak_db_username = "keycloak" + keycloak_db_password = "a-secret-password" + + #################################################### + ## log-trace-monitor configuration + #################################################### + log_trace_monitor_namespace = "default" + log_trace_monitor_create_namespace = false + + #################################################### + ## Kubernetes Dashboard configuration + #################################################### + # Uses cluster_name and region + + # The namespace that kubernetes dashboard will be installed. + kube_dashboard_namespace = "kube-dashboard" + + #################################################### + ## Metrics Server configuration + #################################################### + # Uses cluster_name and region + + # The namespace that metrics-server will be installed. + ms_namespace = "kube-system" + + +} diff --git a/lab/us-gov-east-1/vpc/cluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-cert-manager/terragrunt.hcl index f7c9de9..22497df 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-cert-manager/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-cert-manager/terragrunt.hcl @@ -16,8 +16,20 @@ dependency "eks" { config_path = "../eks" } +dependency "eks-metrics-server" { + config_path = "../eks-metrics-server" +} + inputs = { - cluster_name = dependency.eks.inputs.cluster_name - profile = dependency.eks.inputs.profile - contact_email = "srinivasa.nangunuri@census.gov" + cluster_name = dependency.eks.inputs.cluster_name + cluster_mailing_list = dependency.eks.inputs.creator + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = dependency.eks.inputs.profile + region = dependency.eks.inputs.region + cert_manager_helm_chart = "1.15.1" + cert_manager_cainjector_tag = "v1.15.1" + cert_manager_controller_tag = "v1.15.1" + cert_manager_startupapicheck_tag = "v1.15.1" + cert_manager_webhook_tag = "v1.15.1" + namespace = "cert-manager" } diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl index 860e149..5473373 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl @@ -1,53 +1,19 @@ -locals { - # In which AWS region are operations being performed - # vpc_id = "vpc-0280f77b373744eaa" - # profile = "224384469011-lab-dev-gov.inf-admin-t3" - # cluster_name = "platform-eng-eks-test" - # subnets = [ - # "subnet-078b228071c609a50", - # "subnet-02c2250b9ec2dd6a2", - # "subnet-07a6339be3670fb41", - # ] - # security_group_all_worker_mgmt_id = "sg-02b62e91afdbeba6b" - # eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"] - - # region = "us-gov-east-1" - # oidc_provider_arn = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828" +include "root" { + path = find_in_parent_folders() +} +locals { tag_costallocation = "census:csvd:platformbaseline" - region = "us-gov-east-1" - tags = { - - "eks-cluster-name" = "platform-eng-eks-test" - "CostAllocation" = "census:csvd:platformbaseline" - "boc:tf_module_version" = "1.0.0" - "boc:created_by" = "terraform" - } } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=karpenter" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] } } -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite_terragrunt" - } - config = { - bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "platform-eks-test-config/terraform.tfstate" - region = "us-gov-east-1" - encrypt = true - #dynamodb_table = "my-lock-table" - } -} - dependency "eks" { config_path = "../eks" } @@ -56,12 +22,11 @@ inputs = { profile = dependency.eks.inputs.profile vpc_id = dependency.eks.outputs.vpc_id cluster_name = dependency.eks.inputs.cluster_name - cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name subnets = dependency.eks.outputs.subnets security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - tags = local.tags + tags = dependency.eks.inputs.tags tag_costallocation = local.tag_costallocation - region = local.region + region = dependency.eks.inputs.region } diff --git a/lab/us-gov-east-1/vpc/cluster/eks-istio/provider.tf b/lab/us-gov-east-1/vpc/cluster/eks-istio/provider.tf deleted file mode 100644 index d4b0b0d..0000000 --- a/lab/us-gov-east-1/vpc/cluster/eks-istio/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -# provider.tf -provider "aws" { - region = "us-gov-east-1" - profile = "224384469011-lab-dev-gov" -} - -provider "kubernetes" { - config_path = "~/.kube/config" - config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test" -} - -provider "helm" { - kubernetes { - config_path = "~/.kube/config" - config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test" - } -} diff --git a/lab/us-gov-east-1/vpc/cluster/eks-istio/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-istio/terragrunt.hcl index e6d0eed..fa25f52 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-istio/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-istio/terragrunt.hcl @@ -1,3 +1,7 @@ +include "root" { + path = find_in_parent_folders() +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=1.0.4" extra_arguments "retry_lock" { @@ -6,28 +10,17 @@ terraform { } } -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite_terragrunt" - } - config = { - bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "platform-eks-test-istio/terraform.tfstate" - region = "us-gov-east-1" - encrypt = true - } -} - dependency "eks" { config_path = "../eks" } +dependency "eks-cert-manager" { + config_path = "../eks-cert-manager" +} inputs = { profile = dependency.eks.inputs.profile cluster_name = dependency.eks.inputs.cluster_name - region = "us-gov-east-1" + region = dependency.eks.inputs.region istio_chart_version = "1.22.1" istio_version = "1.22.1" } diff --git a/lab/us-gov-east-1/vpc/cluster/eks-karpenter/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-karpenter/terragrunt.hcl new file mode 100644 index 0000000..2ce025e --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-karpenter/terragrunt.hcl @@ -0,0 +1,29 @@ +include "root" { + path = find_in_parent_folders() +} + +locals { + tag_costallocation = "census:csvd:platformbaseline" +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=mcmCluster" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + profile = dependency.eks.inputs.profile + cluster_endpoint = dependency.eks.outputs.cluster_endpoint + cluster_name = dependency.eks.inputs.cluster_name + karpenter_node_group_name = dependency.eks.outputs.node_group_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + region = dependency.eks.inputs.region + vpc_id = dependency.eks.outputs.vpc_id +} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-loki/provider.tf b/lab/us-gov-east-1/vpc/cluster/eks-loki/provider.tf deleted file mode 100644 index a858654..0000000 --- a/lab/us-gov-east-1/vpc/cluster/eks-loki/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -# provider.tf -provider "aws" { - region = "us-gov-east-1" - profile = "224384469011-lab-dev-gov" -} - -provider "kubernetes" { - config_path = "~/.kube/config" - config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test" -} - -provider "helm" { - kubernetes { - config_path = "~/.kube/config" - config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test" - } -} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl index ae679f0..6974959 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl @@ -1,32 +1,26 @@ +include "root" { + path = find_in_parent_folders() +} + terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] } } -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite_terragrunt" - } - config = { - bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "platform-eks-test-loki/terraform.tfstate" - region = "us-gov-east-1" - encrypt = true - } -} - dependency "eks" { config_path = "../eks" } +dependency "eks-istio" { + config_path = "../eks-istio" +} + inputs = { profile = dependency.eks.inputs.profile cluster_name = dependency.eks.inputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - region = "us-gov-east-1" + region = dependency.eks.inputs.region } diff --git a/lab/us-gov-east-1/vpc/cluster/eks-metrics-server/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-metrics-server/terragrunt.hcl new file mode 100644 index 0000000..bd34fc9 --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/eks-metrics-server/terragrunt.hcl @@ -0,0 +1,28 @@ +include "root" { + path = find_in_parent_folders() +} + +locals { + tag_costallocation = "census:csvd:platformbaseline" +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=mcmCluster" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" +} +dependency "eks-config" { + config_path = "../eks-config" +} + +inputs = { + profile = dependency.eks.inputs.profile + cluster_name = dependency.eks.inputs.cluster_name + region = dependency.eks.inputs.region +} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl index 624a2fe..8fd3870 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-prometheus/terragrunt.hcl @@ -1,5 +1,5 @@ terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=platform-changes" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/us-gov-east-1/vpc/cluster/eks/.terraform.lock.hcl b/lab/us-gov-east-1/vpc/cluster/eks/.terraform.lock.hcl index df4cf7c..746d1a3 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks/.terraform.lock.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks/.terraform.lock.hcl @@ -26,7 +26,7 @@ provider "registry.terraform.io/hashicorp/aws" { provider "registry.terraform.io/hashicorp/cloudinit" { version = "2.3.4" - constraints = ">= 2.0.0, >= 2.3.2" + constraints = ">= 2.0.0" hashes = [ "h1:cVIIhnXweOHavu1uV2bdKScTjLbM1WnKM/25wqYBJWo=", "zh:09f1f1e1d232da96fbf9513b0fb5263bc2fe9bee85697aa15d40bb93835efbeb", @@ -44,26 +44,6 @@ provider "registry.terraform.io/hashicorp/cloudinit" { ] } -provider "registry.terraform.io/hashicorp/http" { - version = "3.4.4" - constraints = ">= 3.4.0" - hashes = [ - "h1:dDGRXAVxwKgjVzA7VsO7MpYxt+eHnJosFV7rPZ4842o=", - "zh:28910c348aff60df15cb70c2838c5dac463de5d52fe41a511f122b0b5fa6032d", - "zh:61ddcdb703900b01a8d38c67bd68304e87e05aa82c2d6636a5c49813b0cee8bf", - "zh:6d7ba9fcebff1079b9cbad066874d83680a4aedc997baa597927f59b29a69186", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82caa166f57808dd8421e9edf51bca0692135ca06ab548d5a2e3fe612bdd45a6", - "zh:95cb8ece59966d8f4020660879728dabaa158b3d188f22c0b92229347e740346", - "zh:ae56558b4262a4de250eec83e200ea4647badde10d1a14ed273f4daff650336f", - "zh:c1c5051eab9d9759fdb31bca6d7575a693558887a1156fa5f268963e05be4d92", - "zh:c90234ce3877e54be5b43493f51b582c6f9cb09138844cb048f63e9cd9f230fa", - "zh:cb237c6c47f085bf15149d6d2727b8bf108267582a30e7e2cd7393115896d003", - "zh:e7d782985f8b422cf265a856541ddb14f0d3ab0b54eb1aad6087ccfedacc7335", - "zh:ed0cc12d15226499fc7d173ad2b156c1934efae718cf254e79ca7f0ccd686b6d", - ] -} - provider "registry.terraform.io/hashicorp/null" { version = "3.2.2" constraints = ">= 3.0.0, >= 3.2.1" @@ -86,7 +66,7 @@ provider "registry.terraform.io/hashicorp/null" { provider "registry.terraform.io/hashicorp/time" { version = "0.12.0" - constraints = ">= 0.9.0, >= 0.9.1" + constraints = ">= 0.9.0" hashes = [ "h1:YV9bUZSUihGBKuwqNmRnm4wKQf11pr3hnYcarpoPoQQ=", "zh:019a4c09af254ef80b72cf0d843dfe72d99483e227138cf5b514a1b9977ab4c3", @@ -106,7 +86,7 @@ provider "registry.terraform.io/hashicorp/time" { provider "registry.terraform.io/hashicorp/tls" { version = "4.0.5" - constraints = ">= 3.0.0, >= 4.0.4" + constraints = ">= 3.0.0" hashes = [ "h1:e4LBdJoZJNOQXPWgOAG0UuPBVhCStu98PieNlqJTmeU=", "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", diff --git a/lab/us-gov-east-1/vpc/cluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks/terragrunt.hcl index 4c03679..f24ef7c 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks/terragrunt.hcl @@ -4,20 +4,25 @@ include "root" { } locals { + account_id = local.account_vars.locals.aws_account_id + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) # In which AWS region are operations being performed vpc_name = "vpc3-lab-dev" cluster_name = "platform-eng-eks-test" cluster_version = "1.30" - domain = "dev.lab.csp2.census.gov" - eks_instance_disk_size = 60 + vpc_domain_name = "dev.lab.csp2.census.gov" + eks_instance_disk_size = 100 eks_vpc_name = "vpc3-lab-dev" - eks_ng_desired_size = 1 + eks_ng_desired_size = 2 eks_ng_max_size = 10 - eks_ng_min_size = 1 + eks_ng_min_size = 2 operators_ns = "operators" enable_cluster_creator_admin_permissions = true cluster_endpoint_public_access = true profile = "224384469011-lab-dev-gov" + region = local.region_vars.locals.aws_region + cluster_mailing_list = "srinivasa.nangunuri@census.gov" # Tags applied to AWS objects created tags = { @@ -44,7 +49,7 @@ locals { terraform { #source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=1.0.1" - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=ver" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -52,13 +57,14 @@ terraform { } inputs = { - profile = local.profile - vpc_name = local.eks_vpc_name - cluster_name = local.cluster_name - cluster_version = local.cluster_version - eks_instance_disk_size = local.eks_instance_disk_size - eks_vpc_name = local.eks_vpc_name - #eks_instance_types = local.eks_instance_types + aws_account_id = local.account_id + profile = local.profile + vpc_name = local.eks_vpc_name + cluster_name = local.cluster_name + cluster_version = local.cluster_version + eks_instance_disk_size = local.eks_instance_disk_size + eks_vpc_name = local.eks_vpc_name + #eks_instance_types = local.eks_instance_types eks_ng_desired_size = local.eks_ng_desired_size eks_ng_max_size = local.eks_ng_max_size eks_ng_min_size = local.eks_ng_min_size @@ -67,5 +73,9 @@ inputs = { cluster_endpoint_public_access = local.cluster_endpoint_public_access tags = local.tags aws_auth_roles = local.aws_auth_roles - domain = local.domain + vcp_domain_name = local.vpc_domain_name + region = local.region + creator = local.cluster_mailing_list + os_username = local.cluster_mailing_list + shared_vpc_label = "dev" } diff --git a/lab/us-gov-east-1/vpc/cluster/terragrunt-hcl.bak b/lab/us-gov-east-1/vpc/cluster/terragrunt-hcl.bak new file mode 100644 index 0000000..5950285 --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/terragrunt-hcl.bak @@ -0,0 +1,67 @@ +locals { + # In which AWS region are operations being performed + # vpc_id = "vpc-0280f77b373744eaa" + # profile = "224384469011-lab-dev-gov.inf-admin-t3" + # cluster_name = "platform-eng-eks-test" + # subnets = [ + # "subnet-078b228071c609a50", + # "subnet-02c2250b9ec2dd6a2", + # "subnet-07a6339be3670fb41", + # ] + # security_group_all_worker_mgmt_id = "sg-02b62e91afdbeba6b" + # eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"] + + # region = "us-gov-east-1" + # oidc_provider_arn = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828" + + tag_costallocation = "census:csvd:platformbaseline" + region = "us-gov-east-1" + tags = { + + "eks-cluster-name" = "platform-eng-eks-test" + "CostAllocation" = "census:csvd:platformbaseline" + "boc:tf_module_version" = "1.0.0" + "boc:created_by" = "terraform" + } +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test-config/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + #dynamodb_table = "my-lock-table" + } +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + profile = dependency.eks.inputs.profile + vpc_id = dependency.eks.outputs.vpc_id + cluster_name = dependency.eks.inputs.cluster_name + cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name + subnets = dependency.eks.outputs.subnets + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + tags = local.tags + tag_costallocation = local.tag_costallocation + region = local.region +} \ No newline at end of file diff --git a/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl index 94217c6..39bbd6f 100644 --- a/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl @@ -16,27 +16,34 @@ locals { # Extract the variables we need for easy access account_name = local.account_vars.locals.account_name account_id = local.account_vars.locals.aws_account_id + creator = "srinivasa.nangunuri@census.gov" + profile = "224384469011-lab-dev-gov" organization = "census:ocio:csvd" project_number = "fs0000000078" project_name = "csvd_platformbaseline" - project_role = "csvd_platformbaseline_app" + project_role = "csvd_platformbaseline_snang" + region = local.region_vars.locals.aws_region } generate "provider" { path = "provider.tf" if_exists = "overwrite_terragrunt" contents = <