wip

SCT-Engineering · Apr 29, 2025 · 14d21ae · 14d21ae
1 parent 838c40a
commit 14d21ae
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 15 deletions.
diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace
@@ -12,6 +12,10 @@
 			"name": "tfmod-config-job",
 			"path": "../../tfmod-config-job"
 		},
+		{
+			"name": "tfmod-cribl",
+			"path": "../../tfmod-cribl"
+		},
 		{
 			"name": "tfmod-custom-iam-role-for-service-account-eks",
 			"path": "../../tfmod-custom-iam-role-for-service-account-eks"

diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl
@@ -17,21 +17,22 @@ locals {
       "eks-arcgis"         = false
       "eks-cert-manager"   = "0.1.6"
       "eks-config"         = "1.0.4"
+      "eks-cribl"          = "initial"
       "eks-dns"            = "0.1.3"
-      "eks-gatekeeper"     = "0.0.1"
+      "eks-gatekeeper"     = "mcmCluster"
       "eks-grafana"        = "0.1.4"
       "eks-istio"          = "1.0.6"
       "eks-k8s-dashboard"  = "0.1.3"
       "eks-karpenter"      = "0.1.4"
-      "eks-keycloak"       = "0.0.6"
+      "eks-keycloak"       = "0.0.7"
       "eks-kiali"          = "0.1.2"
       "eks-loki"           = "0.1.3"
       "eks-metrics-server" = "0.1.3"
       "eks-otel"           = "0.0.2"
       "eks-postgresql"     = false
       "eks-prometheus"     = "0.1.3"
       "eks-tempo"          = "0.1.3"
-      "eks"                = "1.0.8"
+      "eks"                = "1.0.9"
     }
   }
 
@@ -53,6 +54,7 @@ locals {
   # Optional modules with their default enablement state
   enabled_modules = {
     "eks-arcgis"        = false
+    "eks-cribl"         = false
     "eks-gatekeeper"    = true
     "eks-grafana"       = true
     "eks-k8s-dashboard" = true
@@ -84,6 +86,7 @@ locals {
   namespaces = {
     arcgis         = "arcgis"
     cert-manager   = "kube-system"
+    cribl          = "cribl"
     gatekeeper     = "keycloak"
     grafana        = local.telemetry_namespace
     istio          = "istio-system"
@@ -114,6 +117,13 @@ locals {
   cert_manager_version             = "1.17.1"
   cert_manager_webhook_tag         = "v${local.cert_manager_version}"
 
+  #####################
+  # Cribl
+  #####################
+  cribl_chart_version = "4.11.1"
+  cribl_app_version   = "4.11.1"
+
+
   ################
   # GoGatekeeper
   ################
@@ -159,10 +169,6 @@ locals {
   ################
   keycloak_chart_version = "24.4.11"
   keycloak_tag           = "26.0.7"
-  keycloak_hostname      = "keycloak"
-  keycloak_database      = "keycloak"
-  keycloak_username      = "keycloak"
-  keycloak_password      = "this is my very secure and totally random password horse battery staple now"
   postgresql_tag         = "17.4.0-debian-12-r4"
   postgres_exporter_tag  = "0.17.1-debian-12-r0"
   utilities_tag          = "1.0.3"

diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl
@@ -0,0 +1,72 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+locals {
+  # Skip this module if disabled
+  skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
+}
+
+exclude {
+  if                   = local.skip
+  actions              = ["all_except_output"]
+  exclude_dependencies = false
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cribl.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name                                    = "mock-cluster"
+    cluster_endpoint                                = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data              = [{ data = "mock-cert-data" }]
+    eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    security_group_all_worker_mgmt_id               = "sg-mock"
+    subnets                                         = ["subnet-mock1", "subnet-mock2"]
+    vpc_id                                          = "vpc-mock"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-gatekeeper"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  subnets                                         = dependency.eks.outputs.subnets
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  operators_ns                                    = include.root.inputs.operator_namespace
+  telemetry_ns                                    = include.root.inputs.telemetry_namespace
+
+  # Cribl configs
+  cribl_tag = include.root.inputs.cribl_app_version
+  namespace = include.root.inputs.namespaces["cribl"]
+
+
+
+}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl
@@ -68,19 +68,11 @@ inputs = {
   # keycloak config
   default_storage_class  = dependency.eks_config.outputs.rwo_storage_class
   keycloak_chart_version = include.root.inputs.keycloak_chart_version
-  keycloak_hostname      = include.root.inputs.keycloak_hostname
   keycloak_tag           = include.root.inputs.keycloak_tag
   realm_email            = include.root.inputs.cluster_mailing_list
   realm_name             = "master"
-  realm_password         = include.root.inputs.keycloak_password
-  realm_username         = include.root.inputs.keycloak_username
   service_name           = "keycloak"
   telemetry_namespace    = include.root.inputs.telemetry_namespace
   admin_email            = include.root.inputs.cluster_mailing_list
 
-  # # Database configuration
-  keycloak_database = include.root.inputs.keycloak_database
-  keycloak_user     = include.root.inputs.keycloak_username
-  keycloak_password = include.root.inputs.keycloak_password
-
 }