diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace index 8864dc1..23f62eb 100644 --- a/.github/platform-tg-infra.code-workspace +++ b/.github/platform-tg-infra.code-workspace @@ -12,6 +12,10 @@ "name": "tfmod-config-job", "path": "../../tfmod-config-job" }, + { + "name": "tfmod-cribl", + "path": "../../tfmod-cribl" + }, { "name": "tfmod-custom-iam-role-for-service-account-eks", "path": "../../tfmod-custom-iam-role-for-service-account-eks" diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index a70be28..e2ae2bd 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -17,13 +17,14 @@ locals { "eks-arcgis" = false "eks-cert-manager" = "0.1.6" "eks-config" = "1.0.4" + "eks-cribl" = "initial" "eks-dns" = "0.1.3" - "eks-gatekeeper" = "0.0.1" + "eks-gatekeeper" = "mcmCluster" "eks-grafana" = "0.1.4" "eks-istio" = "1.0.6" "eks-k8s-dashboard" = "0.1.3" "eks-karpenter" = "0.1.4" - "eks-keycloak" = "0.0.6" + "eks-keycloak" = "0.0.7" "eks-kiali" = "0.1.2" "eks-loki" = "0.1.3" "eks-metrics-server" = "0.1.3" @@ -31,7 +32,7 @@ locals { "eks-postgresql" = false "eks-prometheus" = "0.1.3" "eks-tempo" = "0.1.3" - "eks" = "1.0.8" + "eks" = "1.0.9" } } @@ -53,6 +54,7 @@ locals { # Optional modules with their default enablement state enabled_modules = { "eks-arcgis" = false + "eks-cribl" = false "eks-gatekeeper" = true "eks-grafana" = true "eks-k8s-dashboard" = true @@ -84,6 +86,7 @@ locals { namespaces = { arcgis = "arcgis" cert-manager = "kube-system" + cribl = "cribl" gatekeeper = "keycloak" grafana = local.telemetry_namespace istio = "istio-system" @@ -114,6 +117,13 @@ locals { cert_manager_version = "1.17.1" cert_manager_webhook_tag = "v${local.cert_manager_version}" + ##################### + # Cribl + ##################### + cribl_chart_version = "4.11.1" + cribl_app_version = "4.11.1" + + ################ # GoGatekeeper ################ @@ -159,10 +169,6 @@ locals { ################ keycloak_chart_version = "24.4.11" keycloak_tag = "26.0.7" - keycloak_hostname = "keycloak" - keycloak_database = "keycloak" - keycloak_username = "keycloak" - keycloak_password = "this is my very secure and totally random password horse battery staple now" postgresql_tag = "17.4.0-debian-12-r4" postgres_exporter_tag = "0.17.1-debian-12-r0" utilities_tag = "1.0.3" diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl new file mode 100644 index 0000000..88b2784 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl @@ -0,0 +1,72 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cribl.git?ref=${include.root.inputs.release_version}" + + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + + mock_outputs = { + cluster_name = "mock-cluster" + cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" + cluster_certificate_authority_data = [{ data = "mock-cert-data" }] + eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"] + oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + security_group_all_worker_mgmt_id = "sg-mock" + subnets = ["subnet-mock1", "subnet-mock2"] + vpc_id = "vpc-mock" + } +} + +dependencies { + paths = [ + "../eks", + "../eks-gatekeeper" + ] +} + +inputs = { + # AWS Configuration + account_id = include.root.inputs.aws_account_id + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + + # Core Cluster Configuration + cluster_name = dependency.eks.outputs.cluster_name + eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + subnets = dependency.eks.outputs.subnets + vpc_id = dependency.eks.outputs.vpc_id + operators_ns = include.root.inputs.operator_namespace + telemetry_ns = include.root.inputs.telemetry_namespace + + # Cribl configs + cribl_tag = include.root.inputs.cribl_app_version + namespace = include.root.inputs.namespaces["cribl"] + + + +} diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl index 5bd23c8..f17489e 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl @@ -68,19 +68,11 @@ inputs = { # keycloak config default_storage_class = dependency.eks_config.outputs.rwo_storage_class keycloak_chart_version = include.root.inputs.keycloak_chart_version - keycloak_hostname = include.root.inputs.keycloak_hostname keycloak_tag = include.root.inputs.keycloak_tag realm_email = include.root.inputs.cluster_mailing_list realm_name = "master" - realm_password = include.root.inputs.keycloak_password - realm_username = include.root.inputs.keycloak_username service_name = "keycloak" telemetry_namespace = include.root.inputs.telemetry_namespace admin_email = include.root.inputs.cluster_mailing_list - # # Database configuration - keycloak_database = include.root.inputs.keycloak_database - keycloak_user = include.root.inputs.keycloak_username - keycloak_password = include.root.inputs.keycloak_password - }