Initial commit

SCT-Engineering · May 3, 2024 · 1c09ef5 · 1c09ef5
commit 1c09ef5
Show file tree

Hide file tree

Showing 5 changed files with 216 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,59 @@
+# How to setup and run terragrunt scripts for EKS related modules in a LAB account
+
+## 1. Lab Account request and setup:
+       - Open a REMEDY ticket for creating an account in LAB environment, preferably with t3-admin role.
+       - LAB account url:https://pssvlab.tco.census.gov/PSS/
+       - Make a note that the LAB account password is different from laptop password
+       - Get your gpg keys pushed to lab-dev-ew (224384469011)
+       - login to lab-gov account using sso commands.
+              $ aws-sso-login.sh lab-gov 
+       - Refer this page for additional help on sso credentials: https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/aws-sso
+       - Verify your sso credentials using the following command
+              $ aws sts get-caller-identity --profile <your profile name>
+              Example:
+              $ aws sts get-caller-identity --profile 224384469011-lab-dev-gov.inf-admin-t3
+              
+## 2. Terrgrunt Setup:
+       - Create provider.tf file with sso profile and region
+       - Create terrgrunt.hcl file as specified in the repo
+       - Collect all the tags information required to build an EKS cluster
+       - Specify the source repo where EKS terraform code resides: git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git
+       - Gather all the values for the local variables required to build an EKS cluster 
+       - For the remote backend to state file used an existing s3 bucket in this account: tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1
+
+## 3. Terraform/Terragrunt binaries and versions:
+       - Terraform version: v1.7.5
+       - Terragrunt version: v0.55.21
+       These versions can be found at on IEBCloud host:
+              /data/terraform/workspaces/mcgin314/tools/terragrunt
+              /data/terraform/workspaces/mcgin314/tools/terraform
+       Also these versions can be found at on bromine.cto.census.gov host:
+              /app/terraform/bin/terr* folder
+       - In order to use the above version of terraform/terragrunt, update the PATH env variable
+              $ export PATH=/data/terraform/workspaces/mcgin314/tools:$PATH
+
+## 4. Environment Setup:
+       $ eval $(ssh-agent);cd $HOME/.ssh;ssh-add nangu001-git;
+       $ aws-sso-login.sh lab-gov
+       $ export AWS_PROFILE="224384469011-lab-dev-gov.inf-admin-t3"
+       $ aws sts get-caller-identity  <to verify you are getting the credential from 224384469011>
+       $ Make sure NO_PROXY doesn't have .eks.amazonaws.com in the list ( do echo $NO_PROXY)
+
+## 5. Run the Terragrunt script:
+       - Run terragrunt plan the dir 
+              $ /data/terraform/workspaces/mcgin314/tools/terragrunt plan
+       - Verify the plan output and make sure there are no errors
+       - Run terragrunt apply
+              $ /data/terraform/workspaces/mcgin314/tools/terragrunt apply
+       - Verify apply completes successfully and verify the resources on AWS Console.
+
+## 6. Accessing the cluster:
+       $ aws eks --region us-gov-east-1 update-kubeconfig --name platform-eng-eks-test
+       $ kubectl config use-context arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test
+       $ kubectl config get-contexts
+
+## 7. Run few kubectl commands to verify you are accessing the cluster
+       $ kubectl cluster-info
+       $ kubectl get  pods -A
+       $ kubectl get ns
+
diff --git a/eks-config/provider.tf b/eks-config/provider.tf
@@ -0,0 +1,17 @@
+# provider.tf
+provider "aws" {
+  region  = "us-gov-east-1"
+  profile = "224384469011-lab-dev-gov.inf-admin-t3"
+}
+
+provider "kubernetes" {
+  config_path    = "~/.kube/config"
+  config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test"
+}
+
+provider "helm" {
+  kubernetes {
+      config_path = "~/.kube/config"
+      config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test"
+    }
+}
diff --git a/eks-config/terragrunt.hcl b/eks-config/terragrunt.hcl
@@ -0,0 +1,60 @@
+locals {
+  # In which AWS region are operations being performed
+  vpc_id                                         = "vpc-0280f77b373744eaa"
+  profile                                        = "224384469011-lab-dev-gov.inf-admin-t3"
+  cluster_name                                   = "platform-eng-eks-test"
+  subnets                                        = [
+                                                    "subnet-078b228071c609a50",
+                                                    "subnet-02c2250b9ec2dd6a2",
+                                                    "subnet-07a6339be3670fb41",
+                                                  ]
+  security_group_all_worker_mgmt_id               = "sg-02b62e91afdbeba6b"
+  eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"]
+  tag_costallocation                              = "census:csvd:platformbaseline"
+  region                                          = "us-gov-east-1"
+  oidc_provider_arn                               = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828"
+
+  tags = {
+
+      "eks-cluster-name"      = "platform-eng-eks-test"
+      "CostAllocation"        = "census:csvd:platformbaseline"
+      "boc:tf_module_version" = "1.0.0"
+      "boc:created_by"        = "terraform"
+  }
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+remote_state {
+  backend     = "s3"
+  generate    = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
+    key            = "platform-eks-test-config/terraform.tfstate"
+    region         = "us-gov-east-1"
+    encrypt        = true
+    #dynamodb_table = "my-lock-table"
+  }
+}
+
+inputs = {
+  profile                                         = local.profile
+  vpc_id                                          = local.vpc_id
+  cluster_name                                    = local.cluster_name
+  subnets                                         = local.subnets
+  security_group_all_worker_mgmt_id               = local.security_group_all_worker_mgmt_id
+  eks_managed_node_groups_autoscaling_group_names = local.eks_managed_node_groups_autoscaling_group_names
+  tag_costallocation                              = local.tag_costallocation
+  oidc_provider_arn                               = local.oidc_provider_arn
+  region                                          = local.region
+  tags                                            = local.tags
+}
diff --git a/eks/provider.tf b/eks/provider.tf
@@ -0,0 +1,5 @@
+# provider.tf
+provider "aws" {
+  region  = "us-gov-east-1"
+  profile = "224384469011-lab-dev-gov.inf-admin-t3"
+}
diff --git a/eks/terragrunt.hcl b/eks/terragrunt.hcl
@@ -0,0 +1,75 @@
+locals {
+  # In which AWS region are operations being performed
+  vpc_name               = "vpc3-lab-dev"
+  cluster_name           = "platform-eng-eks-test"
+  cluster_version        = 1.29
+  region                 = "us-gov-east-1"
+  domain                 = "dev.lab.csp2.census.gov"
+  eks_instance_disk_size = 40
+  eks_vpc_name           = "vpc3-lab-dev"
+  eks_ng_desired_size    = 1
+  eks_ng_max_size        = 1
+  eks_ng_min_size        = 1
+  operators_ns           = "operators"
+  enable_cluster_creator_admin_permissions = true
+  cluster_endpoint_public_access  = true
+  #eks_instance_types     = "t3.xlarge"
+
+  # Which AWS_PROFILE to use to perform the operations
+  profile        = "224384469011-lab-dev-gov.inf-admin-t3"
+
+  # Tags applied to AWS objects created
+  tags = {
+      "Project Name"          = "csvd_platformbaseline"
+      "eks-cluster-name"      = "platform-eng-eks-test"
+      "CostAllocation"        = "census:csvd:platformbaseline"
+      "Organization"          = "census:ocio:csvd"
+      "ProjectNumber"         = "fs0000000078"
+      "Project Role"          = "csvd_platformbaseline_app"
+      "boc:tf_module_version" = "1.0.0"
+      "Environment"           = "dev"
+      "boc:created_by"        = "terraform"
+  }
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+remote_state {
+  backend     = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
+    key            = "platform-eks-test/terraform.tfstate"
+    region         = "us-gov-east-1"
+    encrypt        = true
+    #dynamodb_table = "my-lock-table"
+  }
+}
+
+inputs = {
+  profile                = local.profile
+  vpc_name               = local.eks_vpc_name
+  cluster_name           = local.cluster_name
+  cluster_version        = local.cluster_version
+  region                 = local.region
+  domain                 = local.domain
+  eks_instance_disk_size = local.eks_instance_disk_size
+  eks_vpc_name           = local.eks_vpc_name
+  #eks_instance_types     = local.eks_instance_types
+  eks_ng_desired_size    = local.eks_ng_desired_size
+  eks_ng_max_size        = local.eks_ng_max_size
+  eks_ng_min_size        = local.eks_ng_min_size
+  operators_ns           = local.operators_ns
+  enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
+  cluster_endpoint_public_access  = local.cluster_endpoint_public_access 
+  tags                   = local.tags
+}