diff --git a/README.md b/README.md new file mode 100644 index 0000000..5b10202 --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +# How to setup and run terragrunt scripts for EKS related modules in a LAB account + +## 1. Lab Account request and setup: + - Open a REMEDY ticket for creating an account in LAB environment, preferably with t3-admin role. + - LAB account url:https://pssvlab.tco.census.gov/PSS/ + - Make a note that the LAB account password is different from laptop password + - Get your gpg keys pushed to lab-dev-ew (224384469011) + - login to lab-gov account using sso commands. + $ aws-sso-login.sh lab-gov + - Refer this page for additional help on sso credentials: https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/aws-sso + - Verify your sso credentials using the following command + $ aws sts get-caller-identity --profile + Example: + $ aws sts get-caller-identity --profile 224384469011-lab-dev-gov.inf-admin-t3 + +## 2. Terrgrunt Setup: + - Create provider.tf file with sso profile and region + - Create terrgrunt.hcl file as specified in the repo + - Collect all the tags information required to build an EKS cluster + - Specify the source repo where EKS terraform code resides: git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git + - Gather all the values for the local variables required to build an EKS cluster + - For the remote backend to state file used an existing s3 bucket in this account: tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1 + +## 3. Terraform/Terragrunt binaries and versions: + - Terraform version: v1.7.5 + - Terragrunt version: v0.55.21 + These versions can be found at on IEBCloud host: + /data/terraform/workspaces/mcgin314/tools/terragrunt + /data/terraform/workspaces/mcgin314/tools/terraform + Also these versions can be found at on bromine.cto.census.gov host: + /app/terraform/bin/terr* folder + - In order to use the above version of terraform/terragrunt, update the PATH env variable + $ export PATH=/data/terraform/workspaces/mcgin314/tools:$PATH + +## 4. Environment Setup: + $ eval $(ssh-agent);cd $HOME/.ssh;ssh-add nangu001-git; + $ aws-sso-login.sh lab-gov + $ export AWS_PROFILE="224384469011-lab-dev-gov.inf-admin-t3" + $ aws sts get-caller-identity + $ Make sure NO_PROXY doesn't have .eks.amazonaws.com in the list ( do echo $NO_PROXY) + +## 5. Run the Terragrunt script: + - Run terragrunt plan the dir + $ /data/terraform/workspaces/mcgin314/tools/terragrunt plan + - Verify the plan output and make sure there are no errors + - Run terragrunt apply + $ /data/terraform/workspaces/mcgin314/tools/terragrunt apply + - Verify apply completes successfully and verify the resources on AWS Console. + +## 6. Accessing the cluster: + $ aws eks --region us-gov-east-1 update-kubeconfig --name platform-eng-eks-test + $ kubectl config use-context arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test + $ kubectl config get-contexts + +## 7. Run few kubectl commands to verify you are accessing the cluster + $ kubectl cluster-info + $ kubectl get pods -A + $ kubectl get ns + diff --git a/eks-config/provider.tf b/eks-config/provider.tf new file mode 100644 index 0000000..a451c11 --- /dev/null +++ b/eks-config/provider.tf @@ -0,0 +1,17 @@ +# provider.tf +provider "aws" { + region = "us-gov-east-1" + profile = "224384469011-lab-dev-gov.inf-admin-t3" +} + +provider "kubernetes" { + config_path = "~/.kube/config" + config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test" +} + +provider "helm" { + kubernetes { + config_path = "~/.kube/config" + config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test" + } +} \ No newline at end of file diff --git a/eks-config/terragrunt.hcl b/eks-config/terragrunt.hcl new file mode 100644 index 0000000..331678b --- /dev/null +++ b/eks-config/terragrunt.hcl @@ -0,0 +1,60 @@ +locals { + # In which AWS region are operations being performed + vpc_id = "vpc-0280f77b373744eaa" + profile = "224384469011-lab-dev-gov.inf-admin-t3" + cluster_name = "platform-eng-eks-test" + subnets = [ + "subnet-078b228071c609a50", + "subnet-02c2250b9ec2dd6a2", + "subnet-07a6339be3670fb41", + ] + security_group_all_worker_mgmt_id = "sg-02b62e91afdbeba6b" + eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"] + tag_costallocation = "census:csvd:platformbaseline" + region = "us-gov-east-1" + oidc_provider_arn = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828" + + tags = { + + "eks-cluster-name" = "platform-eng-eks-test" + "CostAllocation" = "census:csvd:platformbaseline" + "boc:tf_module_version" = "1.0.0" + "boc:created_by" = "terraform" + } +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test-config/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + #dynamodb_table = "my-lock-table" + } +} + +inputs = { + profile = local.profile + vpc_id = local.vpc_id + cluster_name = local.cluster_name + subnets = local.subnets + security_group_all_worker_mgmt_id = local.security_group_all_worker_mgmt_id + eks_managed_node_groups_autoscaling_group_names = local.eks_managed_node_groups_autoscaling_group_names + tag_costallocation = local.tag_costallocation + oidc_provider_arn = local.oidc_provider_arn + region = local.region + tags = local.tags +} diff --git a/eks/provider.tf b/eks/provider.tf new file mode 100644 index 0000000..77551c2 --- /dev/null +++ b/eks/provider.tf @@ -0,0 +1,5 @@ +# provider.tf +provider "aws" { + region = "us-gov-east-1" + profile = "224384469011-lab-dev-gov.inf-admin-t3" +} diff --git a/eks/terragrunt.hcl b/eks/terragrunt.hcl new file mode 100644 index 0000000..ba8fa03 --- /dev/null +++ b/eks/terragrunt.hcl @@ -0,0 +1,75 @@ +locals { + # In which AWS region are operations being performed + vpc_name = "vpc3-lab-dev" + cluster_name = "platform-eng-eks-test" + cluster_version = 1.29 + region = "us-gov-east-1" + domain = "dev.lab.csp2.census.gov" + eks_instance_disk_size = 40 + eks_vpc_name = "vpc3-lab-dev" + eks_ng_desired_size = 1 + eks_ng_max_size = 1 + eks_ng_min_size = 1 + operators_ns = "operators" + enable_cluster_creator_admin_permissions = true + cluster_endpoint_public_access = true + #eks_instance_types = "t3.xlarge" + + # Which AWS_PROFILE to use to perform the operations + profile = "224384469011-lab-dev-gov.inf-admin-t3" + + # Tags applied to AWS objects created + tags = { + "Project Name" = "csvd_platformbaseline" + "eks-cluster-name" = "platform-eng-eks-test" + "CostAllocation" = "census:csvd:platformbaseline" + "Organization" = "census:ocio:csvd" + "ProjectNumber" = "fs0000000078" + "Project Role" = "csvd_platformbaseline_app" + "boc:tf_module_version" = "1.0.0" + "Environment" = "dev" + "boc:created_by" = "terraform" + } +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + #dynamodb_table = "my-lock-table" + } +} + +inputs = { + profile = local.profile + vpc_name = local.eks_vpc_name + cluster_name = local.cluster_name + cluster_version = local.cluster_version + region = local.region + domain = local.domain + eks_instance_disk_size = local.eks_instance_disk_size + eks_vpc_name = local.eks_vpc_name + #eks_instance_types = local.eks_instance_types + eks_ng_desired_size = local.eks_ng_desired_size + eks_ng_max_size = local.eks_ng_max_size + eks_ng_min_size = local.eks_ng_min_size + operators_ns = local.operators_ns + enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions + cluster_endpoint_public_access = local.cluster_endpoint_public_access + tags = local.tags +}