From 44e1884a64c0fbbad39e43d065ea93982531f9f6 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 6 Mar 2025 23:02:10 -0500 Subject: [PATCH] otel added --- lab/_envcommon/default-versions.hcl | 7 ++ .../eks-gogatekeeper/terragrunt.hcl | 77 +++++++++++++++++++ .../eks-grafana/terragrunt.hcl | 2 - .../eks-otel/terragrunt.hcl | 61 +++++++++++++++ .../eks-tempo/terragrunt.hcl | 6 +- 5 files changed, 148 insertions(+), 5 deletions(-) create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 65e72243..2f53935b 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -32,6 +32,7 @@ locals { metrics-server = "kube-system" postgresql = "kube-system" keycloak = "kube-system" + gogatekeeper = "kube-system" istio = "istio-system" kiali = "istio-system" grafana = local.telemetry_namespace @@ -57,6 +58,12 @@ locals { cert_manager_version = "1.17.1" cert_manager_webhook_tag = "v${local.cert_manager_version}" + ################ + # GoGatekeeper + ################ + gogatekeeper_tag = "3.2.1" + gogatekeeper_chart_version = "gatekeeper-0.1.53" + ################ # Grafana ################ diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl new file mode 100644 index 00000000..8ab5bcee --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl @@ -0,0 +1,77 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=keycloak" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_name = "mock-cluster" + oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + } +} + +dependency "eks_dns" { + config_path = "../eks-dns" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_domain = "mock.example.com" + } +} + +dependency "eks_grafana" { + config_path = "../eks-grafana" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + public_endpoint = "mock.grafaba.example.com" + } +} + +dependency "eks_keycloak" { + config_path = "../eks-keycloak" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + public_endpoint = "mock.keycloak.example.com" + } +} + +dependencies { + paths = [ + "../eks", + "../eks-dns", + "../eks-grafana", + "../eks-keycloak", + "../eks-prometheus", + ] +} + +inputs = { + # Base Cluster Config + cluster_domain = dependency.eks_dns.outputs.cluster_domain + namespace = include.root.inputs.namespaces["gogatekeeper"] + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + + # Gatekeeper Config + gogatekeeper_tag = include.root.inputs.gogatekeeper_tag + gogatekeeper_chart_version = include.root.inputs.gogatekeeper_chart_version + keycloak_public_url = dependency.eks_keycloak.outputs.public_endpoint + + # Service Behind Gatekeeper Config + service_name = "grafana" + redirection_url = dependency.eks_grafana.outputs.public_endpoint + # client_id = dependency.eks_keycloak.outputs.client_id + # client_secret = dependency.eks_keycloak.outputs.client_secret + client_id = "client_id" + client_secret = "client_secret" +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl index 79865951..85570c82 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl @@ -32,9 +32,7 @@ dependency "eks_loki" { dependencies { paths = [ "../eks", - "../eks-config", "../eks-dns", - "../eks-karpenter", "../eks-loki" ] } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl new file mode 100644 index 00000000..db2df664 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl @@ -0,0 +1,61 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=main" + # source = "../../../../../../../tfmod-open-telemetry" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependencies { + paths = [ + "../eks", + "../eks-loki", + "../eks-prometheus", + "../eks-tempo" + ] +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + mock_outputs = { + gateway_internal_endpoint = { + hostname = "loki-gateway.telemetry.svc.cluster.local" + portNumber = "80" + url = "http://loki-gateway.telemetry.svc.cluster.local:80/" + } + } +} + +dependency "eks-tempo" { + config_path = "../eks-tempo" + mock_outputs = { + tempo_otlp_endpoint = { + hostname = "tempo.telemetry.svc.cluster.local" + portNumber = 4317 + url = "http://tempo.telemetry.svc.cluster.local:4317/" + } + } +} + +inputs = { + profile = include.root.inputs.aws_profile + cluster_name = dependency.eks.outputs.cluster_name + region = include.root.inputs.aws_region + namespace = include.root.inputs.namespaces["otel"] + loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url + tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl index dff1b330..e94c5a43 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl @@ -25,7 +25,9 @@ dependency "eks-prometheus" { config_path = "../eks-prometheus" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { + prometheus_svc = "prometheus-server" prometheus_namespace = "prometheus" + prometheus_port = 80 prometheus_server_internal_endpoint = { hostname = "prometheus-server.prometheus.svc.cluster.local" port_number = 9090 @@ -37,9 +39,7 @@ dependency "eks-prometheus" { dependencies { paths = [ "../eks", - "../eks-config", "../eks-dns", - "../eks-karpenter", "../eks-prometheus" ] } @@ -55,6 +55,7 @@ inputs = { oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn # Prometheus Configuration + prometheus_svc = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.hostname prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number @@ -62,5 +63,4 @@ inputs = { tempo_chart_version = include.root.inputs.tempo_chart_version tempo_tag = include.root.inputs.tempo_tag namespace = include.root.inputs.namespaces["tempo"] - }