deleted old cluster platform-eng-eks-test and created new cluster pla…

…tform-eng-eks-srn
SCT-Engineering · Mar 13, 2025 · 4d9a294 · 4d9a294
1 parent 09dbab4
commit 4d9a294
Show file tree

Hide file tree

Showing 32 changed files with 1,049 additions and 593 deletions.
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl
@@ -0,0 +1,28 @@
+locals {
+  # Cluster specific configuration
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-eng-eks-srn"
+  cluster_mailing_list                     = "srinivasa.nangunuri@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 2
+  enable_cluster_creator_admin_permissions = true
+  tags = {
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+
+  # Common configuration
+  common_retry_args = {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+
+  common_dependencies = ["../eks", "../eks-config"]
+
+  common_mock_eks = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,57 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-karpenter"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_version   = include.root.inputs.cluster_version
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name         = dependency.eks.outputs.cluster_name
+  cluster_mailing_list = include.root.inputs.cluster_mailing_list
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+
+  # Cert Manager Configuration
+  cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart
+  cluster_issuer_name     = include.root.inputs.cluster_issuer_name
+  namespace               = include.root.inputs.namespaces["cert-manager"]
+
+  # Version Tags
+  cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
+  cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
+  cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
+  cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl
@@ -0,0 +1,54 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-karpenter"
+  ]
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name                                    = "mock-cluster"
+    cluster_endpoint                                = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data              = [{ data = "mock-cert-data" }]
+    eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    security_group_all_worker_mgmt_id               = "sg-mock"
+    subnets                                         = ["subnet-mock1", "subnet-mock2"]
+    vpc_id                                          = "vpc-mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  subnets                                         = dependency.eks.outputs.subnets
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  operators_ns                                    = include.root.inputs.operator_namespace
+  telemetry_ns                                    = include.root.inputs.telemetry_namespace
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl
@@ -0,0 +1,60 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = include.root.inputs.cluster_name
+    subnets      = ["subnet-mock1", "subnet-mock2", "subnet-mock3"]
+  }
+}
+
+dependency "eks-istio" {
+  config_path                             = "../eks-istio"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    istio_ingress_lb = {
+      dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com"
+      zone_id  = "MOCKZONEID"
+    }
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks-config",
+    "../eks-istio",
+    "../eks-karpenter"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name = include.root.inputs.cluster_name
+
+  # Network Configuration
+  istio_ingress_lb  = dependency.eks-istio.outputs.istio_ingress_lb
+  route53_endpoints = include.root.inputs.route53_endpoints
+  vpc_domain_name   = include.root.inputs.vpc_domain_name
+  vpc_name          = include.root.inputs.vpc_name
+
+  # Additional Configuration
+  tags = include.root.inputs.tags
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl
@@ -0,0 +1,63 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_loki" {
+  config_path                             = "../eks-loki"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mocked"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-karpenter",
+    "../eks-loki"
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  cluster_domain    = include.root.inputs.vpc_domain_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Storage Configuration
+  rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class
+
+  # Grafana Configuration
+  grafana_chart_version         = include.root.inputs.grafana_chart_version
+  grafana_tag                   = include.root.inputs.grafana_tag
+  download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag
+  init_chown_data_image_tag     = include.root.inputs.init_chown_data_image_tag
+  namespace                     = include.root.inputs.namespaces["grafana"]
+  service_name                  = "grafana"
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl
@@ -0,0 +1,44 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name      = dependency.eks.outputs.cluster_name
+  oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
+
+  # Istio Configuration
+  namespace     = include.root.inputs.namespaces["istio"]
+  istio_version = include.root.inputs.istio_version
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl
@@ -0,0 +1,55 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=mcmCluster"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns"
+  ]
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain    = "mock.example.com"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_domain = dependency.eks_dns.outputs.cluster_domain
+  cluster_name   = dependency.eks.outputs.cluster_name
+
+  # Dashboard Configuration
+  service_name          = include.root.inputs.dashboard_hostname
+  k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
+  namespace             = include.root.inputs.namespaces["k8s-dashboard"]
+}