add mcmCluster

SCT-Engineering · Jul 18, 2024 · 6bc2510 · 6bc2510
1 parent 183c57f
commit 6bc2510
Show file tree

Hide file tree

Showing 4 changed files with 145 additions and 2 deletions.
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl
@@ -26,7 +26,7 @@ locals {
 }
 
 terraform {
-  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=1.0.2"
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]

diff --git a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl
@@ -1,5 +1,5 @@
 terraform {
-  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git"
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]

diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl
@@ -0,0 +1,70 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+locals {
+  # In which AWS region are operations being performed
+  vpc_name               = "vpc3-lab-dev"
+  cluster_name           = "platform-eng-eks-mcm"
+  cluster_version        = "1.30"
+  domain                 = "dev.lab.csp2.census.gov"
+  eks_instance_disk_size = 60
+  eks_vpc_name           = "vpc3-lab-dev"
+  eks_ng_desired_size    = 1
+  eks_ng_max_size        = 10
+  eks_ng_min_size        = 1
+  operators_ns           = "operators"
+  enable_cluster_creator_admin_permissions = true
+  cluster_endpoint_public_access  = true
+  profile                = "224384469011-lab-dev-gov"
+
+  # Tags applied to AWS objects created
+  tags = {
+      "Environment"           = "dev"
+      "slim:schedule"         = "8:00-17:00"
+      "cluster:size"          = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+
+  aws_auth_roles = [
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    }
+  ]
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+inputs = {
+  profile                = local.profile
+  vpc_name               = local.eks_vpc_name
+  cluster_name           = local.cluster_name
+  cluster_version        = local.cluster_version
+  eks_instance_disk_size = local.eks_instance_disk_size
+  eks_vpc_name           = local.eks_vpc_name
+  #eks_instance_types     = local.eks_instance_types
+  eks_ng_desired_size    = local.eks_ng_desired_size
+  eks_ng_max_size        = local.eks_ng_max_size
+  eks_ng_min_size        = local.eks_ng_min_size
+  operators_ns           = local.operators_ns
+  enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
+  cluster_endpoint_public_access  = local.cluster_endpoint_public_access 
+  tags                   = local.tags
+  aws_auth_roles         = local.aws_auth_roles
+  domain                 = local.domain
+}
diff --git a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl
@@ -0,0 +1,73 @@
+locals {
+  # Automatically load _envcommon, cross account and environment common variables
+  # common_vars = read_terragrunt_config("${dirname(find_in_parent_folders())}/_envcommon/common-variables.hcl", "skip-account-if-does-not-exist")
+  // "${get_tfvars_dir()}/${find_in_parent_folders("account.tfvars", "skip-account-if-does-not-exist")}",
+
+  # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+
+  # Automatically load region-level variables
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+
+  # Automatically load vpc-level variables
+  # Not applicable in this demo, but including for reference, would be next level of variables and configurations
+  # vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist"))
+
+  # Extract the variables we need for easy access
+  account_name   = local.account_vars.locals.account_name
+  account_id     = local.account_vars.locals.aws_account_id
+  organization   = "census:ocio:csvd"
+  project_number = "fs0000000078"
+  project_name   = "csvd_platformbaseline"
+  project_role   = "csvd_platformbaseline_mcm"
+  creator        = "matthew.c.morgan@census.gov"
+}
+
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  region = "us-gov-east-1"
+  default_tags {
+    tags = {
+      ProjectNumber = "${local.project_number}"
+      "Project Name" = "${local.project_name}"
+      "Project Role" = "${local.project_role}"
+      "Project Identifier" = "${local.project_number}:${local.project_name}"
+      Organization = "${local.organization}"
+      created_by = "${local.creator}"
+      created_for = "${local.creator}"
+      created_reason = "Exploration of Terragrunt and Demonstration of CICD for Infrastructure"
+      Terraform = "true"
+      Terragrunt = "true"
+    }
+  }
+ 
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+EOF
+}
+
+remote_state {
+  backend     = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
+    key            = "${local.project_number}/${local.project_name}/terraform.tfstate"
+    region         = local.region_vars.locals.aws_region
+    encrypt        = true
+    dynamodb_table = "tf_remote_state"
+  }
+}
+
+inputs = merge(
+  # local.common_vars.locals,
+  local.account_vars.locals,
+  local.region_vars.locals,
+  #  local.vpc_vars.locals,
+)