diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000..06e76748
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lab/clusters/csvd-platform-lab-mcm"]
+ path = lab/clusters/csvd-platform-lab-mcm
+ url = git@github.e.it.census.gov:sct-engineering/csvd-platform-lab-mcm
diff --git a/Makefile b/Makefile
index c3704ef3..cecee6e8 100644
--- a/Makefile
+++ b/Makefile
@@ -148,13 +148,13 @@ trigger-template: config
echo "Error: config.json not found in current directory"; \
exit 1; \
fi
-
+
@echo "Invoking lambda function with config.json payload..."
aws lambda invoke \
--function-name arn:aws-us-gov:lambda:us-gov-west-1:229685449397:function:template-repos-template-automation \
--payload file://config.json \
--region us-gov-west-1 \
- --profile $(AWS_PROFILE) \
+ --profile 229685449397-csvd-dev-gov \
--cli-binary-format raw-in-base64-out \
lambda-response.json
@@ -165,3 +165,6 @@ trigger-template: config
@rm -f lambda-response.json
@echo "Template automation lambda triggered successfully!"
+ @echo "Adding cluster as submodule"
+ @git submodule add git@github.e.it.census.gov:sct-engineering/$(CLUSTER_NAME) ./lab/clusters/$(CLUSTER_NAME)
+ @echo "Submodule added successfully!"
diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl
deleted file mode 100644
index 89c502a7..00000000
--- a/lab/_envcommon/common-variables.hcl
+++ /dev/null
@@ -1,39 +0,0 @@
-# lab/_envcommon/common-variables.hcl
-
-# ---------------------------------------------------------------------------------------------------------------------
-# GLOBAL PARAMETERS
-# These are the variables we pass to use across modules regardless of environment, i.e. these are the parameters
-# that are common across all environments/accounts.
-# ---------------------------------------------------------------------------------------------------------------------
-locals {
- state_bucket_prefix = "inf-tfstate"
- state_table_name = "tf_remote_state"
- route53_endpoints = {
- route53_main = {
- "account_id" = "269244441389"
- "alias" = "lab-gov-network-nonprod"
- "us-gov-east-1" = "vpc-070595c5b133243dd"
- "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
- }
- }
- enterprise_ecr_account = {
- lab = {
- "account_id" = "269222635945"
- "alias" = "lab-gov-shared-nonprod"
- "profile" = "269222635945-lab-gov-shared-nonprod"
- "region" = "us-gov-east-1"
- }
- prod = {
- "account_id" = "067074201825"
- "alias" = "ent-gov-shared-prod"
- "profile" = "067074201825-ent-gov-shared-prod"
- "region" = "us-gov-east-1"
- }
- }
- eecr_info = {
- account_id = local.enterprise_ecr_account.lab["account_id"]
- alias = local.enterprise_ecr_account.lab["alias"]
- profile = local.enterprise_ecr_account.lab["profile"]
- region = local.enterprise_ecr_account.lab["region"]
- }
-}
diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl
deleted file mode 100644
index f2f9e2ae..00000000
--- a/lab/_envcommon/default-versions.hcl
+++ /dev/null
@@ -1,244 +0,0 @@
-# lab/_envcommon/default-versions.hcl
-
-locals {
- module_name = basename(get_original_terragrunt_dir())
- release_version = local.module_versions["2025.20.04"][local.module_name]
-
- #####################
- # Module Versions
- #####################
- cluster_version = "1.32"
- custom_service_eks_account = "1.0.0"
- eks_module_version = "20.36.0"
- istio_ingress_version = "0.1.3"
-
- module_versions = {
- "2025.20.04" = {
- "eks-arcgis" = false
- "eks-cert-manager" = "0.1.9"
- "eks-config" = "1.0.5"
- "eks-cribl" = "initial"
- "eks-dns" = "0.1.3"
- "eks-gatekeeper" = "0.0.3"
- "eks-grafana" = "0.1.5"
- "eks-istio" = "1.0.9"
- "tfmod-istio-service-ingress" = "0.1.6"
- "eks-k8s-dashboard" = "0.1.4"
- "eks-karpenter" = "0.1.6"
- "eks-keycloak" = "0.0.8"
- "eks-kiali" = "0.1.4"
- "eks-loki" = "0.1.4"
- "eks-metrics-server" = "0.1.4"
- "eks-otel" = "0.0.4"
- "eks-pipeline" = "initial"
- "eks-postgresql" = false
- "eks-prometheus" = "0.1.4"
- "eks-tempo" = "0.1.4"
- "eks" = "1.0.9"
- }
- }
-
- submodule_versions = {
- "tfmod-istio-service-ingress" = "0.1.6"
- "tfmod-config-job" = "0.1.8"
-
- }
-
- #####################
- # Module Enablement
- #####################
-
- # Core modules that should always be enabled (cannot be disabled)
- core_modules = [
- "eks",
- "eks-metrics-server",
- "eks-karpenter",
- "eks-config",
- "eks-cert-manager",
- "eks-istio",
- "eks-dns",
- ]
-
- # Optional modules with their default enablement state
- enabled_modules = {
- "eks-arcgis" = false
- "eks-cribl" = false
- "eks-gatekeeper" = true
- "eks-grafana" = true
- "eks-k8s-dashboard" = true
- "eks-keycloak" = true
- "eks-kiali" = true
- "eks-loki" = true
- "eks-otel" = true
- "eks-pipeline" = false
- "eks-postgresql" = true
- "eks-prometheus" = true
- "eks-tempo" = true
- }
-
- #####################
- # TF Providers
- #####################
- aws_version = "5.84.0"
- helm_version = "2.11.0"
- kubernetes_version = "2.33.0"
- null_version = "3.2.1"
- random_version = "3.5.1"
- template_version = "2.2.0"
- tf_version = "1.5.5"
-
- #####################
- # Namespaces Config
- #####################
- operator_namespace = "operator"
- telemetry_namespace = "telemetry"
- namespaces = {
- arcgis = "arcgis"
- cert-manager = "kube-system"
- cribl = "cribl"
- gatekeeper = "keycloak"
- grafana = local.telemetry_namespace
- istio = "istio-system"
- k8s-dashboard = local.telemetry_namespace
- karpenter = "karpenter"
- keycloak = "keycloak"
- kiali = "istio-system"
- loki = local.telemetry_namespace
- metrics-server = "kube-system"
- otel = local.telemetry_namespace
- postgresql = "keycloak"
- prometheus = local.telemetry_namespace
- tempo = local.telemetry_namespace
- }
-
- #####################
- # EKS Config
- #####################
-
- ################
- # Cert-Manager
- ################
- cluster_issuer_name = "cert-manager"
- cert_manager_cainjector_tag = "v${local.cert_manager_version}"
- cert_manager_controller_tag = "v${local.cert_manager_version}"
- cert_manager_helm_chart = "${local.cert_manager_version}"
- cert_manager_startupapicheck_tag = "v${local.cert_manager_version}"
- cert_manager_version = "1.17.1"
- cert_manager_webhook_tag = "v${local.cert_manager_version}"
-
- #####################
- # Cribl
- #####################
- cribl_chart_version = "4.11.1"
- cribl_app_version = "4.11.1"
-
-
- ################
- # GoGatekeeper
- ################
- gatekeeper_tag = "3.3.0"
- gatekeeper_chart_version = "0.1.54"
- gatekeeper_service_name = "gatekeeper"
-
- ################
- # Grafana
- ################
- grafana_hostname = "grafana"
- grafana_operator_chart_version = "4.9.8"
- grafana_operator_tag = "5.16.0"
- grafana_tag = "11.5.2"
- os_shell_image_tag = local.utilities_tag
-
- ################
- # Istio
- ################
- istio_namespace = "istio-system"
- istio_version = "1.25.0"
-
- ################
- # k8s-dashboard
- ################
- dashboard_hostname = "dashboard"
- k8s_dashboard_version = "v2.7.0"
- k8s_dashboard_metrics_scraper = "v1.0.9"
- # dashboard_api_tag = "1.11.1"
- # dashboard_auth_tag = "1.2.4"
- # dashboard_metrics_tag = "1.2.2"
- # dashboard_web_tag = "1.6.2"
- # dashboard_kong_tag = "3.8"
-
- ################
- # Karpenter
- ################
- karpenter_helm_chart = "1.4.0"
- karpenter_tag = "1.4.0"
-
- ################
- # Keycloak
- ################
- keycloak_chart_version = "7.0.1"
- keycloak_tag = "26.0.7"
- postgresql_tag = "17.4.0-debian-12-r4"
- postgres_exporter_tag = "0.17.1-debian-12-r0"
- utilities_tag = "1.0.3"
-
- ################
- # Kiali
- ################
- kiali_operator_version = "2.2.0"
- kiali_application_version = "v${local.kiali_operator_version}"
-
- ################
- # Loki
- ################
- loki_chart_version = "6.27.0"
- loki_tag = "3.4.2"
- enterprise_logs_provisioner_tag = "3.4.2"
- gateway_tag = "1.26.3"
- memcached_tag = "1.6.37"
- exporter_tag = "v0.15.0"
- sidecar_tag = "1.27.4"
-
- ################
- # Metrics Server
- ################
- metrics_server_helm_chart = "3.12.2"
- metrics_server_tag = "v0.7.2"
-
- ################
- # Open Telemetry
- ################
- auto_instrumentation_java_version = "2.9.0"
- collector_contrib_version = "0.113.0-amd64"
- collector_version = "0.111.0-amd64"
- otel_helm_version = "0.71.2"
- otel_version = "0.110.0"
- rbac_proxy_version = "v0.19.0"
-
- ################
- # PostgreSQL
- ################
-
- # os_shell_tag = local.utilities_tag
- # # postgres_exporter_tag = local.postgres_exporter_tag
- # postgresql_repmgr_tag = "17.4.0-alpine"
- # pgpool_tag = "4.5.5"
- postgresql_chart_version = "16.5.0"
-
- ################
- # Prometheus
- ################
- prometheus_chart_version = "27.5.1"
- prometheus_server_tag = "v3.2.1"
- prometheus_config_reloader_tag = "v0.75.2"
- alertmanager_tag = "v0.28.0"
- kube_state_metrics_tag = "v2.15.0"
- node_exporter_tag = "v1.9.0"
- pushgateway_tag = "v1.11.0"
-
- ################
- # Tempo
- ################
- tempo_chart_version = "1.18.2"
- tempo_tag = "2.7.0"
-}
diff --git a/lab/_envcommon/prefixes.hcl b/lab/_envcommon/prefixes.hcl
deleted file mode 100644
index d46f6bb6..00000000
--- a/lab/_envcommon/prefixes.hcl
+++ /dev/null
@@ -1,37 +0,0 @@
-locals {
- prefixes = {
- "ebs" = "v-ebs-"
- "efs" = "v-efs-"
- "group" = "g-"
- "kms" = "k-kms-"
- "policy" = "p-"
- "role" = "r-"
- "s3" = "v-s3-"
- "security-group" = "" # "sg-"
- # VPC
- "customer-gateway" = "cgw-"
- "dhcp-options" = ""
- "elastic-ip" = "eip-"
- "internet-gateway" = "igw-"
- "log-group" = "lg-"
- "log-stream" = "lgs-"
- "nat-gateway" = "nat-"
- "network-acl" = "nacl-"
- "route-table" = "route-"
- "subnet" = ""
- "vpc-endpoint" = "vpce-"
- "vpc-peer" = "vpcp-"
- "vpc" = ""
- "vpn-connection" = "vpn_"
- "vpn-gateway" = "vpcg-"
- # EKS
- "eks-policy" = "p-eks-"
- "eks-queue" = "eks-q-"
- "eks-role" = "r-eks-"
- "eks-s3" = "v-s3-eks-"
- "eks-security-group" = "eks-sg-" # "sg-eks-"
- "eks-user" = "s-eks-"
- "eks" = "eks-"
- "eks-event" = "eks-ev-"
- }
-}
diff --git a/lab/clusters/csvd-platform-lab-mcm b/lab/clusters/csvd-platform-lab-mcm
new file mode 160000
index 00000000..66461fe1
--- /dev/null
+++ b/lab/clusters/csvd-platform-lab-mcm
@@ -0,0 +1 @@
+Subproject commit 66461fe133a7b9c6459b3bb81f417fa3c0ec45ef
diff --git a/lab/development/account.hcl b/lab/development/account.hcl
deleted file mode 100644
index a78efbf6..00000000
--- a/lab/development/account.hcl
+++ /dev/null
@@ -1,13 +0,0 @@
-# lab/development/account.hcl
-
-# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
-# terragrunt.hcl configuration. Terragrunt often segments account and environment, but given our strategy is to
-# leverage accounts as environment boundaries, there is an anticipated 1:1 account to environment model that
-# combines these here.
-locals {
- account_name = "lab-dev-ew"
- aws_account_id = "224384469011"
- aws_profile = format("%v-%v", local.aws_account_id, replace(local.account_name, "-ew", "-gov"))
- environment = "development"
- environment_abbr = "dev"
-}
diff --git a/lab/development/us-gov-east-1/region.hcl b/lab/development/us-gov-east-1/region.hcl
deleted file mode 100644
index f87a8e6b..00000000
--- a/lab/development/us-gov-east-1/region.hcl
+++ /dev/null
@@ -1,7 +0,0 @@
-# lab/development/us-gov-east-1/region.hcl
-
-# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to
-# configure the remote state bucket and pass forward to the child modules as inputs.
-locals {
- aws_region = "us-gov-east-1"
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl
deleted file mode 100644
index 0f1f989c..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl
+++ /dev/null
@@ -1,22 +0,0 @@
-locals {
- # Cluster specific configuration
- cluster_name = "csvd-platform-lab-mcm"
- cluster_mailing_list = "matthew.c.morgan@census.gov"
- eks_instance_disk_size = 100
- eks_ng_desired_size = 2
- eks_ng_max_size = 10
- eks_ng_min_size = 2
- organization = "census:ocio:csvd"
- finops_project_name = "csvd_platformbaseline"
- finops_project_number = "fs0000000078"
- finops_project_role = "csvd_platformbaseline_app"
-
- tags = {
- "slim:schedule" = "8:00-17:00"
- "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
- }
- module_enablement_overrides = {
- "eks-arcgis" = false
- "eks-postgresql" = false
- }
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl
deleted file mode 100644
index 38cf455e..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl
+++ /dev/null
@@ -1,86 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-ersi-arcgis.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- }
-}
-
-dependency "eks_config" {
- config_path = "../eks-config"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-mock"
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.domain.example.com"
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-dns",
- "../eks-kiali",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
- eecr_info = include.root.inputs.eecr_info
-
- # Cluster Configuration
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
- cluster_name = dependency.eks.outputs.cluster_name
- namespace = "arcgis"
- rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class
-
- # Dockerhub Creds
- dockerhub_username = ""
- dockerhub_password = ""
-
- # ArcGIS Config
- ersi_image_tag = "11.4.0.6285"
- arcgis_license_json = ""
- arcgis_admin_username = "admin"
- arcgis_admin_password = "password"
- arcgis_admin_email = include.root.inputs.cluster_mailing_list
- arcgis_admin_firstname = "admin"
- arcgis_admin_lastname = "admin"
- arcgis_security_question_index = 1
- arcgis_security_question_answer = "Las Vegas"
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl
deleted file mode 100644
index 569a3554..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl
+++ /dev/null
@@ -1,70 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
-
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-karpenter",
- "../eks-metrics-server",
- ]
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
-
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com"
- cluster_version = include.root.inputs.cluster_version
- }
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
- eecr_info = include.root.inputs.eecr_info
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
- cluster_mailing_list = include.root.inputs.cluster_mailing_list
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
-
- # Cert Manager Configuration
- cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart
- cluster_issuer_name = include.root.inputs.cluster_issuer_name
- namespace = include.root.inputs.namespaces["cert-manager"]
-
- # Version Tags
- cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag
- cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag
- cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
- cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl
deleted file mode 100644
index 49e0ea2f..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl
+++ /dev/null
@@ -1,66 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}"
-
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
-
- mock_outputs = {
- cluster_name = "mock-cluster"
- cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com"
- cluster_certificate_authority_data = [{ data = "mock-cert-data" }]
- eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- security_group_all_worker_mgmt_id = "sg-mock"
- subnets = ["subnet-mock1", "subnet-mock2"]
- vpc_id = "vpc-mock"
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-karpenter",
- "../eks-metrics-server",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Core Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
- eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
- security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id
- subnets = dependency.eks.outputs.subnets
- vpc_id = dependency.eks.outputs.vpc_id
- operators_ns = include.root.inputs.operator_namespace
- telemetry_ns = include.root.inputs.telemetry_namespace
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl
deleted file mode 100644
index d18b1808..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cribl/terragrunt.hcl
+++ /dev/null
@@ -1,90 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cribl.git?ref=${include.root.inputs.release_version}"
-
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
-
- mock_outputs = {
- cluster_name = "mock-cluster"
- cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com"
- cluster_certificate_authority_data = [{ data = "mock-cert-data" }]
- eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- security_group_all_worker_mgmt_id = "sg-mock"
- subnets = ["subnet-mock1", "subnet-mock2"]
- vpc_id = "vpc-mock"
- }
-}
-
-dependency "eks_config" {
- config_path = "../eks-config"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-mock"
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.example.com"
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-dns",
- "../eks-gatekeeper",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Core Cluster Configuration
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
- cluster_name = dependency.eks.outputs.cluster_name
- eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
- operators_ns = include.root.inputs.operator_namespace
- rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class
- security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id
- subnets = dependency.eks.outputs.subnets
- telemetry_ns = include.root.inputs.telemetry_namespace
- vpc_id = dependency.eks.outputs.vpc_id
-
- # Cribl configs
- cribl_tag = include.root.inputs.cribl_app_version
- namespace = include.root.inputs.namespaces["cribl"]
- service_name = "cribl-leader"
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl
deleted file mode 100644
index feecb987..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl
+++ /dev/null
@@ -1,71 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- subnets = ["subnet-mock1", "subnet-mock2", "subnet-mock3"]
- }
-}
-
-dependency "eks-istio" {
- config_path = "../eks-istio"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- istio_ingress_lb = {
- dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com"
- zone_id = "MOCKZONEID"
- }
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-istio",
- "../eks-metrics-server",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = include.root.inputs.cluster_name
-
- # Network Configuration
- istio_ingress_lb = dependency.eks-istio.outputs.istio_ingress_lb
- route53_endpoints = include.root.inputs.route53_endpoints
- vpc_domain_name = include.root.inputs.vpc_domain_name
- vpc_name = include.root.inputs.vpc_name
-
- # Additional Configuration
- tags = include.root.inputs.tags
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl
deleted file mode 100644
index 971dd2e9..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gatekeeper/terragrunt.hcl
+++ /dev/null
@@ -1,140 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gatekeeper.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.example.com"
- }
-}
-
-dependency "eks_keycloak" {
- config_path = "../eks-keycloak"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- user_auth_realm = "mock.keycloak.example.com/auth"
- client_id = "mock-client-id"
- client_secret = "mock-client-secret"
- namespace = "keycloak"
- user_secret = "user-sso"
- }
-}
-
-dependency "eks-k8s-dashboard" {
- config_path = "../eks-k8s-dashboard"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- namespace = "telemetry"
- internal_endpoint = {
- hostname = "kubernetes-dashboard.telemetry.svc.cluster.local"
- port_number = 80
- url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/"
- }
- dashboard-user-token = "Iamanextremelylongstring"
- }
-}
-
-dependency "eks-grafana" {
- config_path = "../eks-grafana"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- namespace = "telemetry"
- internal_endpoint = {
- hostname = "kubernetes-dashboard.telemetry.svc.cluster.local"
- port_number = 80
- url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/"
- }
- }
-}
-
-dependency "eks-kiali" {
- config_path = "../eks-kiali"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- namespace = "istio-system"
- internal_endpoint = {
- hostname = "kiali.telemetry.svc.cluster.local"
- port_number = 80
- url = "http://kiali.telemetry.svc.cluster.local:80/"
- }
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-dns",
- "../eks-keycloak",
- "../eks-k8s-dashboard",
- "../eks-grafana",
- "../eks-kiali",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
- cluster_name = dependency.eks.outputs.cluster_name
-
- # Gatekeeper Standard Config
- gatekeeper_chart_version = include.root.inputs.gatekeeper_chart_version
- gatekeeper_tag = include.root.inputs.gatekeeper_tag
- keycloak_client_id = dependency.eks_keycloak.outputs.client_id
- keycloak_client_secret = dependency.eks_keycloak.outputs.client_secret
- keycloak_fqdn = dependency.eks_keycloak.outputs.user_auth_realm
- user_secret = dependency.eks_keycloak.outputs.user_secret
-
- # Dashboard Gatekeeper Config
- dashboard_ns = dependency.eks-k8s-dashboard.outputs.namespace
- dashboard_service_name = "dashboard"
- dashboard_url = dependency.eks-k8s-dashboard.outputs.internal_endpoint.url
- dashboard_user_token = dependency.eks-k8s-dashboard.outputs.dashboard-user-token
-
- # Grafana Gatekeeper Config
- grafana_ns = dependency.eks-grafana.outputs.namespace
- grafana_service_name = "grafana"
- grafana_url = dependency.eks-grafana.outputs.internal_endpoint.url
-
- # Kaili Gatekeeper Config
- kiali_ns = dependency.eks-kiali.outputs.namespace
- kiali_service_name = "kiali"
- kiali_url = dependency.eks-kiali.outputs.internal_endpoint.url
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl
deleted file mode 100644
index 07cc34d2..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl
+++ /dev/null
@@ -1,110 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.domain.example.com"
- }
-}
-
-dependency "eks_loki" {
- config_path = "../eks-loki"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-mocked"
- gateway_internal_endpoint = {
- url = "mock.loki.enpoint.example.com"
- }
- }
-}
-
-dependency "eks_prometheus" {
- config_path = "../eks-prometheus"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- prometheus_server_internal_endpoint = {
- hostname = "prometheus.mock.svc.cluster.local"
- port_number = "80"
- url = "https://prometheus.mock.svc.cluster.local:80/"
- }
- }
-}
-
-dependency "eks_tempo" {
- config_path = "../eks-tempo"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-mocked"
- tempo_internal_endpoint = {
- url = "mock.tempo.enpoint.example.com"
- }
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-dns",
- "../eks-loki",
- "../eks-prometheus",
- "../eks-tempo"
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
-
- # Storage Configuration
- rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class
-
- # Grafana Configuration
- grafana_operator_chart_version = include.root.inputs.grafana_operator_chart_version
- grafana_operator_tag = include.root.inputs.grafana_operator_tag
- grafana_tag = include.root.inputs.grafana_tag
- namespace = include.root.inputs.namespaces["grafana"]
- os_shell_image_tag = include.root.inputs.os_shell_image_tag
- service_name = "grafana"
- loki_endpoint = dependency.eks_loki.outputs.gateway_internal_endpoint.url
- prometheus_endpoint = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url
- tempo_endpoint = dependency.eks_tempo.outputs.tempo_internal_endpoint.url
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl
deleted file mode 100644
index 9f10168c..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl
+++ /dev/null
@@ -1,55 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-cert-manager",
- "../eks-otel"
- ]
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- }
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
-
- # Istio Configuration
- namespace = include.root.inputs.namespaces["istio"]
- istio_version = include.root.inputs.istio_version
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl
deleted file mode 100644
index 9527e5f7..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl
+++ /dev/null
@@ -1,66 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-dns",
- ]
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.example.com"
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
- eecr_info = include.root.inputs.eecr_info
-
- # Cluster Configuration
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
- cluster_name = dependency.eks.outputs.cluster_name
-
- # Dashboard Configuration
- service_name = include.root.inputs.dashboard_hostname
- k8s_dashboard_version = include.root.inputs.k8s_dashboard_version
- namespace = include.root.inputs.namespaces["k8s-dashboard"]
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl
deleted file mode 100644
index 92332552..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl
+++ /dev/null
@@ -1,65 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}"
-
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-metrics-server",
- ]
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com"
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- node_group_name = "mock-node-group"
- vpc_id = "vpc-mock"
- subnets = ["subnet-mock1", "subnet-mock2"]
- }
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
- eecr_info = include.root.inputs.eecr_info
-
- # Cluster Configuration
- cluster_endpoint = dependency.eks.outputs.cluster_endpoint
- cluster_name = dependency.eks.outputs.cluster_name
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
- vpc_id = dependency.eks.outputs.vpc_id
-
- # Karpenter Configuration
- karpenter_tag = include.root.inputs.karpenter_tag
- karpenter_helm_chart = include.root.inputs.karpenter_helm_chart
- karpenter_node_group_name = dependency.eks.outputs.node_group_name
- namespace = include.root.inputs.namespaces["karpenter"]
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl
deleted file mode 100644
index f17489ea..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl
+++ /dev/null
@@ -1,78 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks_config" {
- config_path = "../eks-config"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-mock"
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.example.com"
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-dns",
- "../eks-prometheus",
- ]
-}
-
-inputs = {
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
- cluster_name = dependency.eks.outputs.cluster_name
- eecr_info = include.root.inputs.eecr_info
- namespace = include.root.inputs.namespaces["keycloak"]
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # keycloak config
- default_storage_class = dependency.eks_config.outputs.rwo_storage_class
- keycloak_chart_version = include.root.inputs.keycloak_chart_version
- keycloak_tag = include.root.inputs.keycloak_tag
- realm_email = include.root.inputs.cluster_mailing_list
- realm_name = "master"
- service_name = "keycloak"
- telemetry_namespace = include.root.inputs.telemetry_namespace
- admin_email = include.root.inputs.cluster_mailing_list
-
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl
deleted file mode 100644
index 8f19b76d..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl
+++ /dev/null
@@ -1,131 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks_cert_manager" {
- config_path = "../eks-cert-manager"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_issuer_name = "mock-issuer"
- }
-}
-
-dependency "eks_dns" {
- config_path = "../eks-dns"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_domain = "mock.example.com"
- }
-}
-
-dependency "eks_grafana" {
- config_path = "../eks-grafana"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- internal_endpoint = {
- hostname = "grafana.mock.svc.cluster.local"
- port_number = "80"
- url = "https://grafana.mock.svc.cluster.local:80/"
- }
- namespace = "grafana"
- secret_name = "grafana"
- tempo_datasource_id = "mock-tempo-datasource-id"
- }
-}
-
-dependency "eks_prometheus" {
- config_path = "../eks-prometheus"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- prometheus_server_internal_endpoint = {
- hostname = "prometheus.mock.svc.cluster.local"
- port_number = "80"
- url = "https://prometheus.mock.svc.cluster.local:80/"
- }
- }
-}
-
-dependency "eks_tempo" {
- config_path = "../eks-tempo"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- tempo_internal_endpoint = {
- hostname = "tempo.mock.svc.cluster.local"
- port_number = "80"
- url = "https://tempo.mock.svc.cluster.local:80/"
- }
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-grafana",
- "../eks-istio",
- "../eks-prometheus",
- "../eks-tempo",
- ]
-}
-
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_domain = dependency.eks_dns.outputs.cluster_domain
- cluster_name = dependency.eks.outputs.cluster_name
- certificate_issuer = dependency.eks_cert_manager.outputs.cluster_issuer_name
-
- # Kiali Configuration
- service_name = "kiali"
- namespace = include.root.inputs.namespaces["kiali"]
- istio_namespace = include.root.inputs.namespaces["istio"]
- grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url
- grafana_namespace = dependency.eks_grafana.outputs.namespace
- grafana_secret_name = dependency.eks_grafana.outputs.secret_name
-
- kiali_application_version = include.root.inputs.kiali_application_version
- kiali_operator_version = include.root.inputs.kiali_operator_version
-
- prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url
- grafana_namespace = dependency.eks_grafana.outputs.namespace
- grafana_secret_name = dependency.eks_grafana.outputs.secret_name
- grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url
- tempo_datasource_id = dependency.eks_grafana.outputs.tempo_datasource_id
- tempo_internal_url = dependency.eks_tempo.outputs.tempo_internal_endpoint.url
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl
deleted file mode 100644
index 54586f19..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl
+++ /dev/null
@@ -1,67 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks_config" {
- config_path = "../eks-config"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-mock"
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-metrics-server",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
-
- # Loki Configuration
- loki_chart_version = include.root.inputs.loki_chart_version
- loki_tag = include.root.inputs.loki_tag
- namespace = include.root.inputs.namespaces["loki"]
- rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl
deleted file mode 100644
index 241bbc5d..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl
+++ /dev/null
@@ -1,54 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = "mock-cluster"
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
-
- # Metrics Server Configuration
- metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart
- metrics_server_tag = include.root.inputs.metrics_server_tag
- namespace = include.root.inputs.namespaces["metrics-server"]
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl
deleted file mode 100644
index a8a7d7c4..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl
+++ /dev/null
@@ -1,85 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=${include.root.inputs.release_version}"
- # source = "../../../../../../../tfmod-open-telemetry"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs = {
- cluster_name = "a-cluster-name"
- }
-}
-
-dependency "eks-loki" {
- config_path = "../eks-loki"
- mock_outputs = {
- gateway_internal_endpoint = {
- hostname = "loki-gateway.mock.svc.cluster.local"
- portNumber = 3210
- url = "http://loki-gateway.mock.svc.cluster.local:3210/"
- }
- }
-}
-
-dependency "eks-tempo" {
- config_path = "../eks-tempo"
- mock_outputs = {
- tempo_otlp_endpoint = {
- hostname = "tempo.mock.svc.cluster.local"
- portNumber = 1234
- url = "http://tempo.mock.svc.cluster.local:1234/"
- }
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-loki",
- "../eks-prometheus",
- "../eks-tempo"
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Clouster Config
- cluster_name = dependency.eks.outputs.cluster_name
-
- # OTEL Configuration
- namespace = include.root.inputs.namespaces["otel"]
- loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url
- tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url
- # Image Version
- auto_instrumentation_java_version = include.root.inputs.auto_instrumentation_java_version
- collector_contrib_version = include.root.inputs.collector_contrib_version
- collector_version = include.root.inputs.collector_version
- otel_helm_version = include.root.inputs.otel_helm_version
- rbac_proxy_version = include.root.inputs.rbac_proxy_version
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-pipeline/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-pipeline/terragrunt.hcl
deleted file mode 100644
index 8d705a73..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-pipeline/terragrunt.hcl
+++ /dev/null
@@ -1,100 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled OR if running in CodeBuild (to avoid circular dependency)
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) || get_env("CODEBUILD_BUILD_ID", "") != ""
-
- artifact_bucket = format("%v%v-%v-%v-%v",
- include.root.inputs.prefixes["eks-s3"],
- include.root.inputs.cluster_name,
- "artifacts",
- include.root.inputs.aws_account_id,
- join("", [for c in split("-", include.root.inputs.aws_region) : substr(c, 0, 1)]))
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-pipeline.git?ref=${include.root.inputs.release_version}"
-
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-inputs = {
- account_id = include.root.inputs.aws_account_id
- cluster_name = include.root.inputs.cluster_name
- environment = include.root.inputs.environment_abbr
- region = include.root.inputs.aws_region
- state_bucket_prefix = include.root.inputs.state_bucket_prefix
-
- # VPC Configuration
- vpc_name = include.root.inputs.vpc_name
- subnet_filter = "*-container-*" # or any specific pattern you want to use
-
- is_infrastructure_pipeline = true
-
- # Updated to use buildspecs from the platform-tg-infra repository
- # made deploy-to-pipeline will update them from tfmod-pipeline module
- buildspec_template_path = "buildspecs"
-
- build_configuration = {
- compute_type = "BUILD_GENERAL1_LARGE"
- image = "aws/codebuild/amazonlinux-x86_64-standard:5.0"
- buildspec_path = "build.yml"
- privileged_mode = true
- environment_variables = {
- ARTIFACT_BUCKET = local.artifact_bucket
- TERRAGRUNT_PATH = "lab/${include.root.inputs.environment}/${include.root.inputs.aws_region}/vpc/${include.root.inputs.cluster_name}"
- REGION = include.root.inputs.aws_region
- ENVIRONMENT = include.root.inputs.environment_abbr
- AWS_ACCOUNT_ID = include.root.inputs.aws_account_id
- PROXY_CONFIG = "http://vlab-proxy.tco.census.gov:3128"
- }
- }
-
- security_scan_configuration = {
- compute_type = "BUILD_GENERAL1_MEDIUM"
- image = "aws/codebuild/amazonlinux-x86_64-standard:5.0"
- buildspec_path = "security.yml"
- environment_variables = {
- ARTIFACT_BUCKET = local.artifact_bucket
- TERRAGRUNT_PATH = "lab/${include.root.inputs.environment}/${include.root.inputs.aws_region}/vpc/${include.root.inputs.cluster_name}"
- REGION = include.root.inputs.aws_region
- ENVIRONMENT = include.root.inputs.environment_abbr
- AWS_ACCOUNT_ID = include.root.inputs.aws_account_id
- PROXY_CONFIG = "http://vlab-proxy.tco.census.gov:3128"
- }
- }
-
- approval_configuration = {
- enabled = true
- notify_emails = [include.root.inputs.cluster_mailing_list]
- custom_message = "Please review and approve infrastructure changes to the CSVD platform"
- }
-
- deployment_configuration = {
- target_type = "Build"
- compute_type = "BUILD_GENERAL1_MEDIUM"
- image = "aws/codebuild/amazonlinux-x86_64-standard:5.0"
- buildspec_path = "deploy.yml"
- environment_variables = {
- ARTIFACT_BUCKET = local.artifact_bucket
- TERRAGRUNT_PATH = "lab/${include.root.inputs.environment}/${include.root.inputs.aws_region}/vpc/${include.root.inputs.cluster_name}"
- REGION = include.root.inputs.aws_region
- ENVIRONMENT = include.root.inputs.environment_abbr
- AWS_ACCOUNT_ID = include.root.inputs.aws_account_id
- PROXY_CONFIG = "http://vlab-proxy.tco.census.gov:3128"
- }
- }
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/README.md
deleted file mode 100644
index bbbffb2a..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/README.md
+++ /dev/null
@@ -1,198 +0,0 @@
-## eks-prometheus
-This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool.
-This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories.
- 1. prometheus-alert-manager
- 2. prometheus-node-exporter
- 3. prometheus-pushgateway
- 4. prometheus-server
-
-### Dependencies
-This module is dependent on EKS module (eks). The cluster should exist already for this module to work.
-
-### Inputs
- cluster_name
- profile
- prometheus_chart_version
- prometheus_server_tag
- prometheus_config_reloader_tag
- alertmanager_tag
- kube_state_metrics_tag
- node_exporter_tag
- pushgateway_tag
- rwo_storage_class
-
-### Outputs
- alertmanager_internal_endpoint
- alertmanager_headless_internal_endpoint
- pushgateway_internal_endpoint
- prometheus_server_internal_endpoint
-
-### Issues observed/fixed
-1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted"
-2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1"
-3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0"
-4. The alertmanager_tag value had to be updated from
-5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below:
-
- ```
- set {
- name = "kube-state-metrics.image.registry"
- value = module.images.images[local.ksm_key].dest_registry
- }
- set {
- name = "kube-state-metrics.image.repository"
- value = module.images.images[local.ksm_key].dest_repository
- }
- ```
-
-6. In some other cases the image ecr repository had to be split by the colon separatory (:)
-
- ```
- set {
- name = "alertmanager.configmapReload.image.repository"
- value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0]
- }
- ```
-
-### Chart Notes
- 1. Get the application URL by running these commands:
-
- ```bash
- export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
- kubectl port-forward $POD_NAME 9091
- echo "Visit http://127.0.0.1:9091 to use your application"
- ```
-
- The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
- prometheus-server.prometheus.svc.cluster.local
-
-
- Get the Prometheus server URL by running these commands in the same shell:
-
- ```bash
- export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
- kubectl --namespace prometheus port-forward $POD_NAME 9090
- ```
-
- The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
- `prometheus-alertmanager.prometheus.svc.cluster.local`
-
-
- Get the Alertmanager URL by running these commands in the same shell:
-
- ```bash
- export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
- kubectl --namespace prometheus port-forward $POD_NAME 9093
- ```
-
- #################################################################################
- ###### WARNING: Pod Security Policy has been disabled by default since #####
- ###### it deprecated after k8s 1.25+. use #####
- ###### (index .Values "prometheus-node-exporter" "rbac" #####
- ###### "pspEnabled") with (index .Values #####
- ###### "prometheus-node-exporter" "rbac" "pspAnnotations") #####
- ###### in case you still need it. #####
- #################################################################################
-
-
- The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
- `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local`
-
-
- Get the PushGateway URL by running these commands in the same shell:
-
- ```bash
- export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
- kubectl --namespace prometheus port-forward $POD_NAME 9091
- ```
-
- For more information on running Prometheus, visit:
- https://prometheus.io/
-
- kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
- The exposed metrics can be found here:
- https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
-
- The metrics are exported on the HTTP endpoint /metrics on the listening port.
- In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics`
-
- They are served either as plaintext or protobuf depending on the Accept header.
- They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
-
- 1. Get the application URL by running these commands:
-
- ```bash
- export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:9093 to use your application"
- kubectl --namespace prometheus port-forward $POD_NAME 9093:80
- ```
-
- 1. Get the application URL by running these commands:
-
- ```bash
- export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:9100 to use your application"
- kubectl port-forward --namespace prometheus $POD_NAME 9100
- ```
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13 |
-| [aws](#requirement\_aws) | >= 5.14.0 |
-| [helm](#requirement\_helm) | >= 2.11.0 |
-| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
-| [null](#requirement\_null) | >= 3.2.1 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [helm](#provider\_helm) | >= 2.11.0 |
-| [kubernetes](#provider\_kubernetes) | >= 2.23.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no |
-| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes |
-| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no |
-| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no |
-| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no |
-| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no |
-| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no |
-| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no |
-| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no |
-| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no |
-| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no |
-| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a |
-| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a |
-| [module\_name](#output\_module\_name) | The name of this module. |
-| [module\_version](#output\_module\_version) | The version of this module. |
-| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a |
-| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a |
-| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a |
-
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl
deleted file mode 100644
index 1cb7f81d..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl
+++ /dev/null
@@ -1,73 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-config",
- "../eks-karpenter",
- "../eks-metrics-server",
- ]
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks_config" {
- config_path = "../eks-config"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- rwo_storage_class = "gp3-encyrpted"
- }
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
-
- # Prometheus Configuration
- prometheus_chart_version = include.root.inputs.prometheus_chart_version
- prometheus_server_tag = include.root.inputs.prometheus_server_tag
- prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag
- alertmanager_tag = include.root.inputs.alertmanager_tag
- kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag
- namespace = include.root.inputs.namespaces["prometheus"]
- node_exporter_tag = include.root.inputs.node_exporter_tag
- pushgateway_tag = include.root.inputs.pushgateway_tag
- rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl
deleted file mode 100644
index 71dd0a10..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl
+++ /dev/null
@@ -1,75 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}"
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependency "eks" {
- config_path = "../eks"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- cluster_name = include.root.inputs.cluster_name
- oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
- }
-}
-
-dependency "eks-prometheus" {
- config_path = "../eks-prometheus"
- mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
- mock_outputs = {
- prometheus_namespace = "prometheus"
- prometheus_server_internal_endpoint = {
- hostname = "prometheus-server.mock.svc.cluster.local"
- port_number = 9090
- url = "http://prometheus-server.mock.svc.cluster.local:9090/"
- }
- }
-}
-
-dependencies {
- paths = [
- "../eks",
- "../eks-prometheus"
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- eecr_info = include.root.inputs.eecr_info
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Cluster Configuration
- cluster_name = dependency.eks.outputs.cluster_name
- oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn
-
- # Prometheus Configuration
- prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace
- prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number
-
- # Tempo Configuration
- tempo_chart_version = include.root.inputs.tempo_chart_version
- tempo_tag = include.root.inputs.tempo_tag
- namespace = include.root.inputs.namespaces["tempo"]
-
-}
diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl
deleted file mode 100644
index 13ed5d01..00000000
--- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl
+++ /dev/null
@@ -1,45 +0,0 @@
-include "root" {
- path = find_in_parent_folders("root.hcl")
- merge_strategy = "deep"
- expose = true
-}
-
-locals {
- # Skip this module if disabled
- skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
-}
-
-exclude {
- if = local.skip
- actions = ["all_except_output"]
- exclude_dependencies = false
-}
-
-terraform {
- source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}"
-
- extra_arguments "retry_lock" {
- commands = get_terraform_commands_that_need_locking()
- arguments = ["-lock-timeout=20s"]
- }
-}
-
-dependencies {
- paths = [
- "../eks-pipeline",
- ]
-}
-
-inputs = {
- # AWS Configuration
- account_id = include.root.inputs.aws_account_id
- profile = include.root.inputs.aws_profile
- region = include.root.inputs.aws_region
-
- # Core Cluster Configuration
- cluster_name = include.root.inputs.cluster_name
- cluster_version = include.root.inputs.cluster_version
-
- # Additional Configuration
- tags = include.root.inputs.tags
-}
diff --git a/lab/development/us-gov-east-1/vpc/vpc.hcl b/lab/development/us-gov-east-1/vpc/vpc.hcl
deleted file mode 100644
index 8da18d08..00000000
--- a/lab/development/us-gov-east-1/vpc/vpc.hcl
+++ /dev/null
@@ -1,8 +0,0 @@
-# lab/development/us-gov-east-1/vpc/vpc.hcl
-
-# Set VPC specific variables. These are automatically pulled in to configure the remote state bucket in the root
-# terragrunt.hcl configuration.
-locals {
- vpc_name = "vpc3-lab-dev"
- vpc_domain_name = "dev.lab.csp2.census.gov"
-}
diff --git a/lab/root.hcl b/lab/root.hcl
deleted file mode 100644
index b0666374..00000000
--- a/lab/root.hcl
+++ /dev/null
@@ -1,173 +0,0 @@
-# lab/root.hcl
-
-# ---------------------------------------------------------------------------------------------------------------------
-# TERRAGRUNT CONFIGURATION
-# Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules,
-# remote state, and locking: https://github.com/gruntwork-io/terragrunt
-# ---------------------------------------------------------------------------------------------------------------------
-locals {
- # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
- account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
-
- # Automatically load cluster-level variables
- cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl"))
-
- # Automatically load _envcommon, cross account and environment common variables
- common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl"))
-
- # Automatically load naming prefixes
- prefix_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/prefixes.hcl"))
-
- # Automatically load region-level variables
- region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
-
- # Automatically load versions
- versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl"))
-
- # Automatically load vpc-level variables
- vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl"))
-
- # Add any other locals you want to expose
- # only expose things not already included via local.xxx_vars.locals.*
- root_locals_for_inputs = {
- is_module_enabled = local.is_module_enabled
- module_name = local.module_name
- }
-
- # Extract the variables we need for easy access
- account_id = local.account_vars.locals.aws_account_id
- account_name = local.account_vars.locals.account_name
- aws_profile = local.account_vars.locals.aws_profile
- aws_region = local.region_vars.locals.aws_region
- cluster_name = local.cluster_vars.locals.cluster_name
- eecr_info = local.common_vars.locals.eecr_info
- environment_abbr = local.account_vars.locals.environment_abbr
- finops_project_name = local.cluster_vars.locals.finops_project_name
- finops_project_number = local.cluster_vars.locals.finops_project_number
- finops_project_role = local.cluster_vars.locals.finops_project_role
- is_eks_module = local.module_name == "eks"
- prefixes = local.prefix_vars.locals.prefixes
- is_module_enabled = merge(
- { for module in local.versions.locals.core_modules : module => true },
- local.versions.locals.enabled_modules,
- local.module_overrides
- )
- module_name = basename(get_original_terragrunt_dir())
- module_overrides = local.cluster_vars.locals.module_enablement_overrides
- organization = local.cluster_vars.locals.organization
- state_bucket_prefix = local.common_vars.locals.state_bucket_prefix
- state_table_name = local.common_vars.locals.state_table_name
-}
-
-# Only generate providers for non-EKS modules
-generate "cluster_data" {
- path = "cluster-data.tf"
- if_exists = "overwrite_terragrunt"
- contents = local.is_eks_module ? "" : <<-EOF
- data "aws_eks_clusters" "available" {}
-
- locals {
- cluster_exists = contains(data.aws_eks_clusters.available.names, "${local.cluster_name}")
- }
-
- data "aws_eks_cluster" "this" {
- count = local.cluster_exists ? 1 : 0
- name = "${local.cluster_name}"
- }
-
- data "aws_eks_cluster_auth" "this" {
- count = local.cluster_exists ? 1 : 0
- name = "${local.cluster_name}"
- }
- EOF
-}
-
-# Generate provider blocks only for non-EKS modules
-generate "kube_provider" {
- path = "kube-provider.tf"
- if_exists = "overwrite_terragrunt"
- contents = local.is_eks_module ? "" : <<-EOF
- provider "kubernetes" {
- host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy"
- cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null
- token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy"
- }
- EOF
-}
-
-generate "helm_provider" {
- path = "helm-provider.tf"
- if_exists = "overwrite_terragrunt"
- contents = local.is_eks_module ? "" : <<-EOF
- provider "helm" {
- kubernetes = {
- host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy"
- cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null
- token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy"
- }
- }
- EOF
-}
-
-
-# Configure Terragrunt to automatically store tfstate files in an S3 bucket
-remote_state {
- disable_init = tobool(get_env("TG_DISABLE_INIT", "false"))
- backend = "s3"
- generate = {
- path = "remote_state.backend.tf"
- if_exists = "overwrite_terragrunt"
- }
- config = {
- bucket = "${local.state_bucket_prefix}-${local.account_id}"
- use_lockfile = true
- key = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate"
- profile = "${local.aws_profile}"
- region = "${local.aws_region}"
- disable_bucket_update = true
- }
-}
-
-# Generate an AWS provider block
-generate "aws-provider" {
- path = "aws-provider.tf"
- if_exists = "overwrite"
- contents = <<-EOF
- provider "aws" {
- region = "${local.aws_region}"
- profile = "${local.aws_profile}"
- default_tags {
- tags = {
- cluster_name = "${local.cluster_name}"
- "boc:module_name" = "${local.module_name}"
- environment = "${local.environment_abbr}"
- finops_project_name = "${local.finops_project_name}"
- finops_project_number = "${local.finops_project_number}"
- finops_project_role = "${local.finops_project_role}"
- organization = "${local.organization}"
- }
- }
- # Only these AWS Account IDs may be operated on by this template
- allowed_account_ids = ["${local.account_id}"]
- }
-EOF
-}
-
-# ---------------------------------------------------------------------------------------------------------------------
-# GLOBAL PARAMETERS
-# These variables apply to all configurations in this subfolder. These are automatically merged into the child
-# `terragrunt.hcl` config via the include block.
-# ---------------------------------------------------------------------------------------------------------------------
-
-# Configure root level variables that all resources can inherit. This is especially helpful with multi-account configs
-# where terraform_remote_state data sources are placed directly into the modules.
-inputs = merge(
- local.account_vars.locals,
- local.cluster_vars.locals,
- local.common_vars.locals,
- local.prefix_vars.locals,
- local.region_vars.locals,
- local.versions.locals,
- local.vpc_vars.locals,
- local.root_locals_for_inputs
-)