fix(providers): generate providers at run

SCT-Engineering · Nov 7, 2024 · 770a567 · 770a567
1 parent 31f301c
commit 770a567
Show file tree

Hide file tree

Showing 22 changed files with 327 additions and 179 deletions.
diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl
@@ -0,0 +1,36 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+# Generate an AWS provider block
+generate "aws_provider" {
+  path      = "${get_original_terragrunt_dir()}/aws_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+  terraform {
+    required_version = ">= 1.5.0"
+  }
+  provider "aws" {
+    region = "${include.root.inputs.aws_region}"
+    profile = "${include.root.inputs.aws_profile}"
+    default_tags {
+      tags = {
+        ProjectNumber = "${include.root.inputs.project_number}"
+        "Project Name" = "${include.root.inputs.project_name}"
+        "Project Role" = "${include.root.inputs.project_role}"
+        "Project Identifier" = "${include.root.inputs.project_number}:${include.root.inputs.project_name}"
+        Organization = "${include.root.inputs.organization}"
+        created_by = "${include.root.inputs.creator}"
+        created_for = "${include.root.inputs.creator}"
+        created_reason = "${include.root.inputs.created_reason}"
+        Terraform = "${include.root.inputs.terraform}"
+        Terragrunt = "${include.root.inputs.terragrunt}"
+      }
+    }
+    # Only these AWS Account IDs may be operated on by this template
+    allowed_account_ids = ["${include.root.inputs.account_id}"]
+  }
+EOF
+}
diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl
@@ -4,8 +4,12 @@
 # that are common across all environments/accounts.
 # ---------------------------------------------------------------------------------------------------------------------
 locals {
-  project_number = "fs0000000078"
-  project_name   = "csvd_platformbaseline"
-  project_role   = "csvd_platformbaseline_app"
-  organization   = "census:ocio:csvd"
-}
+  organization        = "census:ocio:csvd"
+  project_name        = "csvd_platformbaseline"
+  project_number      = "fs0000000078"
+  project_role        = "csvd_platformbaseline_app"
+  state_bucket_prefix = "inf-tfstate"
+  state_table_name    = "tf_remote_state"
+  terraform           = true
+  terragrunt          = true
+}
diff --git a/lab/_envcommon/helm-provider.hcl b/lab/_envcommon/helm-provider.hcl
@@ -0,0 +1,40 @@
+# lab/_envcommon/helm-provider.hcl
+
+dependency "eks" {
+  config_path = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs = {
+    cluster_certificate_authority_data              = [{data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP"}]
+    cluster_endpoint                                = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com"
+    cluster_name                                    = "a-cluster-name"
+    eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
+    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"]
+    token                                           = [{token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER"}]
+    vpc_id                                          = "a-vpc-id"
+  }
+}
+
+# Generate a helm provider block
+generate "helm_provider" {
+  path      = "${get_original_terragrunt_dir()}/helm_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+  terraform {
+    required_version = ">= 1.5.0"
+  }
+  data "aws_eks_cluster" "helm" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  data "aws_eks_cluster_auth" "helm" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  provider "helm" {
+    kubernetes {
+      host                   = data.aws_eks_cluster.helm[0].endpoint
+      cluster_ca_certificate = base64decode(data.aws_eks_cluster.helm[0].certificate_authority[0].data)
+      token                  = data.aws_eks_cluster_auth.helm.token
+    }
+  }
+EOF
+}
diff --git a/lab/_envcommon/kubernetes-provider.hcl b/lab/_envcommon/kubernetes-provider.hcl
@@ -0,0 +1,38 @@
+# lab/_envcommon/kubernetes-provider.hcl
+
+dependency "eks" {
+  config_path = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs = {
+    cluster_certificate_authority_data              = [{data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP"}]
+    cluster_endpoint                                = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com"
+    cluster_name                                    = "a-cluster-name"
+    eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
+    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"]
+    token                                           = [{token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER"}]
+    vpc_id                                          = "a-vpc-id"
+  }
+}
+
+# Generate a k8s provider block
+generate "kube_provider" {
+  path      = "${get_original_terragrunt_dir()}/kube_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+  terraform {
+    required_version = ">= 1.5.0"
+  }
+  data "aws_eks_cluster" "kube" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  data "aws_eks_cluster_auth" "kube" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  provider "kubernetes" {
+    host                   = data.aws_eks_cluster.kube.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.kube.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.kube.token
+  }
+EOF
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-dns/terragrunt.hcl
@@ -23,7 +23,7 @@ dependency "istio" {
   mock_outputs = {
     istio_ingress_lb = {
       dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com"
-      zone_id = "ZABC123456DEF"
+      zone_id  = "ZABC123456DEF"
     }
   }
 }

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-k8s-dashboard/terragrunt.hcl
@@ -15,7 +15,7 @@ terraform {
 dependency "eks" {
   config_path = "../eks"
   mock_outputs = {
-    cluster_name = "a-cluster-name"
+    cluster_name    = "a-cluster-name"
     vpc_domain_name = "example.com"
   }
 }
@@ -26,11 +26,11 @@ dependency "eks-loki" {
 }
 
 inputs = {
-  profile           = include.root.inputs.aws_profile
-  region            = include.root.inputs.aws_region
-  cluster_name      = dependency.eks.outputs.cluster_name
-  cluster_domain    = dependency.eks.inputs.vpc_domain_name
-  public_hostname   = "dashboard"
+  profile         = include.root.inputs.aws_profile
+  region          = include.root.inputs.aws_region
+  cluster_name    = dependency.eks.outputs.cluster_name
+  cluster_domain  = dependency.eks.inputs.vpc_domain_name
+  public_hostname = "dashboard"
   # datasources        = dependency.eks-loki.outputs.gateway_internal_endpoint
   # k8s_dashboard_version = "v2.0.0"  # NEW IDEA TO START PINNING VERSIONING OF COMPONENT TO TF MODULE VERSION
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl
@@ -5,11 +5,11 @@ include "root" {
 
 locals {
   # Set cluster/platform specific variables, or extract from the hierarchy. 
-  account_id                               = include.root.inputs.aws_account_id
+  account_id                               = include.root.inputs.account_id
   cluster_endpoint_public_access           = true
-  cluster_name                             = "platform-eng-cicd-test"
-  cluster_version                          = "1.30"
-  creator                                  = "matthew.c.morgan@census.gov"
+  cluster_name                             = include.root.inputs.cluster_name
+  cluster_version                          = include.root.inputs.cluster_version
+  creator                                  = include.root.inputs.creator
   eks_instance_disk_size                   = 100
   eks_ng_desired_size                      = 2
   eks_ng_max_size                          = 10
@@ -23,8 +23,8 @@ locals {
   project_number                           = include.root.inputs.project_number
   project_role                             = include.root.inputs.project_role
   region                                   = include.root.inputs.aws_region
-  terraform                                = true
-  terragrunt                               = true
+  terraform                                = include.root.locals.terraform
+  terragrunt                               = include.root.locals.terragrunt
   vpc_domain_name                          = include.root.inputs.vpc_domain_name
 
   # Tags applied to AWS objects created
@@ -43,48 +43,6 @@ terraform {
   }
 }
 
-# Generate an AWS provider block
-generate "provider" {
-  path      = "provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-terraform {
-  required_version = ">= 1.5.0"
-}
-provider "aws" {
-  region = "${local.region}"
-  profile = "${local.profile}"
-  default_tags {
-    tags = {
-      ProjectNumber = "${local.project_number}"
-      "Project Name" = "${local.project_name}"
-      "Project Role" = "${local.project_role}"
-      "Project Identifier" = "${local.project_number}:${local.project_name}"
-      Organization = "${local.organization}"
-      created_by = "${local.creator}"
-      created_for = "${local.creator}"
-      created_reason = "Terragrunt Development for CICD Delivered EKS Platform"
-      Terraform = "${local.terraform}"
-      Terragrunt = "${local.terragrunt}"
-    }
-  }
-  # Only these AWS Account IDs may be operated on by this template
-  allowed_account_ids = ["${local.account_id}"]
-}
-
-provider "kubernetes" {
-  config_path    = "~/.kube/config"
-}
- 
-provider "helm" {
-  kubernetes {
-      config_path = "~/.kube/config"
-    }
-}
-
-EOF
-}
-
 inputs = {
   aws_account_id                           = local.account_id
   cluster_endpoint_public_access           = local.cluster_endpoint_public_access

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
@@ -0,0 +1,21 @@
+# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  cluster_endpoint_public_access           = true
+  cluster_name                             = "platform-eng-eks-mcm"
+  cluster_version                          = "1.30"
+  creator                                  = "matthew.c.morgan@census.gov"
+  eks_instance_disk_size                   = 100
+  eks_ng_desired_size                      = 2
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 0
+  enable_cluster_creator_admin_permissions = true
+  environment_abbr                         = "dev"
+  terraform                                = true
+  terragrunt                               = true
+  tags = {
+    "Environment"   = local.environment_abbr
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+}
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl
@@ -1,6 +1,7 @@
 include "root" {
-  path   = find_in_parent_folders()
-  expose = true
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
 }
 
 terraform {
@@ -19,10 +20,10 @@ dependency "eks" {
   }
 }
 
-# dependency "karpenter" {
-#   config_path = "../eks-karpenter"
-#   skip_outputs = true
-# }
+dependency "eks_config" {
+  config_path  = "../eks-config"
+  skip_outputs = true
+}
 
 inputs = {
   cluster_name                     = dependency.eks.outputs.cluster_name

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
@@ -1,12 +1,11 @@
+# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl
+
 include "root" {
-  path   = find_in_parent_folders()
+  path   = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
   expose = true
 }
 
-# locals {
-#   tag_costallocation = "census:csvd:platformbaseline"
-# }
-
 terraform {
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=0.1.1"
   extra_arguments "retry_lock" {
@@ -18,15 +17,70 @@ terraform {
 dependency "eks" {
   config_path = "../eks"
   mock_outputs = {
-    vpc_id                                          = "a-vpc-id"
+    cluster_certificate_authority_data              = [{data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP"}]
+    cluster_endpoint                                = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com"
     cluster_name                                    = "a-cluster-name"
-    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ]
-    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
     eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"]
     oidc_provider_arn                               = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
+    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"]
+    token                                           = [{token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER"}]
+    vpc_id                                          = "a-vpc-id"
   }
 }
 
+# locals {
+#   kube_provider = read_terragrunt_config(find_in_parent_folders("_envcommon/kubernetes-provider.hcl"))
+# }
+
+# generate = local.kube_provider.generate
+
+# # Generate a k8s provider block
+# generate "kube_provider" {
+#   path      = "kube_provider.tf"
+#   if_exists = "overwrite_terragrunt"
+#   contents  = <<-EOF
+#   terraform {
+#     required_version = ">= 1.5.0"
+#   }
+#   data "aws_eks_cluster" "kube" {
+#     name = "${dependency.eks.outputs.cluster_name}"
+#   }
+#   data "aws_eks_cluster_auth" "kube" {
+#     name = "${dependency.eks.outputs.cluster_name}"
+#   }
+#   provider "kubernetes" {
+#     host                   = data.aws_eks_cluster.kube[0].endpoint
+#     cluster_ca_certificate = base64decode(data.aws_eks_cluster.kube[0].certificate_authority[0].data)
+#     token                  = data.aws_eks_cluster_auth.kube.token
+#   }
+# EOF
+# }
+
+# # Generate a helm provider block
+# generate "helm_provider" {
+#   path      = "helm_provider.tf"
+#   if_exists = "overwrite_terragrunt"
+#   contents  = <<-EOF
+#   terraform {
+#     required_version = ">= 1.5.0"
+#   }
+#   data "aws_eks_cluster" "helm" {
+#     name = "${dependency.eks.outputs.cluster_name}"
+#   }
+#   data "aws_eks_cluster_auth" "helm" {
+#     name = "${dependency.eks.outputs.cluster_name}"
+#   }
+#   provider "helm" {
+#     kubernetes {
+#       host                   = data.aws_eks_cluster.helm[0].endpoint
+#       cluster_ca_certificate = base64decode(data.aws_eks_cluster.helm[0].certificate_authority[0].data)
+#       token                  = data.aws_eks_cluster_auth.helm.token
+#     }
+#   }
+# EOF
+# }
+
 inputs = {
   profile                                         = include.root.inputs.aws_profile
   region                                          = include.root.inputs.aws_region
@@ -36,7 +90,4 @@ inputs = {
   security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
   eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
   oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
-  # tags                                            = dependency.eks.inputs.tags
-  # tag_costallocation                              = local.tag_costallocation
-  # cluster_autoscaler_role_name                    = dependency.eks.outputs.cluster_autoscaler_role_name
 }