pushing eks-config and eks-istio and modifications to eks base cluster

SCT-Engineering · Jun 12, 2024 · 786bd9b · 786bd9b
1 parent adbb468
commit 786bd9b
Show file tree

Hide file tree

Showing 84 changed files with 19,012 additions and 4 deletions.
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/provider.tf b/lab/us-gov-east-1/vpc/cluster/eks-config/provider.tf
@@ -0,0 +1,17 @@
+# provider.tf
+provider "aws" {
+  region  = "us-gov-east-1"
+  profile = "224384469011-lab-dev-gov"
+}
+
+provider "kubernetes" {
+  config_path    = "~/.kube/config"
+  config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test"
+}
+
+provider "helm" {
+  kubernetes {
+      config_path = "~/.kube/config"
+      config_context = "arn:aws-us-gov:eks:us-gov-east-1:224384469011:cluster/platform-eng-eks-test"
+    }
+}
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl
@@ -0,0 +1,66 @@
+locals {
+  # In which AWS region are operations being performed
+  # vpc_id                                         = "vpc-0280f77b373744eaa"
+  # profile                                        = "224384469011-lab-dev-gov.inf-admin-t3"
+  # cluster_name                                   = "platform-eng-eks-test"
+  # subnets                                        = [
+  #                                                   "subnet-078b228071c609a50",
+  #                                                   "subnet-02c2250b9ec2dd6a2",
+  #                                                   "subnet-07a6339be3670fb41",
+  #                                                 ]
+  # security_group_all_worker_mgmt_id               = "sg-02b62e91afdbeba6b"
+  # eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"]
+
+  # region                                          = "us-gov-east-1"
+  # oidc_provider_arn                               = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828"
+
+  tag_costallocation                              = "census:csvd:platformbaseline"
+  region                                          = "us-gov-east-1"
+  tags = {
+
+      "eks-cluster-name"      = "platform-eng-eks-test"
+      "CostAllocation"        = "census:csvd:platformbaseline"
+      "boc:tf_module_version" = "1.0.0"
+      "boc:created_by"        = "terraform"
+  }
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=1.0.1"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+remote_state {
+  backend     = "s3"
+  generate    = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
+    key            = "platform-eks-test-config/terraform.tfstate"
+    region         = "us-gov-east-1"
+    encrypt        = true
+    #dynamodb_table = "my-lock-table"
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  subnets                                         = dependency.eks.outputs.subnets
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  tags                                            = local.tags
+  tag_costallocation                              = local.tag_costallocation
+  region                                          = local.region
+}
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-istio/charts/base/Chart.yaml b/lab/us-gov-east-1/vpc/cluster/eks-istio/charts/base/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+appVersion: 1.22.1
+description: Helm chart for deploying Istio cluster resources and CRDs
+icon: https://istio.io/latest/favicons/android-192x192.png
+keywords:
+- istio
+name: base
+sources:
+- https://github.com/istio/istio
+version: 1.22.1
diff --git a/lab/us-gov-east-1/vpc/cluster/eks-istio/charts/base/README.md b/lab/us-gov-east-1/vpc/cluster/eks-istio/charts/base/README.md
@@ -0,0 +1,35 @@
+# Istio base Helm Chart
+
+This chart installs resources shared by all Istio revisions. This includes Istio CRDs.
+
+## Setup Repo Info
+
+```console
+helm repo add istio https://istio-release.storage.googleapis.com/charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Installing the Chart
+
+To install the chart with the release name `istio-base`:
+
+```console
+kubectl create namespace istio-system
+helm install istio-base istio/base -n istio-system
+```
+
+### Profiles
+
+Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets.
+These can be set with `--set profile=<profile>`.
+For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements.
+
+For consistency, the same profiles are used across each chart, even if they do not impact a given chart.
+
+Explicitly set values have highest priority, then profile settings, then chart defaults.
+
+As an implementation detail of profiles, the default values for the chart are all nested under `defaults`.
+When configuring the chart, you should not include this.
+That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`.