From 9499df8e4de2b420d95b86748276f5f3bdcf6777 Mon Sep 17 00:00:00 2001 From: mcgin314 Date: Thu, 27 Mar 2025 13:57:15 -0400 Subject: [PATCH] Keycloak and gatekeeper for k8s dashboard --- .../eks-gatekeeper/terragrunt.hcl | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-z/eks-gatekeeper/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-gatekeeper/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-gatekeeper/terragrunt.hcl new file mode 100644 index 00000000..ae157837 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-gatekeeper/terragrunt.hcl @@ -0,0 +1,97 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=${include.root.inputs.release_version}" + source = "../../../../../../../tfmod-gatekeeper" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_name = "mock-cluster" + oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + } +} + +dependency "eks_dns" { + config_path = "../eks-dns" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_domain = "mock.example.com" + } +} + +# dependency "eks_grafana" { +# config_path = "../eks-grafana" +# mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] +# mock_outputs = { +# public_endpoint = "mock.grafaba.example.com" +# } +# } + +dependency "eks_keycloak" { + config_path = "../eks-keycloak" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + user_auth_realm = "mock.keycloak.example.com/auth" + client_id = "mock-client-id" + client_secret = "mock-client-secret" + namespace = "keycloak" + } +} + +dependency "eks-k8s-dashboard" { + config_path = "../eks-k8s-dashboard" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + namespace = "telemetry" + internal_endpoint = { + hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" + port_number = 80 + url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" + } + dashboard-user-token = "Iamanextremelylongstring" + } +} + +dependencies { + paths = [ + "../eks", + "../eks-dns", + "../eks-keycloak", + "../eks-k8s-dashboard", + # "../eks-grafana", + # "../eks-prometheus", + ] +} + +inputs = { + # Base Cluster Config + cluster_domain = dependency.eks_dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + profile = include.root.inputs.aws_profile + + # Gatekeeper Standard Config + gatekeeper_tag = include.root.inputs.gatekeeper_tag + gatekeeper_version = include.root.inputs.gatekeeper_chart_version + keycloak_ns = dependency.eks_keycloak.outputs.namespace + client_id = dependency.eks_keycloak.outputs.client_id + client_secret = dependency.eks_keycloak.outputs.client_secret + keycloak_fqdn = dependency.eks_keycloak.outputs.user_auth_realm + + # Dashboard Gatekeeper Config + application_name = "dashboard" + namespace = include.root.inputs.namespaces["k8s-dashboard"] + dashboard_ns = dependency.eks-k8s-dashboard.outputs.namespace + upstream_url = dependency.eks-k8s-dashboard.outputs.internal_endpoint.url + dashboard_user_token = dependency.eks-k8s-dashboard.outputs.dashboard-user-token +}