Merge pull request #9 from SCT-Engineering/feature-terragrunt-live-repo

Feature terragrunt live repo
SCT-Engineering · Sep 17, 2024 · a134643 · a134643
2 parents 10635ca + 8d7cbc1
commit a134643
Show file tree

Hide file tree

Showing 42 changed files with 2,264 additions and 0 deletions.
diff --git a/lab/us-gov-east-1/vpc/platform-test-2/common_vars.hcl.disable b/lab/us-gov-east-1/vpc/platform-test-2/common_vars.hcl.disable
@@ -0,0 +1,170 @@
+locals {
+  # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+
+  # Automatically load region-level variables
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+
+  # Which AWS_PROFILE to use to perform the operations
+  profile = local.account_vars.locals.aws_profile
+
+  # In which AWS region are operations being performed
+  region = local.region_vars.locals.aws_region
+
+  # Tags applied to AWS objects created
+  application_tags = {
+    "Project Name"   = local.project_name
+    "ProjectNumber"  = local.project_number
+    "CostAllocation" = local.organization
+    "Organization"   = local.organization
+    "Environment"    = local.account_vars.locals.environment
+  }
+
+  ####################################################
+  ## VPC Information
+  ####################################################
+  # Information about the VPC in which artifacts are being created
+
+  vpc_name = "vpc3-lab-dev"
+
+  ####################################################
+  ## EKS Configuration
+  ####################################################
+
+  # The name of the EKS cluster
+  cluster_name = "platform-eng-eks-mcm"
+
+  # The kubernetes version to use for the cluster
+  cluster_version = "1.30"
+
+  # The domain in which the cluster is being built
+  domain = local.account_vars.locals.vpc_domain_name
+
+  # The size of the disk for the worker nodes, in GB
+  # Loki claims 60 GB - 10g claims - 2 services each with 3 replicas
+  # Prometheus claims 10g
+  # Tempo claims 10g x 3 replicas
+  eks_instance_disk_size = 120
+
+  # The VPC name in which the cluster will operate
+  eks_vpc_name = local.vpc_name
+
+  # The types of instances to use for the worker nodes
+  eks_instance_types = ["t3.xlarge", "m4.xlarge", "m5.xlarge"]
+
+  # How many worker nodes are desired
+  eks_ng_desired_size = 1
+
+  # What is the maximum number of worker nodes allowed.
+  eks_ng_max_size = 10
+
+  # What is the minimum number of worker nodes allowed.
+  eks_ng_min_size = 1
+
+  # Namespace to use for operator installation
+  operators_namespace = "operators"
+
+  ####################################################
+  ## Cloudwatch Agent Configuration for EKS
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that cloudwatch-agent and fluentbit will be installed.
+  cw_namespace = "cloudwatch"
+
+  # How long the logs will be maintained within cloudwatch before deletion.
+  cw_log_retention_days = "30"
+
+  # Fluent Bit reads log files from the tail, and will capture only new
+  # logs after it is deployed. If you want the opposite, set
+  # fluent_bit_read_from_head='On' and it will collect all logs in the
+  # file system and set fluent_bit_read_from_tail='Off'.
+  cw_fluent_bit_read_from_head = "off"
+  cw_fluent_bit_read_from_tail = "on"
+
+  # Fluent Bit can integrate with prometheus and serve metrics.  If the
+  # metrics server is desired, set this to "on" else set it to "off" to
+  # disable the metrics server
+  cw_fluent_bit_http_server = "on"
+
+  # When the metrics server is enabled, the port on which the server is to run.
+  cw_fluent_bit_http_port = "2020"
+
+  ####################################################
+  ## cert-manager Configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that cert-manager will be installed.
+  cm_namespace = "cert-manager"
+
+  # The name of the cluster issuer to install
+  cm_cluster_issuer_name = "clusterissuer"
+
+  # How to issue certs:
+  # Intermediate CA - Request an intermediate CA from TCO and provide the
+  #   name of the file here:
+  #cm_intermediate_ca_crt = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.bundle.crt"
+  #cm_intermediate_ca_key = "./certs/pki.adsd-cumulus-sandbox.dev.csp1.census.gov.key"
+  #
+  # ACM - Use aws-pca-issuer to request leaf certs from AWS ACM.
+  cm_acm = true
+
+  ####################################################
+  ## Istio Configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that Istio will be installed.
+  istio_namespace = "istio-system"
+
+  istio_enable_telemetry = true
+
+  # Potentially allow istio to control traffic outbound from the cluster.
+  istio_enable_egressgateway = true
+
+  ####################################################
+  ## Keycloak Configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  keycloak_enabled = true
+
+  # The namespace that Keycloak will be installed.
+  keycloak_namespace = "keycloak"
+
+  # The email address of the person considered the keycloak administrator
+  keycloak_admin_email = "robel.t.fesshaye@census.gov"
+
+  # Details about the database keycloak should use to store configuration data
+  keycloak_db_vendor   = "postgresql"
+  keycloak_db_address  = "adsd-rds-mft-sbox.c2tx3ocukdth.us-gov-east-1.rds.amazonaws.com"
+  keycloak_db_port     = "5432"
+  keycloak_db_database = "keycloak"
+  keycloak_db_username = "keycloak"
+  keycloak_db_password = "a-secret-password"
+
+  ####################################################
+  ## log-trace-monitor configuration
+  ####################################################
+  log_trace_monitor_namespace        = "default"
+  log_trace_monitor_create_namespace = false
+
+  ####################################################
+  ## Kubernetes Dashboard configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that kubernetes dashboard will be installed.
+  kube_dashboard_namespace = "kube-dashboard"
+
+  ####################################################
+  ## Metrics Server configuration
+  ####################################################
+  # Uses cluster_name and region
+
+  # The namespace that metrics-server will be installed.
+  ms_namespace = "kube-system"
+
+
+}
diff --git a/project-x-infra-live/_envcommon/common-variables.hcl b/project-x-infra-live/_envcommon/common-variables.hcl
@@ -0,0 +1,11 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# GLOBAL PARAMETERS
+# These are the variables we pass to use across modules regardless of environment, i.e. these are the parameters 
+# that are common across all environments/accounts.
+# ---------------------------------------------------------------------------------------------------------------------
+locals {
+  project_number = "fs0000000078"
+  project_name   = "csvd_platformbaseline"
+  project_role   = "csvd_platformbaseline_app"
+  organization   = "census:ocio:csvd"
+}
diff --git a/project-x-infra-live/development/account.hcl b/project-x-infra-live/development/account.hcl
@@ -0,0 +1,11 @@
+# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration. Terragrunt often segments account and environment, but given our strategy is to 
+# leverage accounts as environment boundaries, there is an anticipated 1:1 account to environment model that 
+# combines these here. 
+locals {
+  account_name     = "lab-dev-ew"
+  aws_account_id   = "224384469011"
+  aws_profile      = "224384469011-lab-dev-gov.inf-admin-t2"
+  environment      = "development"
+  environment_abbr = "dev"
+}
diff --git a/project-x-infra-live/development/us-gov-east-1/region.hcl b/project-x-infra-live/development/us-gov-east-1/region.hcl
@@ -0,0 +1,5 @@
+# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to
+# configure the remote state bucket and pass forward to the child modules as inputs.
+locals {
+  aws_region = "us-gov-east-1"
+}
diff --git a/...ct-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-cert-manager/terragrunt.hcl b/...ct-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-cert-manager/terragrunt.hcl
@@ -0,0 +1,34 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=main"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name      = "a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+
+inputs = {
+  cluster_name                     = dependency.eks.outputs.cluster_name
+  cluster_mailing_list             = dependency.eks.inputs.creator
+  oidc_provider_arn                = dependency.eks.outputs.oidc_provider_arn
+  profile                          = include.root.inputs.aws_profile
+  region                           = include.root.inputs.aws_region
+  cert_manager_helm_chart          = "1.15.1"
+  cert_manager_cainjector_tag      = "v1.15.1"
+  cert_manager_controller_tag      = "v1.15.1"
+  cert_manager_startupapicheck_tag = "v1.15.1"
+  cert_manager_webhook_tag         = "v1.15.1"
+  cluster_issuer_name              = "cert-manager"
+}
diff --git a/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-config/terragrunt.hcl b/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-config/terragrunt.hcl
@@ -0,0 +1,42 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+# locals {
+#   tag_costallocation = "census:csvd:platformbaseline"
+# }
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=main"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    vpc_id                                          = "a-vpc-id"
+    cluster_name                                    = "a-cluster-name"
+    subnets                                         = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ]
+    security_group_all_worker_mgmt_id               = "sg-00b0000000000000"
+    eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+  }
+}
+
+inputs = {
+  profile                                         = include.root.inputs.aws_profile
+  region                                          = include.root.inputs.aws_region
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  subnets                                         = dependency.eks.outputs.subnets
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  # tags                                            = dependency.eks.inputs.tags
+  # tag_costallocation                              = local.tag_costallocation
+  # cluster_autoscaler_role_name                    = dependency.eks.outputs.cluster_autoscaler_role_name
+}
diff --git a/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-grafana/terragrunt.hcl b/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-grafana/terragrunt.hcl
@@ -0,0 +1,38 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+dependency "eks-loki" {
+  config_path = "../eks-loki"
+  mock_outputs = {
+    rwo_storage_class = "gp3-encrypted"
+  }
+}
+# dependency "eks-tempo" {
+#   config_path  = "../eks-tempo"
+#   skip_outputs = true
+# }
+
+inputs = {
+  profile           = include.root.inputs.aws_profile
+  region            = include.root.inputs.aws_region
+  cluster_name      = dependency.eks.outputs.cluster_name
+  cluster_domain    = dependency.eks.inputs.vpc_domain_name
+  rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class
+  # datasources        = dependency.eks-loki.outputs.gateway_internal_endpoint
+}
diff --git a/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-istio/terragrunt.hcl b/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-istio/terragrunt.hcl
@@ -0,0 +1,31 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=main"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+dependency "eks-karpenter" {
+  config_path  = "../eks-karpenter"
+  skip_outputs = true
+}
+
+inputs = {
+  profile             = include.root.inputs.aws_profile
+  region              = include.root.inputs.aws_region
+  cluster_name        = dependency.eks.outputs.cluster_name
+  istio_chart_version = "1.22.1"
+  istio_version       = "1.22.1"
+}
diff --git a/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-karpenter/terragrunt.hcl b/project-x-infra-live/development/us-gov-east-1/vpc/_mcmCluster/eks-karpenter/terragrunt.hcl
@@ -0,0 +1,38 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=main"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+  mock_outputs = {
+    cluster_endpoint  = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com"
+    cluster_name      = "a-cluster-name"
+    node_group_name   = "node_group_a-cluster-name"
+    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    vpc_id            = "a-vpc-name"
+  }
+}
+
+dependency "eks-config" {
+  config_path  = "../eks-config"
+  skip_outputs = true
+}
+
+inputs = {
+  profile                   = include.root.inputs.aws_profile
+  region                    = include.root.inputs.aws_region
+  cluster_endpoint          = dependency.eks.outputs.cluster_endpoint
+  cluster_name              = dependency.eks.outputs.cluster_name
+  karpenter_node_group_name = dependency.eks.outputs.node_group_name
+  oidc_provider_arn         = dependency.eks.outputs.oidc_provider_arn
+  vpc_id                    = dependency.eks.outputs.vpc_id
+}