diff --git a/docs/enterprise_ecr_v1.drawio 1.png b/docs/enterprise_ecr_v1.drawio 1.png new file mode 100644 index 00000000..460d3dfc Binary files /dev/null and b/docs/enterprise_ecr_v1.drawio 1.png differ diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 1116c315..37f1b7c7 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -10,6 +10,37 @@ locals { istio_ingress_version = "${local.release_version}" release_version = "mcmCluster" # "main" + ##################### + # Module Enablement + ##################### + + # Core modules that should always be enabled (cannot be disabled) + core_modules = [ + "eks", + "eks-karpenter", + "eks-config", + "eks-metrics-server", + "eks-cert-manager", + "eks-dns", + ] + + # Optional modules with their default enablement state + enabled_modules = { + "eks-arcgis" = false + "eks-gogatekeeper" = false + "eks-grafana" = true + "eks-istio" = true + "eks-k8s-dashboard" = true + "eks-karpenter" = true + "eks-keycloak" = true + "eks-kiali" = true + "eks-loki" = true + "eks-otel" = true + "eks-postgresql" = false + "eks-prometheus" = true + "eks-tempo" = true + } + ##################### # TF Providers ##################### @@ -27,6 +58,7 @@ locals { operator_namespace = "operator" telemetry_namespace = "telemetry" namespaces = { + arcgis = "arcgis" cert-manager = "kube-system" gogatekeeper = "kube-system" grafana = local.telemetry_namespace diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl index 3a223ea2..3b78febd 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl @@ -10,4 +10,7 @@ locals { "slim:schedule" = "8:00-17:00" "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" } + module_enablement_overrides = { + "eks-arcgis" = true + } } diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl index 8e667f7a..51e9dbff 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-arcgis/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-ersi-arcgis.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl index 5e03cd4a..bee2ddb9 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl index 4a6a659f..49e0ea2f 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl @@ -4,12 +4,15 @@ include "root" { expose = true } -dependencies { - paths = [ - "../eks", - "../eks-karpenter", - "../eks-metrics-server", - ] +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false } terraform { @@ -37,6 +40,14 @@ dependency "eks" { } } +dependencies { + paths = [ + "../eks", + "../eks-karpenter", + "../eks-metrics-server", + ] +} + inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl index e6211d06..62d93aff 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl.off b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl similarity index 90% rename from lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl.off rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl index 119537e6..184876db 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl.off +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl index 5d458d0b..850d726e 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -44,9 +55,10 @@ dependency "eks_prometheus" { config_path = "../eks-prometheus" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - rwo_storage_class = "gp3-mocked" - gateway_internal_endpoint = { - url = "mock.loki.enpoint.example.com" + prometheus_server_internal_endpoint = { + hostname = "prometheus.mock.svc.cluster.local" + port_number = "80" + url = "https://prometheus.mock.svc.cluster.local:80/" } } } diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl index 0cd1e1f9..7b4817b1 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl index 1d02df66..65b3bd37 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl index 25c22d7c..e53c67fb 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl index cf52252f..6a2248f5 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl index 260e3156..88980859 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl index e126331b..a0226b36 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl @@ -4,12 +4,23 @@ include "root" { expose = true } -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-metrics-server", - ] +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } } dependency "eks" { @@ -29,12 +40,12 @@ dependency "eks_config" { } } -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } +dependencies { + paths = [ + "../eks", + "../eks-config", + "../eks-metrics-server", + ] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl index fd02a7ac..1d784c62 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl @@ -4,18 +4,15 @@ include "root" { expose = true } -dependencies { - paths = [ - "../eks", - ] +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) } -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - } +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false } terraform { @@ -26,6 +23,20 @@ terraform { } } +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_name = "mock-cluster" + } +} + +dependencies { + paths = [ + "../eks", + ] +} + inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl index 45d467c2..ee0497bf 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=${include.root.inputs.release_version}" # source = "../../../../../../../tfmod-open-telemetry" @@ -13,15 +24,6 @@ terraform { } } -dependencies { - paths = [ - "../eks", - "../eks-loki", - "../eks-prometheus", - "../eks-tempo" - ] -} - dependency "eks" { config_path = "../eks" mock_outputs = { @@ -51,6 +53,15 @@ dependency "eks-tempo" { } } +dependencies { + paths = [ + "../eks", + "../eks-loki", + "../eks-prometheus", + "../eks-tempo" + ] +} + inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl index 80e24e8f..11c72624 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl index e94ad7f0..6b7fcb41 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl index 9eca1de2..e98f4cb8 100644 --- a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" diff --git a/lab/root.hcl b/lab/root.hcl index c2be3dc7..43ee0ef8 100644 --- a/lab/root.hcl +++ b/lab/root.hcl @@ -24,6 +24,7 @@ locals { # Automatically load vpc-level variables vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) + # Extract the variables we need for easy access account_id = local.account_vars.locals.aws_account_id aws_profile = local.account_vars.locals.aws_profile @@ -34,7 +35,13 @@ locals { finops_project_number = local.common_vars.locals.finops_project_number finops_project_role = local.common_vars.locals.finops_project_role is_eks_module = local.module_name == "eks" + is_module_enabled = merge( + { for module in local.versions.locals.core_modules : module => true }, + local.versions.locals.enabled_modules, + local.module_overrides + ) module_name = basename(get_original_terragrunt_dir()) + module_overrides = local.cluster_vars.locals.module_enablement_overrides organization = local.common_vars.locals.organization state_bucket_prefix = local.common_vars.locals.state_bucket_prefix state_table_name = local.common_vars.locals.state_table_name