diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace index 71e7cfd9..a4c0bf1d 100644 --- a/.github/platform-tg-infra.code-workspace +++ b/.github/platform-tg-infra.code-workspace @@ -8,6 +8,10 @@ "name": "tfmod-cert-mgr", "path": "../../tfmod-cert-mgr" }, + { + "name": "tfmod-config-job", + "path": "../../tfmod-config-job" + }, { "name": "tfmod-eks", "path": "../../tfmod-eks" @@ -64,6 +68,10 @@ "name": "tfmod-open-telemetry", "path": "../../tfmod-open-telemetry" }, + { + "name": "tfmod-postgresql", + "path": "../../tfmod-postgresql" + }, { "name": "tfmod-prometheus", "path": "../../tfmod-prometheus" @@ -79,10 +87,6 @@ { "name": "terragrunt", "path": "../../terragrunt" - }, - { - "name": "tfmod-config-job", - "path": "../../tfmod-config-job" } ] } diff --git a/input_vars.hcl b/input_vars.hcl new file mode 100644 index 00000000..c61b0ebd --- /dev/null +++ b/input_vars.hcl @@ -0,0 +1,25 @@ +locals { + account_name = "lab-dev-ew" + aws_account_id = "224384469011" + aws_profile = "224384469011-lab-dev-gov" + aws_region = "us-gov-east-1" + cluster_endpoint_public_access = true + cluster_mailing_list = "matthew.c.morgan@census.gov" + cluster_name = "platform-eng-eks-mcm" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 2 + enable_cluster_creator_admin_permissions = true + environment = "development" + environment_abbr = "dev" + organization = "census:ocio:csvd" + finops_project_name = "csvd_platformbaseline" + finops_project_number = "fs0000000078" + finops_project_role = "csvd_platformbaseline_app" + vpc_domain_name = "dev.lab.csp2.census.gov" + vpc_name = "vpc3-lab-dev" + tags = { + "slim:schedule" = "8:00-17:00" + } +} diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl index 38cb4c92..a6369273 100644 --- a/lab/_envcommon/common-variables.hcl +++ b/lab/_envcommon/common-variables.hcl @@ -6,12 +6,12 @@ # that are common across all environments/accounts. # --------------------------------------------------------------------------------------------------------------------- locals { - organization = "census:ocio:csvd" - project_name = "csvd_platformbaseline" - project_number = "fs0000000078" - project_role = "csvd_platformbaseline_app" - state_bucket_prefix = "inf-tfstate" - state_table_name = "tf_remote_state" + organization = "census:ocio:csvd" + finops_project_name = "csvd_platformbaseline" + finops_project_number = "fs0000000078" + finops_project_role = "csvd_platformbaseline_app" + state_bucket_prefix = "inf-tfstate" + state_table_name = "tf_remote_state" route53_endpoints = { route53_main = { "account_id" = "269244441389" diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 69a91e87..1f110855 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -6,9 +6,9 @@ locals { ##################### cluster_version = "1.31" custom_service_eks_account = "${local.release_version}" - eks_module_version = "20.33.1" + eks_module_version = "20.34.0" istio_ingress_version = "${local.release_version}" - release_version = "main" # "main" # change to main when testing updated modules + release_version = "mcmCluster" # "main" # change to main when testing updated modules ##################### # TF Providers @@ -47,13 +47,6 @@ locals { # EKS Config ##################### - ################ - # k8s-dashboard - ################ - dashboard_hostname = "dashboard" - k8s_dashboard_metrics_scraper = "1.0.8" - k8s_dashboard_version = "6.0.6" - ################ # Cert-Manager ################ @@ -68,7 +61,7 @@ locals { ################ # GoGatekeeper ################ - gogatekeeper_tag = "3.2.1" + gogatekeeper_tag = "3.18.2" gogatekeeper_chart_version = "0.1.53" ################ @@ -89,15 +82,18 @@ locals { ################ # k8s-dashboard ################ - dashboard_hostname = "dashboard" - k8s_dashboard_metrics_scraper = "1.0.8" - k8s_dashboard_version = "6.0.6" + dashboard_hostname = "dashboard" + k8s_dashboard_version = "7.11.1" + dashboard_api_tag = "1.11.1" + dashboard_auth_tag = "1.2.4" + dashboard_metrics_tag = "1.2.2" + dashboard_web_tag = "1.6.2" ################ # Karpenter ################ - karpenter_helm_chart = "1.3.1" - karpenter_tag = "1.3.1" + karpenter_helm_chart = "1.3.3" + karpenter_tag = "1.3.3" ################ # Keycloak @@ -121,7 +117,7 @@ locals { ################ loki_chart_version = "6.27.0" loki_tag = "3.4.2" - enterprise_logs_provisioner_tag = "v1.7.0" + enterprise_logs_provisioner_tag = "3.4" gateway_tag = "1.27-alpine" memcached_tag = "1.6.37" exporter_tag = "v0.15.0" @@ -138,7 +134,7 @@ locals { ################ os_shell_tag = "12" postgres_exporter_tag = "0.16.0" - postgresql_repmgr_tag = "17.4.0" + postgresql_repmgr_tag = "17.4.0-alpine" pgpool_tag = "4.5.5" postgresql_chart_version = "15.3.0" diff --git a/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl new file mode 100644 index 00000000..3a223ea2 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/cluster.hcl @@ -0,0 +1,13 @@ +locals { + # Cluster specific configuration + cluster_name = "csvd-platform-lab-mcm" + cluster_mailing_list = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 2 + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-cert-manager/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-config/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-dns/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl.off similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-gogatekeeper/terragrunt.hcl.off diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-grafana/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-istio/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-k8s-dashboard/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-karpenter/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl similarity index 95% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl index 74132d72..47ade7e4 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-keycloak/terragrunt.hcl @@ -69,8 +69,4 @@ inputs = { keycloak_database = include.root.inputs.keycloak_database keycloak_user = include.root.inputs.keycloak_username keycloak_password = include.root.inputs.keycloak_password - - # Project information - project_name = include.root.inputs.project_name - tags = include.root.inputs.tags } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl similarity index 87% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl index f1c9bdcb..260e3156 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-kiali/terragrunt.hcl @@ -33,7 +33,7 @@ dependency "eks_dns" { config_path = "../eks-dns" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - cluster_domain = "mock.example.com" + cluster_domain = "mock.example.com" } } @@ -52,8 +52,8 @@ dependency "eks_grafana" { port_number = "80" url = "https://grafana.mock.lab.csp2.census.gov:80/" } - secret_name = "grafana" - tempo_datasource_id = "mock-tempo-datasource-id" + secret_name = "grafana" + tempo_datasource_id = "mock-tempo-datasource-id" } } @@ -100,21 +100,21 @@ inputs = { region = include.root.inputs.aws_region # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks_cert_manager.outputs.cluster_issuer_name + cluster_domain = dependency.eks_dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + certificate_issuer = dependency.eks_cert_manager.outputs.cluster_issuer_name # Kiali Configuration service_name = "kiali" - namespace = include.root.inputs.namespaces["kiali"] - istio_namespace = include.root.inputs.namespaces["istio"] + namespace = include.root.inputs.namespaces["kiali"] + istio_namespace = include.root.inputs.namespaces["istio"] grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url grafana_namespace = dependency.eks_grafana.outputs.namespace grafana_secret_name = dependency.eks_grafana.outputs.secret_name grafana_public_url = dependency.eks_grafana.outputs.public_endpoint kiali_application_version = include.root.inputs.kiali_application_version - kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_operator_version = include.root.inputs.kiali_operator_version prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url grafana_namespace = dependency.eks_grafana.outputs.namespace diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-loki/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-metrics-server/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-otel/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/README.md similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/README.md diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-prometheus/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks-tempo/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl similarity index 100% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl rename to lab/development/us-gov-east-1/vpc/csvd-platform-lab-mcm/eks/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl deleted file mode 100644 index e52f9d23..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl +++ /dev/null @@ -1,28 +0,0 @@ -locals { - # Cluster specific configuration - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - cluster_mailing_list = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - enable_cluster_creator_admin_permissions = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - - # Common configuration - common_retry_args = { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } - - common_dependencies = ["../eks", "../eks-config"] - - common_mock_eks = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl deleted file mode 100644 index 656de00e..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl +++ /dev/null @@ -1,28 +0,0 @@ -locals { - # Cluster specific configuration - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-srn" - cluster_mailing_list = "srinivasa.nangunuri@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - enable_cluster_creator_admin_permissions = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - - # Common configuration - common_retry_args = { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } - - common_dependencies = ["../eks", "../eks-config"] - - common_mock_eks = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index d1e69d00..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,57 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-karpenter" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_version = include.root.inputs.cluster_version - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = include.root.inputs.cluster_mailing_list - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Cert Manager Configuration - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cluster_issuer_name = include.root.inputs.cluster_issuer_name - namespace = include.root.inputs.namespaces["cert-manager"] - - # Version Tags - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl deleted file mode 100644 index c1328ee7..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl +++ /dev/null @@ -1,54 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-karpenter" - ] -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_certificate_authority_data = [{ data = "mock-cert-data" }] - eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"] - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - security_group_all_worker_mgmt_id = "sg-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - vpc_id = "vpc-mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - subnets = dependency.eks.outputs.subnets - vpc_id = dependency.eks.outputs.vpc_id - operators_ns = include.root.inputs.operator_namespace - telemetry_ns = include.root.inputs.telemetry_namespace -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl deleted file mode 100644 index 2bf9b72f..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,60 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - subnets = ["subnet-mock1", "subnet-mock2", "subnet-mock3"] - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - istio_ingress_lb = { - dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com" - zone_id = "MOCKZONEID" - } - } -} - -dependencies { - paths = [ - "../eks-config", - "../eks-istio", - "../eks-karpenter" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = include.root.inputs.cluster_name - - # Network Configuration - istio_ingress_lb = dependency.eks-istio.outputs.istio_ingress_lb - route53_endpoints = include.root.inputs.route53_endpoints - vpc_domain_name = include.root.inputs.vpc_domain_name - vpc_name = include.root.inputs.vpc_name - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl deleted file mode 100644 index 2bc7484b..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,63 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_loki" { - config_path = "../eks-loki" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mocked" - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-karpenter", - "../eks-loki" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = include.root.inputs.vpc_domain_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Storage Configuration - rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class - - # Grafana Configuration - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag - namespace = include.root.inputs.namespaces["grafana"] - service_name = "grafana" -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl deleted file mode 100644 index 1c312166..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Istio Configuration - namespace = include.root.inputs.namespaces["istio"] - istio_version = include.root.inputs.istio_version -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index c32546cd..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,55 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=mcmCluster" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - - # Dashboard Configuration - service_name = include.root.inputs.dashboard_hostname - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - namespace = include.root.inputs.namespaces["k8s-dashboard"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 7c2ff2db..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,50 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = ["../eks"] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - node_group_name = "mock-node-group" - vpc_id = "vpc-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Karpenter Configuration - karpenter_tag = include.root.inputs.karpenter_tag - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_node_group_name = dependency.eks.outputs.node_group_name - namespace = include.root.inputs.namespaces["karpenter"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl deleted file mode 100644 index 4a6e1346..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl +++ /dev/null @@ -1,109 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=standards" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_postgresql" { - config_path = "../eks-postgresql" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { -<<<<<<< HEAD -<<<<<<< HEAD - internal_endpoint = { -======= - internal_endpoint = { ->>>>>>> 4d9a294 (deleted old cluster platform-eng-eks-test and created new cluster platform-eng-eks-srn) -======= - internal_endpoint = { ->>>>>>> 0a7b279 (fmt) - url = "mock-internal-endpoint-url" - } - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-karpenter", - "../eks-postgresql", - "../eks-prometheus", - ] -} - -inputs = { - admin_email = include.root.inputs.cluster_mailing_list - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - namespace = include.root.inputs.namespaces["keycloak"] - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # keycloak config - default_storage_class = dependency.eks_config.outputs.rwo_storage_class - keycloak_chart_version = include.root.inputs.keycloak_chart_version - keycloak_hostname = include.root.inputs.keycloak_hostname - keycloak_tag = include.root.inputs.keycloak_tag - service_name = "keycloak" - telemetry_namespace = include.root.inputs.telemetry_namespace - - # Database configuration -<<<<<<< HEAD -<<<<<<< HEAD - db_host = dependency.eks_postgresql.outputs.internal_endpoint.url - db_name = include.root.inputs.postgresql_database - db_password = include.root.inputs.postgresql_password - db_user = include.root.inputs.postgresql_username -======= - db_host = dependency.eks_postgresql.outputs.internal_endpoint.url - db_name = include.root.inputs.postgresql_database - db_password = include.root.inputs.postgresql_password - db_user = include.root.inputs.postgresql_username ->>>>>>> 4d9a294 (deleted old cluster platform-eng-eks-test and created new cluster platform-eng-eks-srn) -======= - db_host = dependency.eks_postgresql.outputs.internal_endpoint.url - db_name = include.root.inputs.postgresql_database - db_password = include.root.inputs.postgresql_password - db_user = include.root.inputs.postgresql_username ->>>>>>> 0a7b279 (fmt) - - # Project information - project_name = include.root.inputs.project_name - tags = include.root.inputs.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl deleted file mode 100644 index c36c773c..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl +++ /dev/null @@ -1,113 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-grafana", - "../eks-istio", - "../eks-prometheus" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - operators_namespace = "mock-namespace" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_grafana" { - config_path = "../eks-grafana" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - internal_endpoint = { - hostname = "grafana.mock.svc.cluster.local" - port_number = "80" - url = "https://grafana.mock.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.mock.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.mock.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -dependency "eks_istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - namespace = "mock-namespace-istio" - } -} - -dependency "eks_prometheus" { - config_path = "../eks-prometheus" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus.mock.svc.cluster.local" - port_number = "80" - url = "https://prometheus.mock.svc.cluster.local:80/" - } - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - - # Kiali Configuration - service_name = "kiali" - namespace = include.root.inputs.namespaces["kiali"] - grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks_grafana.outputs.namespace - grafana_secret_name = dependency.eks_grafana.outputs.secret_name - grafana_public_url = dependency.eks_grafana.outputs.public_endpoint - - kiali_operator_version = include.root.inputs.kiali_operator_version - - prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url - # jager_internal_url = dependency.eks_prometheus.outputs.jager_internal_url -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled deleted file mode 100644 index a06c6e68..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled +++ /dev/null @@ -1,108 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-grafana", - "../eks-istio", - "../eks-prometheus" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - operators_namespace = "mock-namespace" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_grafana" { - config_path = "../eks-grafana" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - internal_endpoint = { - hostname = "grafana.mock.svc.cluster.local" - port_number = "80" - url = "https://grafana.mock.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.mock.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.mock.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -dependency "eks_istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - namespace = "mock-namespace-istio" - } -} - -dependency "eks_prometheus" { - config_path = "../eks-prometheus" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - prometheus_internal_url = "mock-internal-url" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - - # Kiali Configuration - grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks_grafana.outputs.namespace - grafana_secret_name = dependency.eks_grafana.outputs.secret_name - grafana_public_url = dependency.eks_grafana.outputs.public_endpoint.url - - kiali_operator_version = include.root.inputs.kiali_operator_version - operators_namespace = dependency.eks-config.outputs.operators_namespace - - prometheus_internal_url = dependency.eks_prometheus.outputs.internal_endpoint - jager_internal_url = dependency.eks_prometheus.outputs.jager_internal_url -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl deleted file mode 100644 index 55d3830e..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,56 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-metrics-server", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mock" - } -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Loki Configuration - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - namespace = include.root.inputs.namespaces["loki"] - rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 5e520aad..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,43 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - } -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - - # Metrics Server Configuration - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag - namespace = include.root.inputs.namespaces["metrics-server"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl deleted file mode 100644 index 4429d04a..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl +++ /dev/null @@ -1,76 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-postgresql.git?ref=main" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-prometheus", - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class - - # PostgreSQL Configuration - namespace = include.root.inputs.namespaces["postgresql"] - os_shell_tag = include.root.inputs.os_shell_tag - pgpool_tag = include.root.inputs.pgpool_tag - postgres_exporter_tag = include.root.inputs.postgres_exporter_tag - postgresql_repmgr_tag = include.root.inputs.postgresql_repmgr_tag - postgresql_tag = include.root.inputs.postgresql_tag - service_name = "postgresql" - telemetry_namespace = include.root.inputs.telemetry_namespace - - # Database Consumer Configuration - postgresql_database = include.root.inputs.postgresql_database - postgresql_username = include.root.inputs.postgresql_username - postgresql_password = include.root.inputs.postgresql_password - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md deleted file mode 100644 index bbbffb2a..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 76650e5e..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=mcmCluster" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-metrics-server", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-encyrpted" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Prometheus Configuration - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - namespace = include.root.inputs.namespaces["prometheus"] - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag - rwo_storage_class = dependency.eks-config.outputs.rwo_storage_class -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl deleted file mode 100644 index 41ac0a73..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,110 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=keycloak" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD - prometheus_svc = "prometheus-server" - prometheus_namespace = "prometheus" - prometheus_port = 80 -======= - prometheus_namespace = "prometheus" ->>>>>>> 4d9a294 (deleted old cluster platform-eng-eks-test and created new cluster platform-eng-eks-srn) -======= - prometheus_svc = "prometheus-server" - prometheus_namespace = "prometheus" - prometheus_port = 80 ->>>>>>> 44e1884 (otel added) -======= - prometheus_svc = "prometheus-server" - prometheus_namespace = "prometheus" - prometheus_port = 80 ->>>>>>> 0a7b279 (fmt) - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} - -dependencies { - paths = [ - "../eks", -<<<<<<< HEAD -<<<<<<< HEAD - "../eks-dns", -======= - "../eks-config", - "../eks-dns", - "../eks-karpenter", ->>>>>>> 4d9a294 (deleted old cluster platform-eng-eks-test and created new cluster platform-eng-eks-srn) -======= - "../eks-dns", ->>>>>>> 44e1884 (otel added) - "../eks-prometheus" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Prometheus Configuration -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD - prometheus_svc = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.hostname -======= ->>>>>>> 4d9a294 (deleted old cluster platform-eng-eks-test and created new cluster platform-eng-eks-srn) -======= - prometheus_svc = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.hostname ->>>>>>> 44e1884 (otel added) -======= - prometheus_svc = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.hostname ->>>>>>> 0a7b279 (fmt) - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - - # Tempo Configuration - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - namespace = include.root.inputs.namespaces["tempo"] -<<<<<<< HEAD -<<<<<<< HEAD -======= - ->>>>>>> 4d9a294 (deleted old cluster platform-eng-eks-test and created new cluster platform-eng-eks-srn) -======= ->>>>>>> 44e1884 (otel added) -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl deleted file mode 100644 index 9eca1de2..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl +++ /dev/null @@ -1,28 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl deleted file mode 100644 index 8d2831cf..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index 35e355aa..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = dependency.eks.inputs.creator - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag - cluster_issuer_name = include.root.inputs.cluster_issuer_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl deleted file mode 100644 index d4a60dbc..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl - -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] - cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - security_group_all_worker_mgmt_id = "sg-00b0000000000000" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] - vpc_id = "a-vpc-id" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.outputs.cluster_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - kubectl_image_tag = include.root.inputs.kubectl_image_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl deleted file mode 100644 index 6e28781b..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] - } -} - -dependency "istio" { - config_path = "../eks-istio" - mock_outputs = { - istio_ingress_lb = { - dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" - zone_id = "ZABC123456DEF" - } - } -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_name = dependency.eks.inputs.vpc_name - route53_endpoints = include.root.inputs.route53_endpoints -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl deleted file mode 100644 index 65ab33fe..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.grafana_hostname - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl deleted file mode 100644 index c7c22c81..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,32 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = include.root.inputs.istio_version - istio_version = include.root.inputs.istio_version -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index cd1961b6..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,36 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - vpc_domain_name = "example.com" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.dashboard_hostname - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 6b1a862f..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,43 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - node_group_name = "node_group_a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - vpc_id = "a-vpc-name" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - karpenter_node_group_name = dependency.eks.outputs.node_group_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - vpc_id = dependency.eks.outputs.vpc_id - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_tag = include.root.inputs.karpenter_tag - kubectl_tag = include.root.inputs.kubectl_image_tag - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable deleted file mode 100644 index 1e04fe0d..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable +++ /dev/null @@ -1,81 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" - # source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.dev.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.dev.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -inputs = { - kiali_operator_version = include.root.inputs.kiali_operator_version - kiali_application_version = include.root.inputs.kiali_application_version - - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = "operators" - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url - grafana_secret_name = "grafana" - # grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl deleted file mode 100644 index 2c6b6be5..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - canary_tag = include.root.inputs.canary_tag - enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag - gateway_tag = include.root.inputs.gateway_tag - memcached_tag = include.root.inputs.memcached_tag - exporter_tag = include.root.inputs.exporter_tag - sidecar_tag = include.root.inputs.sidecar_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 387653b9..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,33 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md deleted file mode 100644 index bbbffb2a..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl deleted file mode 100644 index e6c54b16..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl deleted file mode 100644 index e9ebd485..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,46 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl deleted file mode 100644 index cc7c8935..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl +++ /dev/null @@ -1,56 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator - eks_instance_disk_size = include.root.inputs.eks_instance_disk_size - eks_ng_desired_size = include.root.inputs.eks_ng_desired_size - eks_ng_max_size = include.root.inputs.eks_ng_max_size - eks_ng_min_size = include.root.inputs.eks_ng_min_size - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - tags = include.root.inputs.tags - terraform = include.root.inputs.terraform - terragrunt = include.root.inputs.terragrunt - vpc_domain_name = include.root.inputs.vpc_domain_name -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - cluster_endpoint_public_access = local.cluster_endpoint_public_access - cluster_name = local.cluster_name - cluster_version = local.cluster_version - creator = local.creator - eks_instance_disk_size = local.eks_instance_disk_size - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - eks_vpc_name = local.eks_vpc_name - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - os_username = local.creator - shared_vpc_label = local.environment_abbr - tags = local.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl deleted file mode 100644 index 8d2831cf..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl deleted file mode 100644 index 740c1ad9..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-test-z" - created_reason = "Terragrunt Development for CICD Delivered EKS Platform" - creator = "luther.coleman.mcginty@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 3 - eks_ng_max_size = 10 - eks_ng_min_size = 1 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable deleted file mode 100644 index 97aa66fd..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable +++ /dev/null @@ -1,27 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-alloy.git?ref=main" - source = "../../../../../../../tfmod-alloy" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - cluster_domain = dependency.eks.inputs.vpc_domain_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index 2522e07a..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,57 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-cert-mgr" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-karpenter" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_version = include.root.inputs.cluster_version - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = include.root.inputs.cluster_mailing_list - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Cert Manager Configuration - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cluster_issuer_name = include.root.inputs.cluster_issuer_name - - # Version Tags - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag - namespace = include.root.inputs.namespaces["cert-manager"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl deleted file mode 100644 index eefbf272..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl +++ /dev/null @@ -1,54 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - # "../eks-karpenter" - ] -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-eks-configuration" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_certificate_authority_data = [{ data = "mock-cert-data" }] - eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"] - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - security_group_all_worker_mgmt_id = "sg-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - vpc_id = "vpc-mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - subnets = dependency.eks.outputs.subnets - vpc_id = dependency.eks.outputs.vpc_id - operators_ns = include.root.inputs.operator_namespace - telemetry_ns = include.root.inputs.telemetry_namespace -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl deleted file mode 100644 index 83eb25fb..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-eks-dns" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - subnets = ["subnet-mock1", "subnet-mock2", "subnet-mock3"] - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - istio_ingress_lb = { - dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com" - zone_id = "MOCKZONEID" - } - } -} - -dependencies { - paths = [ - "../eks-config", - "../eks-istio", - "../eks-karpenter" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = include.root.inputs.cluster_name - - # Network Configuration - istio_ingress_lb = dependency.eks-istio.outputs.istio_ingress_lb - route53_endpoints = include.root.inputs.route53_endpoints - vpc_domain_name = include.root.inputs.vpc_domain_name - vpc_name = include.root.inputs.vpc_name - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl deleted file mode 100644 index dda8453f..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,81 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-grafana" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-loki", - "../eks-prometheus", - "../eks-tempo" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - gateway_internal_endpoint = { - hostname = "loki-gateway.telemetry.svc.cluster.local" - portNumber = "80" - url = "http://loki-gateway.telemetry.svc.cluster.local:80/" - } - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} - -dependency "eks-tempo" { - config_path = "../eks-tempo" - mock_outputs = { - tempo_internal_endpoint = { - hostname = "tempo.telemetry.svc.cluster.local" - port_number = 4317 - url = "http://tempo.telemetry.svc.cluster.local:4317/" - } - } -} - -inputs = { - cluster_domain = dependency.eks.inputs.vpc_domain_name - cluster_name = dependency.eks.outputs.cluster_name - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag - profile = include.root.inputs.aws_profile - public_hostname = include.root.inputs.grafana_hostname - region = include.root.inputs.aws_region - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url - prometheus_endpoint = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - tempo_endpoint = dependency.eks-tempo.outputs.tempo_internal_endpoint.url - namespace = include.root.inputs.namespaces["grafana"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl deleted file mode 100644 index dff8a76c..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,45 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-istio" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Istio Configuration - namespace = include.root.inputs.namespaces["istio"] - istio_version = include.root.inputs.istio_version -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index 7bccdc3f..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,46 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-k8s-dashboard" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = include.root.inputs.vpc_domain_name - cluster_name = dependency.eks.outputs.cluster_name - - # Dashboard Configuration - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - namespace = include.root.inputs.namespaces["k8s-dashboard"] -} \ No newline at end of file diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl deleted file mode 100644 index a713f4d9..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,49 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-karpenter" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} -dependencies { - paths = ["../eks"] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - node_group_name = "mock-node-group" - vpc_id = "vpc-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Karpenter Configuration - karpenter_tag = include.root.inputs.karpenter_tag - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_node_group_name = dependency.eks.outputs.node_group_name - namespace = include.root.inputs.namespaces["karpenter"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl deleted file mode 100644 index d0494ec1..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl +++ /dev/null @@ -1,91 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster" - source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-tempo" { - config_path = "../eks-tempo" - mock_outputs = { - tempo_internal_endpoint = { - hostname = "tempo.tempo.svc.cluster.local" - port_number = 3100 - url = "http://tempo.tempo.svc.cluster.local:3100/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = "https://grafana.dev.lab.csp2.census.gov:80/" - secret_name = "grafana" - tempo_datasource_id = "tempo" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - - kiali_application_version = include.root.inputs.kiali_application_version - - namespace = include.root.inputs.namespaces["kiali"] - istio_namespace = include.root.inputs.namespaces["istio"] - - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_secret_name = dependency.eks-grafana.outputs.secret_name - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint - tempo_datasource_id = dependency.eks-grafana.outputs.tempo_datasource_id - tempo_internal_url = dependency.eks-tempo.outputs.tempo_internal_endpoint.url - - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl deleted file mode 100644 index 4c4de2fd..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,48 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-loki-x" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -# dependency "eks-prometheus" { -# config_path = "../eks-prometheus" -# skip_outputs = true -# } - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - canary_tag = include.root.inputs.canary_tag - enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag - gateway_tag = include.root.inputs.gateway_tag - memcached_tag = include.root.inputs.memcached_tag - exporter_tag = include.root.inputs.exporter_tag - sidecar_tag = include.root.inputs.sidecar_tag - namespace = include.root.inputs.namespaces["loki"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 06817cc0..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-metrics-server" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - - # Metrics Server Configuration - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag - namespace = include.root.inputs.namespaces["metrics-server"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl deleted file mode 100644 index 2b4ce337..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=main" - source = "../../../../../../../tfmod-open-telemetry" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-loki", - "../eks-prometheus", - "../eks-tempo" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - gateway_internal_endpoint = { - hostname = "loki-gateway.telemetry.svc.cluster.local" - portNumber = "80" - url = "http://loki-gateway.telemetry.svc.cluster.local:80/" - } - } -} - -dependency "eks-tempo" { - config_path = "../eks-tempo" - mock_outputs = { - tempo_otlp_endpoint = { - hostname = "tempo.telemetry.svc.cluster.local" - portNumber = 4317 - url = "http://tempo.telemetry.svc.cluster.local:4317/" - } - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - namespace = include.root.inputs.namespaces["otel"] - loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url - tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md deleted file mode 100644 index bbbffb2a..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 030dd33c..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-prometheus" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag - namespace = include.root.inputs.namespaces["prometheus"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl deleted file mode 100644 index d14c8a1e..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,47 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-tempo" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - namespace = include.root.inputs.namespaces["tempo"] -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl deleted file mode 100644 index c77be43b..00000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl +++ /dev/null @@ -1,28 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-eks" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/lab/root.hcl b/lab/root.hcl index 10706ffd..c2be3dc7 100644 --- a/lab/root.hcl +++ b/lab/root.hcl @@ -25,20 +25,19 @@ locals { vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) # Extract the variables we need for easy access - account_id = local.account_vars.locals.aws_account_id - aws_profile = local.account_vars.locals.aws_profile - aws_region = local.region_vars.locals.aws_region - cluster_name = local.cluster_vars.locals.cluster_name - environment_abbr = local.account_vars.locals.environment_abbr - organization = local.common_vars.locals.organization - project_name = local.common_vars.locals.project_name - project_number = local.common_vars.locals.project_number - project_role = local.common_vars.locals.project_role - state_bucket_prefix = local.common_vars.locals.state_bucket_prefix - state_table_name = local.common_vars.locals.state_table_name - # Check if current module is the EKS module - module_name = basename(get_original_terragrunt_dir()) - is_eks_module = local.module_name == "eks" + account_id = local.account_vars.locals.aws_account_id + aws_profile = local.account_vars.locals.aws_profile + aws_region = local.region_vars.locals.aws_region + cluster_name = local.cluster_vars.locals.cluster_name + environment_abbr = local.account_vars.locals.environment_abbr + finops_project_name = local.common_vars.locals.finops_project_name + finops_project_number = local.common_vars.locals.finops_project_number + finops_project_role = local.common_vars.locals.finops_project_role + is_eks_module = local.module_name == "eks" + module_name = basename(get_original_terragrunt_dir()) + organization = local.common_vars.locals.organization + state_bucket_prefix = local.common_vars.locals.state_bucket_prefix + state_table_name = local.common_vars.locals.state_table_name } # Only generate providers for non-EKS modules @@ -128,9 +127,9 @@ generate "aws-provider" { cluster_name = "${local.cluster_name}" "boc:module_name" = "${local.module_name}" environment = "${local.environment_abbr}" - finops_project_name = "${local.project_name}" - finops_project_number = "${local.project_number}" - finops_project_role = "${local.project_role}" + finops_project_name = "${local.finops_project_name}" + finops_project_number = "${local.finops_project_number}" + finops_project_role = "${local.finops_project_role}" organization = "${local.organization}" } } diff --git a/notes.md b/notes.md index 55a5ffc3..984bfc42 100644 --- a/notes.md +++ b/notes.md @@ -54,25 +54,3 @@ resource "aws_eks_cluster" "main" { resources = ["secrets"] } } - -24m Warning FailedGetResourceMetric horizontalpodautoscaler/loki-write failed to get cpu utilization: unable to get metrics for resource cpu: no metrics returned from resource metrics API -24m Warning FailedComputeMetricsReplicas horizontalpodautoscaler/loki-write invalid metrics (1 invalid out of 1), first error is: failed to get cpu resource metric value: failed to get cpu utilization: unable to get metrics for resource cpu: no metrics returned from resource metrics API -22m Warning FailedGetResourceMetric horizontalpodautoscaler/loki-write failed to get cpu utilization: did not receive metrics for targeted pods (pods might be unready) -2 -29m Warning FailedGetResourceMetric horizontalpodautoscaler/istiod failed to get cpu utilization: unable to get metrics for resource cpu: unable to fetch metrics from resource metrics API: the server could not find the requested resource (get pods.metrics.k8s.io) -29m Warning FailedComputeMetricsReplicas horizontalpodautoscaler/istiod invalid metrics (1 invalid out of 1), first error is: failed to get cpu resource metric value: failed to get cpu utilization: unable to get metrics for resource cpu: unable to fetch metrics from resource metrics API: the server could not find the requested resource (get pods.metrics.k8s.io) -29m Warning FailedGetResourceMetric horizontalpodautoscaler/istiod failed to get cpu utilization: unable to get metrics for resource cpu: unable to fetch metrics from resource metrics API: the server is currently unable to handle the request (get pods.metrics.k8s.io) -29m Warning FailedComputeMetricsReplicas horizontalpodautoscaler/istiod invalid metrics (1 invalid out of 1), first error is: failed to get cpu resource metric value: failed to get cpu utilization: unable to get metrics for resource cpu: unable to fetch metrics from resource metrics API: the server is currently unable to handle the request (get pods.metrics.k8s.io) -2 -* Failed to execute "terraform_current apply -lock-timeout=20m -auto-approve -input=false -auto-approve" in ./.terragrunt-cache/jrM5TqaHxjlphT8vQ1DicmFp6eM/1NbRS_ankC8AcxKegXNWAnjyQEg - ╷ - │ Error: Unable to continue with install: Certificate "platform-eng-eks-mcm" in namespace "istio-system" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "grafana-grafana-ingress": current value is "k8s-dashboard-k8s-dashboard-ingress"; annotation validation error: key "meta.helm.sh/release-namespace" must equal "grafana": current value is "k8s-dashboard" - │ - │ with module.ingress_resources.helm_release.ingress, - │ on .terraform/modules/ingress_resources/main.tf line 6, in resource "helm_release" "ingress": - │ 6: resource "helm_release" "ingress" { - │ - ╵ - - exit status 1 - \ No newline at end of file