Merge pull request #1 from SCT-Engineering/new-tg

new terragrunt structure
SCT-Engineering · May 16, 2024 · adbb468 · adbb468
2 parents 3828f10 + 23715da
commit adbb468
Show file tree

Hide file tree

Showing 5 changed files with 276 additions and 0 deletions.
diff --git a/lab/account.hcl b/lab/account.hcl
@@ -0,0 +1,7 @@
+locals {
+  account_name   = "lab-dev-ew"
+  aws_account_id = "224384469011"
+  environment    = "development"
+  aws_profile    = "224384469011-lab-dev-gov.inf-admin-t3"
+  domain_name    = "dev.lab.csp2.census.gov"
+}
diff --git a/lab/us-gov-east-1/region.hcl b/lab/us-gov-east-1/region.hcl
@@ -0,0 +1,3 @@
+locals {
+  aws_region = "us-gov-east-1"
+}
diff --git a/lab/us-gov-east-1/vpc/cluster/eks/.terraform.lock.hcl b/lab/us-gov-east-1/vpc/cluster/eks/.terraform.lock.hcl
diff --git a/lab/us-gov-east-1/vpc/cluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks/terragrunt.hcl
@@ -0,0 +1,70 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+locals {
+  # In which AWS region are operations being performed
+  vpc_name               = "vpc3-lab-dev"
+  cluster_name           = "platform-eng-eks-test"
+  cluster_version        = 1.29
+  domain                 = "dev.lab.csp2.census.gov"
+  eks_instance_disk_size = 40
+  eks_vpc_name           = "vpc3-lab-dev"
+  eks_ng_desired_size    = 1
+  eks_ng_max_size        = 5
+  eks_ng_min_size        = 1
+  operators_ns           = "operators"
+  enable_cluster_creator_admin_permissions = true
+  cluster_endpoint_public_access  = true
+  profile                = "224384469011-lab-dev-gov.inf-admin-t3"
+
+  # Tags applied to AWS objects created
+  tags = {
+      "Environment"           = "dev"
+      "slim:schedule"         = "0800-1700"
+      "test"                  = "test"
+  }
+
+  aws_auth_roles = [
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    }
+  ]
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+inputs = {
+  profile                = local.profile
+  vpc_name               = local.eks_vpc_name
+  cluster_name           = local.cluster_name
+  cluster_version        = local.cluster_version
+  eks_instance_disk_size = local.eks_instance_disk_size
+  eks_vpc_name           = local.eks_vpc_name
+  #eks_instance_types     = local.eks_instance_types
+  eks_ng_desired_size    = local.eks_ng_desired_size
+  eks_ng_max_size        = local.eks_ng_max_size
+  eks_ng_min_size        = local.eks_ng_min_size
+  operators_ns           = local.operators_ns
+  enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
+  cluster_endpoint_public_access  = local.cluster_endpoint_public_access 
+  tags                   = local.tags
+  aws_auth_roles         = local.aws_auth_roles
+  domain                 = local.domain
+}
diff --git a/terragrunt.hcl b/terragrunt.hcl
@@ -0,0 +1,71 @@
+locals {
+  # Automatically load _envcommon, cross account and environment common variables
+  # common_vars = read_terragrunt_config("${dirname(find_in_parent_folders())}/_envcommon/common-variables.hcl", "skip-account-if-does-not-exist")
+  // "${get_tfvars_dir()}/${find_in_parent_folders("account.tfvars", "skip-account-if-does-not-exist")}",
+
+  # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer)
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+
+  # Automatically load region-level variables
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+
+  # Automatically load vpc-level variables
+  # Not applicable in this demo, but including for reference, would be next level of variables and configurations
+  # vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist"))
+
+  # Extract the variables we need for easy access
+  account_name   = local.account_vars.locals.account_name
+  account_id     = local.account_vars.locals.aws_account_id
+  organization   = "census:ocio:csvd"
+  project_number = "fs0000000078"
+  project_name   = "csvd_platformbaseline"
+  project_role   = "csvd_platformbaseline_app"
+}
+
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  region = "us-gov-east-1"
+  default_tags {
+    tags = {
+      project_number = "${local.project_number}"
+      project_name = "${local.project_name}"
+      project_role = "${local.project_role}"
+      organization = "${local.organization}"
+      created_by = "luther.coleman.mcginty@census.gov"
+      created_for = "luther.coleman.mcginty@census.gov"
+      created_reason = "Exploration of Terragrunt and Demonstration of CICD for Infrastructure"
+      Terraform = "true"
+      Terragrunt = "true"
+    }
+  }
+ 
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+EOF
+}
+
+remote_state {
+  backend     = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1"
+    key            = "platform-eks-test/terraform.tfstate"
+    region         = "us-gov-east-1"
+    encrypt        = true
+    #dynamodb_table = "my-lock-table"
+  }
+}
+
+inputs = merge(
+  # local.common_vars.locals,
+  local.account_vars.locals,
+  local.region_vars.locals,
+  #  local.vpc_vars.locals,
+)