From 6bc25105d22c7b5048ea61506b8c21a036d72cb5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 9 Jul 2024 18:20:43 -0400 Subject: [PATCH 01/14] add mcmCluster --- .../vpc/cluster/eks-config/terragrunt.hcl | 2 +- .../vpc/cluster/eks-loki/terragrunt.hcl | 2 +- .../vpc/mcmCluster/eks/terragrunt.hcl | 70 ++++++++++++++++++ .../vpc/mcmCluster/terragrunt.hcl | 73 +++++++++++++++++++ 4 files changed, 145 insertions(+), 2 deletions(-) create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl diff --git a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl index dc5e1a0..ae4a9c1 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl @@ -26,7 +26,7 @@ locals { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=1.0.2" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl index bf1061a..62a03c5 100644 --- a/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl @@ -1,5 +1,5 @@ terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl new file mode 100644 index 0000000..4aa2020 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl @@ -0,0 +1,70 @@ +include "root" { + path = find_in_parent_folders() + expose = true +} + +locals { + # In which AWS region are operations being performed + vpc_name = "vpc3-lab-dev" + cluster_name = "platform-eng-eks-mcm" + cluster_version = "1.30" + domain = "dev.lab.csp2.census.gov" + eks_instance_disk_size = 60 + eks_vpc_name = "vpc3-lab-dev" + eks_ng_desired_size = 1 + eks_ng_max_size = 10 + eks_ng_min_size = 1 + operators_ns = "operators" + enable_cluster_creator_admin_permissions = true + cluster_endpoint_public_access = true + profile = "224384469011-lab-dev-gov" + + # Tags applied to AWS objects created + tags = { + "Environment" = "dev" + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } + + aws_auth_roles = [ + { + rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8" + aws_rolename : "" + username : "admin" + groups = ["system:masters"] + }, + { + rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa" + aws_rolename : "" + username : "admin" + groups = ["system:masters"] + } + ] +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +inputs = { + profile = local.profile + vpc_name = local.eks_vpc_name + cluster_name = local.cluster_name + cluster_version = local.cluster_version + eks_instance_disk_size = local.eks_instance_disk_size + eks_vpc_name = local.eks_vpc_name + #eks_instance_types = local.eks_instance_types + eks_ng_desired_size = local.eks_ng_desired_size + eks_ng_max_size = local.eks_ng_max_size + eks_ng_min_size = local.eks_ng_min_size + operators_ns = local.operators_ns + enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions + cluster_endpoint_public_access = local.cluster_endpoint_public_access + tags = local.tags + aws_auth_roles = local.aws_auth_roles + domain = local.domain +} diff --git a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl new file mode 100644 index 0000000..d0686b5 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl @@ -0,0 +1,73 @@ +locals { + # Automatically load _envcommon, cross account and environment common variables + # common_vars = read_terragrunt_config("${dirname(find_in_parent_folders())}/_envcommon/common-variables.hcl", "skip-account-if-does-not-exist") + // "${get_tfvars_dir()}/${find_in_parent_folders("account.tfvars", "skip-account-if-does-not-exist")}", + + # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + + # Automatically load region-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + + # Automatically load vpc-level variables + # Not applicable in this demo, but including for reference, would be next level of variables and configurations + # vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist")) + + # Extract the variables we need for easy access + account_name = local.account_vars.locals.account_name + account_id = local.account_vars.locals.aws_account_id + organization = "census:ocio:csvd" + project_number = "fs0000000078" + project_name = "csvd_platformbaseline" + project_role = "csvd_platformbaseline_mcm" + creator = "matthew.c.morgan@census.gov" +} + +generate "provider" { + path = "provider.tf" + if_exists = "overwrite_terragrunt" + contents = < Date: Tue, 9 Jul 2024 20:24:12 -0400 Subject: [PATCH 02/14] thismvaye --- .../vpc/mcmCluster/eks-config/terragrunt.hcl | 67 +++++++++++++++++++ .../vpc/mcmCluster/eks/terragrunt.hcl | 10 ++- .../vpc/mcmCluster/terragrunt.hcl | 4 +- 3 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl new file mode 100644 index 0000000..ae4a9c1 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl @@ -0,0 +1,67 @@ +locals { + # In which AWS region are operations being performed + # vpc_id = "vpc-0280f77b373744eaa" + # profile = "224384469011-lab-dev-gov.inf-admin-t3" + # cluster_name = "platform-eng-eks-test" + # subnets = [ + # "subnet-078b228071c609a50", + # "subnet-02c2250b9ec2dd6a2", + # "subnet-07a6339be3670fb41", + # ] + # security_group_all_worker_mgmt_id = "sg-02b62e91afdbeba6b" + # eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"] + + # region = "us-gov-east-1" + # oidc_provider_arn = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828" + + tag_costallocation = "census:csvd:platformbaseline" + region = "us-gov-east-1" + tags = { + + "eks-cluster-name" = "platform-eng-eks-test" + "CostAllocation" = "census:csvd:platformbaseline" + "boc:tf_module_version" = "1.0.0" + "boc:created_by" = "terraform" + } +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test-config/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + #dynamodb_table = "my-lock-table" + } +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + profile = dependency.eks.inputs.profile + vpc_id = dependency.eks.outputs.vpc_id + cluster_name = dependency.eks.inputs.cluster_name + cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name + subnets = dependency.eks.outputs.subnets + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + tags = local.tags + tag_costallocation = local.tag_costallocation + region = local.region +} diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl index 4aa2020..4d559ee 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl @@ -4,6 +4,7 @@ include "root" { } locals { + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) # In which AWS region are operations being performed vpc_name = "vpc3-lab-dev" cluster_name = "platform-eng-eks-mcm" @@ -18,7 +19,7 @@ locals { enable_cluster_creator_admin_permissions = true cluster_endpoint_public_access = true profile = "224384469011-lab-dev-gov" - + region = local.region_vars.locals.aws_region # Tags applied to AWS objects created tags = { "Environment" = "dev" @@ -33,6 +34,12 @@ locals { username : "admin" groups = ["system:masters"] }, + { + rolearn : "arn:aws-us-gov:iam::224384469011:role/r-inf-terraform" + aws_rolename : "" + username : "admin" + groups = ["system:masters"] + }, { rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa" aws_rolename : "" @@ -67,4 +74,5 @@ inputs = { tags = local.tags aws_auth_roles = local.aws_auth_roles domain = local.domain + region = local.region } diff --git a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl index d0686b5..35e7ada 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl @@ -21,6 +21,7 @@ locals { project_name = "csvd_platformbaseline" project_role = "csvd_platformbaseline_mcm" creator = "matthew.c.morgan@census.gov" + profile = "224384469011-lab-dev-gov" } generate "provider" { @@ -28,7 +29,8 @@ generate "provider" { if_exists = "overwrite_terragrunt" contents = < Date: Tue, 9 Jul 2024 20:32:11 -0400 Subject: [PATCH 03/14] update ignores --- lab/us-gov-east-1/vpc/mcmCluster/.gitignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/.gitignore diff --git a/lab/us-gov-east-1/vpc/mcmCluster/.gitignore b/lab/us-gov-east-1/vpc/mcmCluster/.gitignore new file mode 100644 index 0000000..f8a9f3e --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/.gitignore @@ -0,0 +1,3 @@ +backend.tf +provider.tf +.terragrunt-cache/ From d3a9b07ae89c89d46d28adb36b84f67b6adcaa0a Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 9 Jul 2024 21:04:14 -0400 Subject: [PATCH 04/14] add other addons --- .../eks-cert-manager/terragrunt.hcl | 23 +++++++++++++ .../vpc/mcmCluster/eks-config/terragrunt.hcl | 20 ++--------- .../vpc/mcmCluster/eks-istio/terragrunt.hcl | 33 +++++++++++++++++++ .../vpc/mcmCluster/eks-loki/terragrunt.hcl | 32 ++++++++++++++++++ 4 files changed, 90 insertions(+), 18 deletions(-) create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl new file mode 100644 index 0000000..c0c10db --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl @@ -0,0 +1,23 @@ +terraform { +# source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-eks-cert-manager" + # source = "./cert-mgr.tf" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git" + +# cluster_name = var.cluster_name +# contact_email = var.cluster_mailing_list + +# tags = merge( +# local.base_tags, +# local.common_tags +# ) +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + cluster_name = dependency.eks.inputs.cluster_name + profile = dependency.eks.inputs.profile + contact_email = "srinivasa.nangunuri@census.gov" +} diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl index ae4a9c1..0482930 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl @@ -17,8 +17,7 @@ locals { tag_costallocation = "census:csvd:platformbaseline" region = "us-gov-east-1" tags = { - - "eks-cluster-name" = "platform-eng-eks-test" + "eks-cluster-name" = "platform-eng-eks-mcm" "CostAllocation" = "census:csvd:platformbaseline" "boc:tf_module_version" = "1.0.0" "boc:created_by" = "terraform" @@ -26,28 +25,13 @@ locals { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=lokiv3" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] } } -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite_terragrunt" - } - config = { - bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "platform-eks-test-config/terraform.tfstate" - region = "us-gov-east-1" - encrypt = true - #dynamodb_table = "my-lock-table" - } -} - dependency "eks" { config_path = "../eks" } diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl new file mode 100644 index 0000000..6e02208 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl @@ -0,0 +1,33 @@ +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=1.0.4" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test-istio/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + } +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + profile = dependency.eks.inputs.profile + cluster_name = dependency.eks.inputs.cluster_name + region = "us-gov-east-1" + istio_chart_version = "1.22.1" + istio_version = "1.22.1" +} diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl new file mode 100644 index 0000000..62a03c5 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl @@ -0,0 +1,32 @@ +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" + key = "platform-eks-test-loki/terraform.tfstate" + region = "us-gov-east-1" + encrypt = true + } +} + +dependency "eks" { + config_path = "../eks" +} + +inputs = { + profile = dependency.eks.inputs.profile + cluster_name = dependency.eks.inputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + region = "us-gov-east-1" +} From f9299c100f492ce9f8afbda439c24b36d126a191 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 9 Jul 2024 21:23:56 -0400 Subject: [PATCH 05/14] cert-manager --- .../vpc/mcmCluster/eks-cert-manager/terragrunt.hcl | 2 +- lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl index c0c10db..f09013f 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl @@ -19,5 +19,5 @@ dependency "eks" { inputs = { cluster_name = dependency.eks.inputs.cluster_name profile = dependency.eks.inputs.profile - contact_email = "srinivasa.nangunuri@census.gov" + contact_email = dependency.eks.inputs.creator } diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl index 4d559ee..ee2653e 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl @@ -20,6 +20,8 @@ locals { cluster_endpoint_public_access = true profile = "224384469011-lab-dev-gov" region = local.region_vars.locals.aws_region + cluster_mailing_list = "matthew.c.morgan@census.gov" + # Tags applied to AWS objects created tags = { "Environment" = "dev" @@ -75,4 +77,5 @@ inputs = { aws_auth_roles = local.aws_auth_roles domain = local.domain region = local.region + creator = local.cluster_mailing_list } From 6c4db947955ac7d1d39813bb8776d1949a15d7e2 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 9 Jul 2024 22:35:20 -0400 Subject: [PATCH 06/14] full cluster maybe --- .../mcmCluster/eks-cert-manager/terragrunt.hcl | 14 ++++---------- .../vpc/mcmCluster/eks-config/terragrunt.hcl | 15 --------------- .../vpc/mcmCluster/eks-istio/terragrunt.hcl | 16 +--------------- .../vpc/mcmCluster/eks-loki/terragrunt.hcl | 16 +--------------- 4 files changed, 6 insertions(+), 55 deletions(-) diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl index f09013f..98f6509 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl @@ -1,15 +1,9 @@ terraform { -# source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acmpca-eks-cert-manager" - # source = "./cert-mgr.tf" source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git" - -# cluster_name = var.cluster_name -# contact_email = var.cluster_mailing_list - -# tags = merge( -# local.base_tags, -# local.common_tags -# ) + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } } dependency "eks" { diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl index 0482930..e130bf1 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl @@ -1,19 +1,4 @@ locals { - # In which AWS region are operations being performed - # vpc_id = "vpc-0280f77b373744eaa" - # profile = "224384469011-lab-dev-gov.inf-admin-t3" - # cluster_name = "platform-eng-eks-test" - # subnets = [ - # "subnet-078b228071c609a50", - # "subnet-02c2250b9ec2dd6a2", - # "subnet-07a6339be3670fb41", - # ] - # security_group_all_worker_mgmt_id = "sg-02b62e91afdbeba6b" - # eks_managed_node_groups_autoscaling_group_names = ["eks-eks-platform-eng-eks-test-nodegroup-20240501173536404400000016-3ec79a9c-f002-40c6-8358-29fbacfbb3e8"] - - # region = "us-gov-east-1" - # oidc_provider_arn = "arn:aws-us-gov:iam::224384469011:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/7DE08671C3526A48AD5537E814DC2828" - tag_costallocation = "census:csvd:platformbaseline" region = "us-gov-east-1" tags = { diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl index 6e02208..9bc8a48 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl @@ -6,20 +6,6 @@ terraform { } } -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite_terragrunt" - } - config = { - bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "platform-eks-test-istio/terraform.tfstate" - region = "us-gov-east-1" - encrypt = true - } -} - dependency "eks" { config_path = "../eks" } @@ -27,7 +13,7 @@ dependency "eks" { inputs = { profile = dependency.eks.inputs.profile cluster_name = dependency.eks.inputs.cluster_name - region = "us-gov-east-1" + region = dependency.eks.inputs.region istio_chart_version = "1.22.1" istio_version = "1.22.1" } diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl index 62a03c5..d414620 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl @@ -6,20 +6,6 @@ terraform { } } -remote_state { - backend = "s3" - generate = { - path = "backend.tf" - if_exists = "overwrite_terragrunt" - } - config = { - bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "platform-eks-test-loki/terraform.tfstate" - region = "us-gov-east-1" - encrypt = true - } -} - dependency "eks" { config_path = "../eks" } @@ -28,5 +14,5 @@ inputs = { profile = dependency.eks.inputs.profile cluster_name = dependency.eks.inputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - region = "us-gov-east-1" + region = dependency.eks.inputs.region } From ded4ea046b39e79e602bbce47d6b9f4c4fd9fa25 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 9 Jul 2024 23:37:12 -0400 Subject: [PATCH 07/14] use data --- .../vpc/mcmCluster/eks-config/providers.tf | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf new file mode 100644 index 0000000..7346788 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf @@ -0,0 +1,30 @@ + + +provider "aws" { + profile = var.profile + region = var.region +} + +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token + } +} From 051eeb1f986dc918d03ee6b3d3091fbb066ad5aa Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 10 Jul 2024 17:59:45 -0400 Subject: [PATCH 08/14] add providres --- .../vpc/mcmCluster/eks-istio/providers.tf | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf new file mode 100644 index 0000000..7346788 --- /dev/null +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf @@ -0,0 +1,30 @@ + + +provider "aws" { + profile = var.profile + region = var.region +} + +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token + } +} From 0d9b701f52a021f6303d66f6f921be673aca195d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 18:31:25 -0400 Subject: [PATCH 09/14] update gruntfile --- .../vpc/mcmCluster/terragrunt.hcl | 29 ++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl index 35e7ada..5ddd584 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl @@ -45,10 +45,33 @@ provider "aws" { Terragrunt = "true" } } - # Only these AWS Account IDs may be operated on by this template allowed_account_ids = ["${local.account_id}"] } + +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token + } +} EOF } @@ -60,7 +83,7 @@ remote_state { } config = { bucket = "tg-infrastructure-tf-state-lab-dev-ew-us-gov-east-1" - key = "${local.project_number}/${local.project_name}/terraform.tfstate" + key = "${local.project_number}/${local.project_name}/${local.project_role}/terraform.tfstate" region = local.region_vars.locals.aws_region encrypt = true dynamodb_table = "tf_remote_state" @@ -68,8 +91,6 @@ remote_state { } inputs = merge( - # local.common_vars.locals, local.account_vars.locals, local.region_vars.locals, - # local.vpc_vars.locals, ) From 5233f3b0eb7f7fcb411eecded6d4a53ea14a05e4 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 18:35:06 -0400 Subject: [PATCH 10/14] use lokiv3 branch for eks --- .gitignore | 38 +++++++++++++++++++ .../vpc/mcmCluster/eks/terragrunt.hcl | 2 +- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7c1cae9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,38 @@ +# Local .terraform directories +**/.terraform/* + +# terraform lock file. +**/.terraform.lock.hcl + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, +# such as password, private keys, and other secrets. These should not be +# part of version control as they are data points which are potentially +# sensitive and subject to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources +# locally and so are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl index ee2653e..a8b6e9e 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl @@ -52,7 +52,7 @@ locals { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=lokiv3" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] From 0325d44b0fa60bc1ebaa0171e27e697a139e4a63 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 18 Jul 2024 18:44:23 -0400 Subject: [PATCH 11/14] deps --- lab/us-gov-east-1/vpc/cluster/terragrunt.hcl | 72 +++++++++++++++++++ .../eks-cert-manager/terragrunt.hcl | 6 ++ .../vpc/mcmCluster/eks-istio/terragrunt.hcl | 3 + .../vpc/mcmCluster/eks-loki/terragrunt.hcl | 6 ++ 4 files changed, 87 insertions(+) create mode 100644 lab/us-gov-east-1/vpc/cluster/terragrunt.hcl diff --git a/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl new file mode 100644 index 0000000..c7e9f23 --- /dev/null +++ b/lab/us-gov-east-1/vpc/cluster/terragrunt.hcl @@ -0,0 +1,72 @@ +locals { + # Automatically load _envcommon, cross account and environment common variables + # common_vars = read_terragrunt_config("${dirname(find_in_parent_folders())}/_envcommon/common-variables.hcl", "skip-account-if-does-not-exist") + // "${get_tfvars_dir()}/${find_in_parent_folders("account.tfvars", "skip-account-if-does-not-exist")}", + + # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + + # Automatically load region-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + + # Automatically load vpc-level variables + # Not applicable in this demo, but including for reference, would be next level of variables and configurations + # vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist")) + + # Extract the variables we need for easy access + account_name = local.account_vars.locals.account_name + account_id = local.account_vars.locals.aws_account_id + organization = "census:ocio:csvd" + project_number = "fs0000000078" + project_name = "csvd_platformbaseline" + project_role = "csvd_platformbaseline_app" +} + +generate "provider" { + path = "provider.tf" + if_exists = "overwrite_terragrunt" + contents = < Date: Thu, 18 Jul 2024 19:20:17 -0400 Subject: [PATCH 12/14] providers stuff --- .gitignore | 4 ++ lab/us-gov-east-1/vpc/mcmCluster/.gitignore | 3 - .../vpc/mcmCluster/eks-config/providers.tf | 30 -------- .../vpc/mcmCluster/eks-config/terragrunt.hcl | 30 ++++++++ .../vpc/mcmCluster/eks/terragrunt.hcl | 56 +++++++-------- terragrunt.hcl | 72 ------------------- 6 files changed, 62 insertions(+), 133 deletions(-) delete mode 100644 lab/us-gov-east-1/vpc/mcmCluster/.gitignore delete mode 100644 lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf delete mode 100644 terragrunt.hcl diff --git a/.gitignore b/.gitignore index 7c1cae9..4b51fc4 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,7 @@ override.tf.json .terraformrc terraform.rc +# include tg stuff +.terragrunt-cache/ +backend.tf +provider*.tf diff --git a/lab/us-gov-east-1/vpc/mcmCluster/.gitignore b/lab/us-gov-east-1/vpc/mcmCluster/.gitignore deleted file mode 100644 index f8a9f3e..0000000 --- a/lab/us-gov-east-1/vpc/mcmCluster/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -backend.tf -provider.tf -.terragrunt-cache/ diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf deleted file mode 100644 index 7346788..0000000 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/providers.tf +++ /dev/null @@ -1,30 +0,0 @@ - - -provider "aws" { - profile = var.profile - region = var.region -} - -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_eks_cluster_auth" "cluster" { - name = var.cluster_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.cluster.endpoint - - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token -} - -provider "helm" { - kubernetes { - host = data.aws_eks_cluster.cluster.endpoint - - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token - } -} diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl index e130bf1..eca7f1b 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl @@ -34,3 +34,33 @@ inputs = { tag_costallocation = local.tag_costallocation region = local.region } + +generate "provider-eks" { + path = "provider.tf" + if_exists = "overwrite_terragrunt" + contents = < Date: Thu, 18 Jul 2024 19:21:47 -0400 Subject: [PATCH 13/14] only aws --- .../vpc/mcmCluster/terragrunt.hcl | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl index 5ddd584..6455f13 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/terragrunt.hcl @@ -48,30 +48,6 @@ provider "aws" { # Only these AWS Account IDs may be operated on by this template allowed_account_ids = ["${local.account_id}"] } - -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_eks_cluster_auth" "cluster" { - name = var.cluster_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.cluster.endpoint - - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token -} - -provider "helm" { - kubernetes { - host = data.aws_eks_cluster.cluster.endpoint - - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token - } -} EOF } From 522416a03b51c5e186edc6c6ae66a7f13e69384d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 19 Jul 2024 00:59:22 -0400 Subject: [PATCH 14/14] working --- .../vpc/mcmCluster/eks-config/terragrunt.hcl | 4 +-- .../vpc/mcmCluster/eks-loki/terragrunt.hcl | 30 +++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl index eca7f1b..b75605b 100644 --- a/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl @@ -40,11 +40,11 @@ generate "provider-eks" { if_exists = "overwrite_terragrunt" contents = <