diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl new file mode 100644 index 0000000..18483ac --- /dev/null +++ b/lab/_envcommon/aws-provider.hcl @@ -0,0 +1,45 @@ +# lab/_envcommon/aws-provider.hcl + +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = false +} + +# Generate an AWS provider block +generate "aws_provider" { + path = "${get_original_terragrunt_dir()}/aws_provider.tf" + if_exists = "overwrite_terragrunt" + contents = < -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 4d4e9fc..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl deleted file mode 100644 index 4f290f8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl deleted file mode 100644 index 4cf7f5f..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl +++ /dev/null @@ -1,103 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - cluster_endpoint_public_access = true - cluster_name = "platform-eng-cicd-test" - cluster_version = "1.30" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = true - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - terraform = true - terragrunt = true - vpc_domain_name = include.root.inputs.vpc_domain_name - - # Tags applied to AWS objects created - tags = { - "Environment" = local.environment_abbr - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -# Generate an AWS provider block -generate "provider" { - path = "provider.tf" - if_exists = "overwrite_terragrunt" - contents = < -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 308ade0..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable deleted file mode 100644 index 308ade0..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl deleted file mode 100644 index c52ffc3..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=main" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - aws_account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl deleted file mode 100644 index 76397c6..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl +++ /dev/null @@ -1,64 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - vpc_name = include.root.inputs.vpc_name - cluster_name = "platform-test-x" - cluster_version = "1.30" - vpc_domain_name = include.root.inputs.vpc_domain_name - eks_instance_disk_size = 100 - eks_vpc_name = include.root.inputs.vpc_name - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - operators_ns = "operators" - enable_cluster_creator_admin_permissions = true - cluster_endpoint_public_access = true - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_mailing_list = "luther.coleman.mcginty@census.gov" - environment_abbr = include.root.inputs.environment_abbr - - # Tags applied to AWS objects created - tags = { - "Environment" = local.environment_abbr - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=main" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - profile = local.profile - vpc_name = local.eks_vpc_name - cluster_name = local.cluster_name - cluster_version = local.cluster_version - eks_instance_disk_size = local.eks_instance_disk_size - eks_vpc_name = local.eks_vpc_name - # eks_instance_types = local.eks_instance_types - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - operators_ns = local.operators_ns - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - cluster_endpoint_public_access = local.cluster_endpoint_public_access - tags = local.tags - vcp_domain_name = local.vpc_domain_name - region = local.region - creator = local.cluster_mailing_list - os_username = local.cluster_mailing_list - shared_vpc_label = local.environment_abbr -} diff --git a/lab/development/us-gov-east-1/vpc/vpc.hcl b/lab/development/us-gov-east-1/vpc/vpc.hcl index 907ce6d..8da18d0 100644 --- a/lab/development/us-gov-east-1/vpc/vpc.hcl +++ b/lab/development/us-gov-east-1/vpc/vpc.hcl @@ -1,6 +1,8 @@ +# lab/development/us-gov-east-1/vpc/vpc.hcl + # Set VPC specific variables. These are automatically pulled in to configure the remote state bucket in the root # terragrunt.hcl configuration. locals { vpc_name = "vpc3-lab-dev" vpc_domain_name = "dev.lab.csp2.census.gov" -} \ No newline at end of file +} diff --git a/lab/terragrunt.hcl b/lab/root.hcl similarity index 83% rename from lab/terragrunt.hcl rename to lab/root.hcl index cc780ba..87fe323 100644 --- a/lab/terragrunt.hcl +++ b/lab/root.hcl @@ -1,35 +1,35 @@ +# lab/root.hcl + # --------------------------------------------------------------------------------------------------------------------- # TERRAGRUNT CONFIGURATION # Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules, # remote state, and locking: https://github.com/gruntwork-io/terragrunt # --------------------------------------------------------------------------------------------------------------------- - locals { - # Automatically load _envcommon, cross account and environment common variables - common_vars = read_terragrunt_config("${dirname(find_in_parent_folders())}/_envcommon/common-variables.hcl", "skip-account-if-does-not-exist") - # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + # Automatically load _envcommon, cross account and environment common variables + common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) + + # Automatically load versions + versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl")) + + # Automatically load cluster-level variables + cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl")) + # Automatically load region-level variables - region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl", "skip-account-if-does-not-exist")) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) # Automatically load vpc-level variables - vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist")) + vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) # Extract the variables we need for easy access - account_name = local.account_vars.locals.account_name account_id = local.account_vars.locals.aws_account_id aws_profile = local.account_vars.locals.aws_profile aws_region = local.region_vars.locals.aws_region - organization = local.common_vars.locals.organization - project_number = local.common_vars.locals.project_number - project_name = local.common_vars.locals.project_name - project_role = local.common_vars.locals.project_role - state_bucket_prefix = "inf-tfstate" - state_table_name = "tf_remote_state" - terraform = true - terragrunt = true + state_bucket_prefix = local.common_vars.locals.state_bucket_prefix + state_table_name = local.common_vars.locals.state_table_name } # Configure Terragrunt to automatically store tfstate files in an S3 bucket @@ -64,8 +64,10 @@ remote_state { # Configure root level variables that all resources can inherit. This is especially helpful with multi-account configs # where terraform_remote_state data sources are placed directly into the modules. inputs = merge( - local.common_vars.locals, local.account_vars.locals, + local.cluster_vars.locals, + local.common_vars.locals, local.region_vars.locals, - local.vpc_vars.locals, + local.versions.locals, + local.vpc_vars.locals )