From 770a5677b81e95ce7d53fff90caaf51cddfd9888 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 6 Nov 2024 19:06:23 -0500 Subject: [PATCH 01/10] fix(providers): generate providers at run --- lab/_envcommon/aws-provider.hcl | 36 ++++++ lab/_envcommon/common-variables.hcl | 14 ++- lab/_envcommon/helm-provider.hcl | 40 +++++++ lab/_envcommon/kubernetes-provider.hcl | 38 +++++++ .../eks-dns/terragrunt.hcl | 2 +- .../eks-k8s-dashboard/terragrunt.hcl | 12 +- .../platform-eng-cicd-test/eks/terragrunt.hcl | 54 +-------- .../vpc/platform-eng-eks-mcm/cluster.hcl | 21 ++++ .../eks-cert-manager/terragrunt.hcl | 13 ++- .../eks-config/terragrunt.hcl | 73 ++++++++++-- .../eks-dns/terragrunt.hcl | 7 +- .../eks-grafana/terragrunt.hcl | 5 +- .../eks-istio/terragrunt.hcl | 5 +- .../eks-k8s-dashboard/terragrunt.hcl | 18 +-- .../eks-karpenter/terragrunt.hcl | 5 +- .../eks-kiali/terragrunt.hcl.disable | 5 +- .../eks-loki/terragrunt.hcl | 5 +- .../eks-metrics-server/terragrunt.hcl | 10 +- .../eks-prometheus/terragrunt.hcl | 5 +- .../eks-tempo/terragrunt.hcl | 5 +- .../platform-eng-eks-mcm/eks/terragrunt.hcl | 105 ++++++++---------- lab/{terragrunt.hcl => root.hcl} | 28 ++--- 22 files changed, 327 insertions(+), 179 deletions(-) create mode 100644 lab/_envcommon/aws-provider.hcl create mode 100644 lab/_envcommon/helm-provider.hcl create mode 100644 lab/_envcommon/kubernetes-provider.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl rename lab/{terragrunt.hcl => root.hcl} (85%) diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl new file mode 100644 index 0000000..e7357e1 --- /dev/null +++ b/lab/_envcommon/aws-provider.hcl @@ -0,0 +1,36 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +# Generate an AWS provider block +generate "aws_provider" { + path = "${get_original_terragrunt_dir()}/aws_provider.tf" + if_exists = "overwrite_terragrunt" + contents = < Date: Wed, 6 Nov 2024 19:58:18 -0500 Subject: [PATCH 02/10] add versions --- lab/_envcommon/aws-provider.hcl | 19 +++++++++----- lab/_envcommon/common-variables.hcl | 1 + lab/_envcommon/default-versions.hcl | 9 +++++++ lab/_envcommon/helm-provider.hcl | 26 ++++++++++++------- lab/_envcommon/kubernetes-provider.hcl | 20 +++++++------- .../vpc/platform-eng-eks-mcm/cluster.hcl | 2 -- lab/root.hcl | 16 ++++-------- 7 files changed, 55 insertions(+), 38 deletions(-) create mode 100644 lab/_envcommon/default-versions.hcl diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl index e7357e1..1cc2bfe 100644 --- a/lab/_envcommon/aws-provider.hcl +++ b/lab/_envcommon/aws-provider.hcl @@ -1,30 +1,37 @@ include "root" { path = find_in_parent_folders("root.hcl") merge_strategy = "deep" - expose = true + expose = false } - + # Generate an AWS provider block generate "aws_provider" { path = "${get_original_terragrunt_dir()}/aws_provider.tf" if_exists = "overwrite_terragrunt" contents = < Date: Wed, 6 Nov 2024 20:29:50 -0500 Subject: [PATCH 03/10] more --- lab/_envcommon/common-variables.hcl | 1 - lab/root.hcl | 14 +++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl index 0978f51..aa8af71 100644 --- a/lab/_envcommon/common-variables.hcl +++ b/lab/_envcommon/common-variables.hcl @@ -12,5 +12,4 @@ locals { state_table_name = "tf_remote_state" terraform = true terragrunt = true - versionshcl = try(read_terragrunt_config("./versions.hcl"), read_terragrunt_config(find_in_parent_folders("default_versions.hcl"))) } diff --git a/lab/root.hcl b/lab/root.hcl index 4ff045c..cba453a 100644 --- a/lab/root.hcl +++ b/lab/root.hcl @@ -5,19 +5,22 @@ # --------------------------------------------------------------------------------------------------------------------- locals { # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) - account_vars = try(read_terragrunt_config(find_in_parent_folders("account.hcl"))) + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) # Automatically load _envcommon, cross account and environment common variables - common_vars = try(read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl"))) + common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) + + # Automatically load versions + versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl")) # Automatically load cluster-level variables - cluster_vars = try(read_terragrunt_config(find_in_parent_folders("cluster.hcl"))) + cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl")) # Automatically load region-level variables - region_vars = try(read_terragrunt_config(find_in_parent_folders("region.hcl"))) + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) # Automatically load vpc-level variables - vpc_vars = try(read_terragrunt_config(find_in_parent_folders("vpc.hcl"))) + vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) # Extract the variables we need for easy access account_id = local.account_vars.locals.aws_account_id @@ -63,5 +66,6 @@ inputs = merge( local.cluster_vars.locals, local.common_vars.locals, local.region_vars.locals, + local.versions.locals, local.vpc_vars.locals ) From fb4e19e98bfca41bdbc2e80c812e91a2f4d8826a Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 7 Nov 2024 14:34:34 -0500 Subject: [PATCH 04/10] more versions --- lab/_envcommon/aws-provider.hcl | 2 +- lab/_envcommon/default-versions.hcl | 45 +++- lab/_envcommon/helm-provider.hcl | 2 +- lab/_envcommon/kubernetes-provider.hcl | 2 +- .../eks-cert-manager/terragrunt.hcl | 39 ---- .../eks-config/terragrunt.hcl | 42 ---- .../eks-dns/terragrunt.hcl | 40 ---- .../eks-grafana/terragrunt.hcl | 39 ---- .../eks-istio/terragrunt.hcl | 31 --- .../eks-k8s-dashboard/terragrunt.hcl | 36 ---- .../eks-karpenter/terragrunt.hcl | 38 ---- .../eks-kiali/terragrunt.hcl.disable | 77 ------- .../eks-loki/terragrunt.hcl | 35 ---- .../eks-metrics-server/terragrunt.hcl | 25 --- .../eks-prometheus/README.md | 198 ------------------ .../eks-prometheus/terragrunt.hcl | 30 --- .../eks-tempo/terragrunt.hcl | 42 ---- .../platform-eng-cicd-test/eks/terragrunt.hcl | 61 ------ .../vpc/platform-eng-eks-mcm/cluster.hcl | 1 - .../eks-cert-manager/terragrunt.hcl | 14 +- .../eks-config/terragrunt.hcl | 62 +----- .../eks-dns/terragrunt.hcl | 2 +- .../eks-grafana/terragrunt.hcl | 8 +- .../eks-istio/terragrunt.hcl | 6 +- .../eks-k8s-dashboard/terragrunt.hcl | 2 +- .../eks-karpenter/terragrunt.hcl | 2 +- .../eks-kiali/terragrunt.hcl.disable | 2 +- .../eks-loki/terragrunt.hcl | 2 +- .../eks-metrics-server/terragrunt.hcl | 2 +- .../eks-prometheus/terragrunt.hcl | 2 +- .../eks-tempo/terragrunt.hcl | 2 +- .../platform-eng-eks-mcm/eks/terragrunt.hcl | 32 +-- .../vpc/platform-eng-eks-test/cluster.hcl | 19 ++ 33 files changed, 88 insertions(+), 854 deletions(-) delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-cert-manager/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-config/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-dns/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-grafana/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-istio/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-k8s-dashboard/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-karpenter/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-kiali/terragrunt.hcl.disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-loki/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-metrics-server/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/README.md delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl index 1cc2bfe..f5abe97 100644 --- a/lab/_envcommon/aws-provider.hcl +++ b/lab/_envcommon/aws-provider.hcl @@ -3,7 +3,7 @@ include "root" { merge_strategy = "deep" expose = false } - + # Generate an AWS provider block generate "aws_provider" { path = "${get_original_terragrunt_dir()}/aws_provider.tf" diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 1dfce15..c610034 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -1,9 +1,44 @@ # lab/_envcommon/default-versions.hcl locals { - aws_version = "5.14.0" - helm_version = "2.11.0" + eks_module_version = "20.28.0" + istio_ingress_version = "${local.release_version}" + custom_service_eks_account = "${local.release_version}" + cluster_version = "1.30.0" + ##################### + # TF Providers + ##################### + aws_version = "5.14.0" + helm_version = "2.11.0" kubernetes_version = "2.33.0" - null_version = "3.2.1" - tf_version = "1.5.0" - template_version = "2.2.0" + null_version = "3.2.1" + tf_version = "1.5.0" + template_version = "2.2.0" + random_version = "3.5.1" + release_version = "0.1.1" + ##################### + + ################ + # k8s-dashboard + ################ + k8s_dashboard_version = "2.7.0" + k8s_dashboard_metrics_scraper = "1.0.8" + ################ + + ################ + # Cert-Manager + ################ + cert_manager_version = "1.16.1" + cert_manager_helm_chart = "${local.cert_manager_version}" + cert_manager_cainjector_tag = "v${local.cert_manager_version}" + cert_manager_controller_tag = "v${local.cert_manager_version}" + cert_manager_startupapicheck_tag = "v${local.cert_manager_version}" + cert_manager_webhook_tag = "v${local.cert_manager_version}" + cluster_issuer_name = "cert-manager" + ################ + + ################ + # Istio + ################ + istio_version = "1.22.1" + } diff --git a/lab/_envcommon/helm-provider.hcl b/lab/_envcommon/helm-provider.hcl index 073a460..9de71e8 100644 --- a/lab/_envcommon/helm-provider.hcl +++ b/lab/_envcommon/helm-provider.hcl @@ -3,7 +3,7 @@ dependency "eks" { config_path = "${get_original_terragrunt_dir()}/../eks" mock_outputs = { - cluster_name = "a-cluster-name" + cluster_name = "a-cluster-name" } } diff --git a/lab/_envcommon/kubernetes-provider.hcl b/lab/_envcommon/kubernetes-provider.hcl index 66e49a7..a004d43 100644 --- a/lab/_envcommon/kubernetes-provider.hcl +++ b/lab/_envcommon/kubernetes-provider.hcl @@ -3,7 +3,7 @@ dependency "eks" { config_path = "${get_original_terragrunt_dir()}/../eks" mock_outputs = { - cluster_name = "a-cluster-name" + cluster_name = "a-cluster-name" } } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index ed589d6..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,39 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -# dependency "karpenter" { -# config_path = "../eks-karpenter" -# skip_outputs = true -# } - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = dependency.eks.inputs.creator - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cert_manager_helm_chart = "1.16.1" - cert_manager_cainjector_tag = "v1.16.1" - cert_manager_controller_tag = "v1.16.1" - cert_manager_startupapicheck_tag = "v1.16.1" - cert_manager_webhook_tag = "v1.16.1" - cluster_issuer_name = "cert-manager" -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-config/terragrunt.hcl deleted file mode 100644 index d1b96dc..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-config/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -# locals { -# tag_costallocation = "census:csvd:platformbaseline" -# } - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - vpc_id = "a-vpc-id" - cluster_name = "a-cluster-name" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ] - security_group_all_worker_mgmt_id = "sg-00b0000000000000" - eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.outputs.cluster_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - # tags = dependency.eks.inputs.tags - # tag_costallocation = local.tag_costallocation - # cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-dns/terragrunt.hcl deleted file mode 100644 index cd5a4c8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] - } -} - -dependency "istio" { - config_path = "../eks-istio" - mock_outputs = { - istio_ingress_lb = { - dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" - zone_id = "ZABC123456DEF" - } - } -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_name = dependency.eks.inputs.vpc_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-grafana/terragrunt.hcl deleted file mode 100644 index ad41bce..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,39 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} -# dependency "eks-tempo" { -# config_path = "../eks-tempo" -# skip_outputs = true -# } - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = "grafana" - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-istio/terragrunt.hcl deleted file mode 100644 index de80020..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,31 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = "1.22.1" - istio_version = "1.22.1" -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index d8587df..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,36 +0,0 @@ - -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - vpc_domain_name = "example.com" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = "dashboard" - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint - # k8s_dashboard_version = "v2.0.0" # NEW IDEA TO START PINNING VERSIONING OF COMPONENT TO TF MODULE VERSION -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 8ae33c1..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - node_group_name = "node_group_a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - vpc_id = "a-vpc-name" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - karpenter_node_group_name = dependency.eks.outputs.node_group_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - vpc_id = dependency.eks.outputs.vpc_id -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-kiali/terragrunt.hcl.disable deleted file mode 100644 index d129107..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-kiali/terragrunt.hcl.disable +++ /dev/null @@ -1,77 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=v0.1.1" - # source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.dev.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.dev.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = "operators" - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url - grafana_secret_name = "grafana" - # grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-loki/terragrunt.hcl deleted file mode 100644 index a20f01d..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,35 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 5d9c5b7..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,25 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 4d4e9fc..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl deleted file mode 100644 index 4f290f8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl deleted file mode 100644 index ea3333e..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-cicd-test/eks/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.account_id - cluster_endpoint_public_access = true - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = true - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - terraform = include.root.locals.terraform - terragrunt = include.root.locals.terragrunt - vpc_domain_name = include.root.inputs.vpc_domain_name - - # Tags applied to AWS objects created - tags = { - "Environment" = local.environment_abbr - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=0.1.1" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - cluster_endpoint_public_access = local.cluster_endpoint_public_access - cluster_name = local.cluster_name - cluster_version = local.cluster_version - creator = local.creator - eks_instance_disk_size = local.eks_instance_disk_size - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - eks_vpc_name = local.eks_vpc_name - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - os_username = local.creator - shared_vpc_label = local.environment_abbr - tags = local.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl index ebbce28..bf4f842 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl @@ -3,7 +3,6 @@ locals { cluster_endpoint_public_access = true cluster_name = "platform-eng-eks-mcm" - cluster_version = "1.30" creator = "matthew.c.morgan@census.gov" eks_instance_disk_size = 100 eks_ng_desired_size = 2 diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl index f6be0fb..35e355a 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -31,10 +31,10 @@ inputs = { oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region - cert_manager_helm_chart = "1.16.1" - cert_manager_cainjector_tag = "v1.16.1" - cert_manager_controller_tag = "v1.16.1" - cert_manager_startupapicheck_tag = "v1.16.1" - cert_manager_webhook_tag = "v1.16.1" - cluster_issuer_name = "cert-manager" + cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart + cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag + cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag + cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag + cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag + cluster_issuer_name = include.root.inputs.cluster_issuer_name } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl index b13262c..79f3f5c 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl @@ -1,13 +1,13 @@ # lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl include "root" { - path = find_in_parent_folders("root.hcl") + path = find_in_parent_folders("root.hcl") merge_strategy = "deep" - expose = true + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -17,70 +17,18 @@ terraform { dependency "eks" { config_path = "../eks" mock_outputs = { - cluster_certificate_authority_data = [{data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP"}] + cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" cluster_name = "a-cluster-name" eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" security_group_all_worker_mgmt_id = "sg-00b0000000000000" subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - token = [{token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER"}] + token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] vpc_id = "a-vpc-id" } } -# locals { -# kube_provider = read_terragrunt_config(find_in_parent_folders("_envcommon/kubernetes-provider.hcl")) -# } - -# generate = local.kube_provider.generate - -# # Generate a k8s provider block -# generate "kube_provider" { -# path = "kube_provider.tf" -# if_exists = "overwrite_terragrunt" -# contents = <<-EOF -# terraform { -# required_version = ">= 1.5.0" -# } -# data "aws_eks_cluster" "kube" { -# name = "${dependency.eks.outputs.cluster_name}" -# } -# data "aws_eks_cluster_auth" "kube" { -# name = "${dependency.eks.outputs.cluster_name}" -# } -# provider "kubernetes" { -# host = data.aws_eks_cluster.kube[0].endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.kube[0].certificate_authority[0].data) -# token = data.aws_eks_cluster_auth.kube.token -# } -# EOF -# } - -# # Generate a helm provider block -# generate "helm_provider" { -# path = "helm_provider.tf" -# if_exists = "overwrite_terragrunt" -# contents = <<-EOF -# terraform { -# required_version = ">= 1.5.0" -# } -# data "aws_eks_cluster" "helm" { -# name = "${dependency.eks.outputs.cluster_name}" -# } -# data "aws_eks_cluster_auth" "helm" { -# name = "${dependency.eks.outputs.cluster_name}" -# } -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.helm[0].endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.helm[0].certificate_authority[0].data) -# token = data.aws_eks_cluster_auth.helm.token -# } -# } -# EOF -# } - inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl index fb61c7a..b443699 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl index 62eecce..4f4bcac 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -24,10 +24,7 @@ dependency "eks-loki" { rwo_storage_class = "gp3-encrypted" } } -# dependency "eks-tempo" { -# config_path = "../eks-tempo" -# skip_outputs = true -# } + inputs = { profile = include.root.inputs.aws_profile @@ -36,5 +33,4 @@ inputs = { cluster_domain = dependency.eks.inputs.vpc_domain_name public_hostname = "grafana" rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl index 161aea8..c7c22c8 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -27,6 +27,6 @@ inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = "1.22.1" - istio_version = "1.22.1" + istio_chart_version = include.root.inputs.istio_version + istio_version = include.root.inputs.istio_version } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl index ba97001..1e7e537 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl index eefcf2f..7e5ef48 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable index 6505e20..c59f9ac 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" # source = "../../../../../../../tfmod-kiali" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl index 7facd18..6c225ff 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl index c5ec815..c0e5408 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl index 6e059b6..5fa3d05 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl index 2f1d8ea..d4d72bd 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl index bf6e9d5..cc7c893 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl @@ -31,43 +31,13 @@ locals { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=0.1.1" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] } } -# generate "aws_provider" { -# path = "aws_provider.tf" -# if_exists = "overwrite_terragrunt" -# contents = < Date: Thu, 7 Nov 2024 19:51:32 -0500 Subject: [PATCH 05/10] even more --- lab/_envcommon/common-variables.hcl | 8 ++ lab/_envcommon/default-versions.hcl | 77 ++++++++++++++++--- .../eks-config/terragrunt.hcl | 1 + .../eks-dns/terragrunt.hcl | 17 ++-- .../eks-grafana/terragrunt.hcl | 18 +++-- .../eks-k8s-dashboard/terragrunt.hcl | 12 +-- .../eks-karpenter/terragrunt.hcl | 4 + .../eks-kiali/terragrunt.hcl.disable | 3 + .../eks-loki/terragrunt.hcl | 16 +++- .../eks-metrics-server/terragrunt.hcl | 8 +- .../eks-prometheus/terragrunt.hcl | 13 +++- 11 files changed, 137 insertions(+), 40 deletions(-) diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl index aa8af71..3ea745d 100644 --- a/lab/_envcommon/common-variables.hcl +++ b/lab/_envcommon/common-variables.hcl @@ -12,4 +12,12 @@ locals { state_table_name = "tf_remote_state" terraform = true terragrunt = true + route53_endpoints = { + route53_main = { + "account_id" = "269244441389" + "alias" = "lab-gov-network-nonprod" + "us-gov-east-1" = "vpc-070595c5b133243dd" + "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1" + } + } } diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index c610034..41b15a9 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -1,9 +1,13 @@ # lab/_envcommon/default-versions.hcl locals { - eks_module_version = "20.28.0" - istio_ingress_version = "${local.release_version}" + ##################### + # Module Versions + ##################### + eks_module_version = "20.28.0" + istio_ingress_version = "${local.release_version}" custom_service_eks_account = "${local.release_version}" - cluster_version = "1.30.0" + cluster_version = "1.30.0" + ##################### # TF Providers ##################### @@ -15,30 +19,85 @@ locals { template_version = "2.2.0" random_version = "3.5.1" release_version = "0.1.1" + + ##################### + # EKS Config ##################### + kubectl_image_tag = "1.30.4" ################ # k8s-dashboard ################ - k8s_dashboard_version = "2.7.0" + dashboard_hostname = "dashboard" + k8s_dashboard_version = "2.7.0" k8s_dashboard_metrics_scraper = "1.0.8" - ################ ################ # Cert-Manager ################ - cert_manager_version = "1.16.1" - cert_manager_helm_chart = "${local.cert_manager_version}" + cluster_issuer_name = "cert-manager" cert_manager_cainjector_tag = "v${local.cert_manager_version}" cert_manager_controller_tag = "v${local.cert_manager_version}" + cert_manager_helm_chart = "${local.cert_manager_version}" cert_manager_startupapicheck_tag = "v${local.cert_manager_version}" + cert_manager_version = "1.16.1" cert_manager_webhook_tag = "v${local.cert_manager_version}" - cluster_issuer_name = "cert-manager" - ################ ################ # Istio ################ istio_version = "1.22.1" + ################ + # Grafana + ################ + download_dashboards_image_tag = "7.85.0" + grafana_chart_version = "8.5.0" + grafana_hostname = "grafana" + grafana_tag = "11.1.5" + init_chown_data_image_tag = "1.31.1" + + ################ + # Karpenter + ################ + karpenter_helm_chart = "1.0.6" + karpenter_tag = "1.0.6" + + ################ + # Kiali + ################ + kiali_operator_version = "1.73.0" + kiali_application_version = "v${local.kiali_operator_version}" + + ################ + # Loki + ################ + loki_chart_version = "6.10.2" + loki_tag = "3.1.1" + canary_tag = "3.0.0" + enterprise_logs_provisioner_tag = "v1.7.0" + gateway_tag = "1.25.2-alpine" + memcached_tag = "1.6.23-alpine" + exporter_tag = "v0.14.4" + sidecar_tag = "1.27.4" + + ################ + # Metrics Server + ################ + metrics_server_helm_chart = "3.12.1" + metrics_server_tag = "v0.7.1" + + ################ + # Prometheus + ################ + prometheus_chart_version = "25.26.0" + prometheus_server_tag = "v2.54.0" + prometheus_config_reloader_tag = "v0.75.2" + alertmanager_tag = "v0.27.0" + kube_state_metrics_tag = "v2.13.0" + node_exporter_tag = "v1.8.2" + pushgateway_tag = "v1.9.0" + + + } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl index 79f3f5c..d4a60db 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl @@ -38,4 +38,5 @@ inputs = { security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + kubectl_image_tag = include.root.inputs.kubectl_image_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl index b443699..6e28781 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl @@ -30,12 +30,13 @@ dependency "istio" { } inputs = { - cluster_name = dependency.eks.inputs.cluster_name - istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_name = dependency.eks.inputs.vpc_name + cluster_name = dependency.eks.inputs.cluster_name + istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + subnets = dependency.eks.outputs.subnets + tags = dependency.eks.inputs.tags + vpc_domain_name = dependency.eks.inputs.vpc_domain_name + vpc_name = dependency.eks.inputs.vpc_name + route53_endpoints = include.root.inputs.route53_endpoints } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl index 4f4bcac..65ab33f 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl @@ -18,6 +18,7 @@ dependency "eks" { cluster_name = "a-cluster-name" } } + dependency "eks-loki" { config_path = "../eks-loki" mock_outputs = { @@ -25,12 +26,15 @@ dependency "eks-loki" { } } - inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = "grafana" - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.grafana_hostname + rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class + grafana_chart_version = include.root.inputs.grafana_chart_version + grafana_tag = include.root.inputs.grafana_tag + download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag + init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl index 1e7e537..cd1961b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl @@ -26,11 +26,11 @@ dependency "eks-loki" { } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = "dashboard" + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.dashboard_hostname + k8s_dashboard_version = include.root.inputs.k8s_dashboard_version # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint - # k8s_dashboard_version = "v2.0.0" # NEW IDEA TO START PINNING VERSIONING OF COMPONENT TO TF MODULE VERSION } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl index 7e5ef48..6b1a862 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl @@ -36,4 +36,8 @@ inputs = { karpenter_node_group_name = dependency.eks.outputs.node_group_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn vpc_id = dependency.eks.outputs.vpc_id + karpenter_helm_chart = include.root.inputs.karpenter_helm_chart + karpenter_tag = include.root.inputs.karpenter_tag + kubectl_tag = include.root.inputs.kubectl_image_tag + } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable index c59f9ac..1e04fe0 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable @@ -54,6 +54,9 @@ dependency "eks-grafana" { } inputs = { + kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_application_version = include.root.inputs.kiali_application_version + profile = include.root.inputs.aws_profile cluster_domain = dependency.eks.inputs.vpc_domain_name operators_namespace = "operators" diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl index 6c225ff..2c6b6be 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl @@ -29,8 +29,16 @@ dependency "eks-prometheus" { } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + loki_chart_version = include.root.inputs.loki_chart_version + loki_tag = include.root.inputs.loki_tag + canary_tag = include.root.inputs.canary_tag + enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag + gateway_tag = include.root.inputs.gateway_tag + memcached_tag = include.root.inputs.memcached_tag + exporter_tag = include.root.inputs.exporter_tag + sidecar_tag = include.root.inputs.sidecar_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl index c0e5408..387653b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl @@ -25,7 +25,9 @@ dependency "eks_config" { } inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region + profile = include.root.inputs.aws_profile + cluster_name = dependency.eks.outputs.cluster_name + region = include.root.inputs.aws_region + metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart + metrics_server_tag = include.root.inputs.metrics_server_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl index 5fa3d05..e6c54b1 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl @@ -25,7 +25,14 @@ dependency "eks-dns" { } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + prometheus_chart_version = include.root.inputs.prometheus_chart_version + prometheus_server_tag = include.root.inputs.prometheus_server_tag + prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag + alertmanager_tag = include.root.inputs.alertmanager_tag + kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag + node_exporter_tag = include.root.inputs.node_exporter_tag + pushgateway_tag = include.root.inputs.pushgateway_tag } From 677ee17e2310abe7198e9e524dee46d19bb6c73d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 7 Nov 2024 19:54:35 -0500 Subject: [PATCH 06/10] add tempo --- lab/_envcommon/default-versions.hcl | 7 +++++-- .../vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 41b15a9..673b820 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -98,6 +98,9 @@ locals { node_exporter_tag = "v1.8.2" pushgateway_tag = "v1.9.0" - - + ################ + # Tempo + ################ + tempo_chart_version = "1.10.3" + tempo_tag = "2.5.0" } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl index d4d72bd..f317193 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl @@ -40,4 +40,7 @@ inputs = { oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace + tempo_chart_version = include.root.inputs.tempo_chart_version + tempo_tag = include.root.inputs.tempo_tag + } From 03dc15d4125786641a1d992e162b904923b9e214 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 7 Nov 2024 20:00:04 -0500 Subject: [PATCH 07/10] cleanup --- lab/_envcommon/default-versions.hcl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 673b820..9ae2832 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -3,10 +3,11 @@ locals { ##################### # Module Versions ##################### + cluster_version = "1.30.0" + custom_service_eks_account = "${local.release_version}" eks_module_version = "20.28.0" istio_ingress_version = "${local.release_version}" - custom_service_eks_account = "${local.release_version}" - cluster_version = "1.30.0" + release_version = "0.1.1" ##################### # TF Providers @@ -15,10 +16,9 @@ locals { helm_version = "2.11.0" kubernetes_version = "2.33.0" null_version = "3.2.1" - tf_version = "1.5.0" - template_version = "2.2.0" random_version = "3.5.1" - release_version = "0.1.1" + template_version = "2.2.0" + tf_version = "1.5.0" ##################### # EKS Config @@ -29,8 +29,8 @@ locals { # k8s-dashboard ################ dashboard_hostname = "dashboard" - k8s_dashboard_version = "2.7.0" k8s_dashboard_metrics_scraper = "1.0.8" + k8s_dashboard_version = "2.7.0" ################ # Cert-Manager From 204e81cb05a4fcbcc9e49752ce70fc44fe379c76 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 8 Nov 2024 14:25:48 -0500 Subject: [PATCH 08/10] fmt --- lab/_envcommon/aws-provider.hcl | 2 ++ lab/_envcommon/common-variables.hcl | 2 ++ lab/_envcommon/default-versions.hcl | 7 +++-- lab/development/account.hcl | 4 ++- lab/development/us-gov-east-1/region.hcl | 4 ++- .../vpc/platform-eng-eks-mcm/cluster.hcl | 2 ++ .../eks-tempo/terragrunt.hcl | 4 +-- lab/development/us-gov-east-1/vpc/vpc.hcl | 4 ++- lab/root.hcl | 2 ++ mcmcluster.hcl | 29 +++++++++++++++++++ 10 files changed, 52 insertions(+), 8 deletions(-) create mode 100644 mcmcluster.hcl diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl index f5abe97..18483ac 100644 --- a/lab/_envcommon/aws-provider.hcl +++ b/lab/_envcommon/aws-provider.hcl @@ -1,3 +1,5 @@ +# lab/_envcommon/aws-provider.hcl + include "root" { path = find_in_parent_folders("root.hcl") merge_strategy = "deep" diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl index 3ea745d..d2f73ef 100644 --- a/lab/_envcommon/common-variables.hcl +++ b/lab/_envcommon/common-variables.hcl @@ -1,3 +1,5 @@ +# lab/_envcommon/common-variables.hcl + # --------------------------------------------------------------------------------------------------------------------- # GLOBAL PARAMETERS # These are the variables we pass to use across modules regardless of environment, i.e. these are the parameters diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl index 9ae2832..6a147b5 100644 --- a/lab/_envcommon/default-versions.hcl +++ b/lab/_envcommon/default-versions.hcl @@ -1,9 +1,10 @@ # lab/_envcommon/default-versions.hcl + locals { ##################### # Module Versions ##################### - cluster_version = "1.30.0" + cluster_version = "1.30" custom_service_eks_account = "${local.release_version}" eks_module_version = "20.28.0" istio_ingress_version = "${local.release_version}" @@ -30,7 +31,7 @@ locals { ################ dashboard_hostname = "dashboard" k8s_dashboard_metrics_scraper = "1.0.8" - k8s_dashboard_version = "2.7.0" + k8s_dashboard_version = "6.0.6" ################ # Cert-Manager @@ -102,5 +103,5 @@ locals { # Tempo ################ tempo_chart_version = "1.10.3" - tempo_tag = "2.5.0" + tempo_tag = "2.5.0" } diff --git a/lab/development/account.hcl b/lab/development/account.hcl index 1992080..80a8b3a 100644 --- a/lab/development/account.hcl +++ b/lab/development/account.hcl @@ -1,3 +1,5 @@ +# lab/development/account.hcl + # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root # terragrunt.hcl configuration. Terragrunt often segments account and environment, but given our strategy is to # leverage accounts as environment boundaries, there is an anticipated 1:1 account to environment model that @@ -8,4 +10,4 @@ locals { aws_profile = "224384469011-lab-dev-gov" environment = "development" environment_abbr = "dev" -} \ No newline at end of file +} diff --git a/lab/development/us-gov-east-1/region.hcl b/lab/development/us-gov-east-1/region.hcl index 4adfaa3..f87a8e6 100644 --- a/lab/development/us-gov-east-1/region.hcl +++ b/lab/development/us-gov-east-1/region.hcl @@ -1,5 +1,7 @@ +# lab/development/us-gov-east-1/region.hcl + # Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to # configure the remote state bucket and pass forward to the child modules as inputs. locals { aws_region = "us-gov-east-1" -} \ No newline at end of file +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl index bf4f842..8d2831c 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl @@ -1,3 +1,5 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + # Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root # terragrunt.hcl configuration. locals { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl index f317193..e9ebd48 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl @@ -40,7 +40,7 @@ inputs = { oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag + tempo_chart_version = include.root.inputs.tempo_chart_version + tempo_tag = include.root.inputs.tempo_tag } diff --git a/lab/development/us-gov-east-1/vpc/vpc.hcl b/lab/development/us-gov-east-1/vpc/vpc.hcl index 907ce6d..8da18d0 100644 --- a/lab/development/us-gov-east-1/vpc/vpc.hcl +++ b/lab/development/us-gov-east-1/vpc/vpc.hcl @@ -1,6 +1,8 @@ +# lab/development/us-gov-east-1/vpc/vpc.hcl + # Set VPC specific variables. These are automatically pulled in to configure the remote state bucket in the root # terragrunt.hcl configuration. locals { vpc_name = "vpc3-lab-dev" vpc_domain_name = "dev.lab.csp2.census.gov" -} \ No newline at end of file +} diff --git a/lab/root.hcl b/lab/root.hcl index cba453a..87fe323 100644 --- a/lab/root.hcl +++ b/lab/root.hcl @@ -1,3 +1,5 @@ +# lab/root.hcl + # --------------------------------------------------------------------------------------------------------------------- # TERRAGRUNT CONFIGURATION # Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules, diff --git a/mcmcluster.hcl b/mcmcluster.hcl new file mode 100644 index 0000000..d6399d1 --- /dev/null +++ b/mcmcluster.hcl @@ -0,0 +1,29 @@ +locals { + account_name = "lab-dev-ew" + aws_account_id = "224384469011" + aws_profile = "224384469011-lab-dev-gov" + aws_region = "us-gov-east-1" + cluster_endpoint_public_access = true + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 + enable_cluster_creator_admin_permissions = true + environment = "development" + environment_abbr = "dev" + terraform = true + terragrunt = true + vpc_domain_name = "dev.lab.csp2.census.gov" + vpc_name = "vpc3-lab-dev" + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } + + + + + +} From 0d703a7773f371c735ef80f62006fea9e0250509 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 8 Nov 2024 14:52:51 -0500 Subject: [PATCH 09/10] apply to all clusters --- .../vpc/platform-eng-eks-mcm/cluster.hcl | 4 + .../vpc/platform-eng-eks-test/cluster.hcl | 11 +- .../eks-cert-manager/terragrunt.hcl | 24 ++- .../eks-config/terragrunt.hcl | 26 +-- .../eks-dns/terragrunt.hcl | 36 ++-- .../eks-grafana/terragrunt.hcl | 28 +-- .../eks-istio/terragrunt.hcl | 11 +- .../eks-k8s-dashboard/terragrunt.hcl | 36 ++++ .../eks-karpenter/terragrunt.hcl | 11 +- .../terragrunt.hcl.disable | 14 +- .../eks-loki/terragrunt.hcl | 27 ++- .../eks-metrics-server/terragrunt.hcl | 20 +- .../eks-prometheus/terragrunt.hcl | 24 ++- .../eks-tempo/terragrunt.hcl | 15 +- .../platform-eng-eks-test/eks/terragrunt.hcl | 61 +++--- .../vpc/platform-test-cicd/cluster.hcl | 20 ++ .../eks-cert-manager/terragrunt.hcl | 24 ++- .../eks-config/terragrunt.hcl | 26 +-- .../platform-test-cicd/eks-dns/terragrunt.hcl | 36 ++-- .../eks-grafana/terragrunt.hcl | 28 +-- .../eks-istio/terragrunt.hcl | 11 +- .../eks-k8s-dashboard/terragrunt.hcl | 36 ++++ .../eks-karpenter/terragrunt.hcl | 11 +- .../eks-kiali.disable/terragrunt.hcl.disable | 76 ------- .../eks-kiali}/terragrunt.hcl.disable | 21 +- .../eks-loki/terragrunt.hcl | 27 ++- .../eks-metrics-server/terragrunt.hcl | 20 +- .../eks-prometheus/terragrunt.hcl | 24 ++- .../eks-tempo/terragrunt.hcl | 15 +- .../vpc/platform-test-cicd/eks/terragrunt.hcl | 61 +++--- .../vpc/platform-test-x/cluster.hcl | 20 ++ .../eks-cert-manager/terragrunt.hcl | 34 --- .../platform-test-x/eks-config/terragrunt.hcl | 42 ---- .../platform-test-x/eks-dns/terragrunt.hcl | 30 --- .../eks-grafana/terragrunt.hcl | 38 ---- .../eks-grafana/terragrunt.hcl,disable | 38 ---- .../platform-test-x/eks-istio/terragrunt.hcl | 33 --- .../eks-k8s-dashboard/terragrunt.hcl.disable | 31 --- .../eks-karpenter/terragrunt.hcl | 38 ---- .../platform-test-x/eks-loki/terragrunt.hcl | 31 --- .../eks-loki/terragrunt.hcl.disable | 31 --- .../eks-metrics-server/terragrunt.hcl | 25 --- .../platform-test-x/eks-prometheus/README.md | 198 ------------------ .../eks-prometheus/terragrunt.hcl | 30 --- .../eks-prometheus/terragrunt.hcl.disable | 30 --- .../platform-test-x/eks-tempo/terragrunt.hcl | 42 ---- .../vpc/platform-test-x/eks/terragrunt.hcl | 64 ------ mcmcluster.hcl | 5 - 48 files changed, 480 insertions(+), 1064 deletions(-) create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl rename lab/development/us-gov-east-1/vpc/platform-eng-eks-test/{eks-kiali.disable => eks-kiali}/terragrunt.hcl.disable (84%) create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali.disable/terragrunt.hcl.disable rename lab/development/us-gov-east-1/vpc/{platform-test-x/eks-kiali.disable => platform-test-cicd/eks-kiali}/terragrunt.hcl.disable (82%) create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-cert-manager/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-config/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-dns/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl,disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-istio/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-k8s-dashboard/terragrunt.hcl.disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-karpenter/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl.disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-metrics-server/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/README.md delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl index 8d2831c..98d12d7 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl @@ -17,4 +17,8 @@ locals { "slim:schedule" = "8:00-17:00" "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" } + eks_version = "0.1.1" + eks_enabled = true + + } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl index 930cfdf..8d2831c 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl @@ -1,14 +1,15 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + # Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root # terragrunt.hcl configuration. locals { cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-test" - cluster_version = "1.30" - creator = "srinivasa.nangunuri@census.gov" + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" eks_instance_disk_size = 100 eks_ng_desired_size = 2 - eks_ng_max_size = 3 - eks_ng_min_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 enable_cluster_creator_admin_permissions = true terraform = true terragrunt = true diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl index 1448ac8..35e355a 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -19,16 +20,21 @@ dependency "eks" { } } +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + inputs = { cluster_name = dependency.eks.outputs.cluster_name cluster_mailing_list = dependency.eks.inputs.creator oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region - cert_manager_helm_chart = "1.15.1" - cert_manager_cainjector_tag = "v1.15.1" - cert_manager_controller_tag = "v1.15.1" - cert_manager_startupapicheck_tag = "v1.15.1" - cert_manager_webhook_tag = "v1.15.1" - cluster_issuer_name = "cert-manager" + cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart + cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag + cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag + cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag + cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag + cluster_issuer_name = include.root.inputs.cluster_issuer_name } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl index 84bb1ff..d4a60db 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl @@ -1,14 +1,13 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl + include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } -# locals { -# tag_costallocation = "census:csvd:platformbaseline" -# } - terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -18,12 +17,15 @@ terraform { dependency "eks" { config_path = "../eks" mock_outputs = { - vpc_id = "a-vpc-id" + cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] + cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" cluster_name = "a-cluster-name" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ] - security_group_all_worker_mgmt_id = "sg-00b0000000000000" eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + security_group_all_worker_mgmt_id = "sg-00b0000000000000" + subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] + token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] + vpc_id = "a-vpc-id" } } @@ -36,7 +38,5 @@ inputs = { security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - # tags = dependency.eks.inputs.tags - # tag_costallocation = local.tag_costallocation - # cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name + kubectl_image_tag = include.root.inputs.kubectl_image_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl index 46d26d8..6e28781 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -14,17 +15,28 @@ terraform { dependency "eks" { config_path = "../eks" mock_outputs = { - zone_ids = ["Z12345678CA5FV1LIFBC5"] + subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] + } +} + +dependency "istio" { + config_path = "../eks-istio" + mock_outputs = { + istio_ingress_lb = { + dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" + zone_id = "ZABC123456DEF" + } } } inputs = { - cluster_name = dependency.eks.inputs.cluster_name - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_id = dependency.eks.outputs.vpc_id - vpc_name = dependency.eks.inputs.vpc_name + cluster_name = dependency.eks.inputs.cluster_name + istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + subnets = dependency.eks.outputs.subnets + tags = dependency.eks.inputs.tags + vpc_domain_name = dependency.eks.inputs.vpc_domain_name + vpc_name = dependency.eks.inputs.vpc_name + route53_endpoints = include.root.inputs.route53_endpoints } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl index c2172e8..65ab33f 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -17,22 +18,23 @@ dependency "eks" { cluster_name = "a-cluster-name" } } + dependency "eks-loki" { config_path = "../eks-loki" mock_outputs = { rwo_storage_class = "gp3-encrypted" } } -# dependency "eks-tempo" { -# config_path = "../eks-tempo" -# skip_outputs = true -# } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.grafana_hostname + rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class + grafana_chart_version = include.root.inputs.grafana_chart_version + grafana_tag = include.root.inputs.grafana_tag + download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag + init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl index 5a30c0e..c7c22c8 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -26,6 +27,6 @@ inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = "1.22.1" - istio_version = "1.22.1" + istio_chart_version = include.root.inputs.istio_version + istio_version = include.root.inputs.istio_version } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl new file mode 100644 index 0000000..cd1961b --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl @@ -0,0 +1,36 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + vpc_domain_name = "example.com" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.dashboard_hostname + k8s_dashboard_version = include.root.inputs.k8s_dashboard_version + # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl index 982e1d7..6b1a862 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -35,4 +36,8 @@ inputs = { karpenter_node_group_name = dependency.eks.outputs.node_group_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn vpc_id = dependency.eks.outputs.vpc_id + karpenter_helm_chart = include.root.inputs.karpenter_helm_chart + karpenter_tag = include.root.inputs.karpenter_tag + kubectl_tag = include.root.inputs.kubectl_image_tag + } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali.disable/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable similarity index 84% rename from lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali.disable/terragrunt.hcl.disable rename to lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable index c395110..1e04fe0 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali.disable/terragrunt.hcl.disable +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable @@ -1,11 +1,12 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster" - source = "../../../../../../../tfmod-kiali" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" + # source = "../../../../../../../tfmod-kiali" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -53,9 +54,12 @@ dependency "eks-grafana" { } inputs = { + kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_application_version = include.root.inputs.kiali_application_version + profile = include.root.inputs.aws_profile cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = dependency.eks.inputs.operators_ns + operators_namespace = "operators" cluster_name = dependency.eks.outputs.cluster_name certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl index cc94f7f..2c6b6be 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -22,10 +23,22 @@ dependency "eks-istio" { config_path = "../eks-istio" skip_outputs = true } +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + skip_outputs = true +} inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + loki_chart_version = include.root.inputs.loki_chart_version + loki_tag = include.root.inputs.loki_tag + canary_tag = include.root.inputs.canary_tag + enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag + gateway_tag = include.root.inputs.gateway_tag + memcached_tag = include.root.inputs.memcached_tag + exporter_tag = include.root.inputs.exporter_tag + sidecar_tag = include.root.inputs.sidecar_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl index 5414a72..387653b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -18,8 +19,15 @@ dependency "eks" { } } +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region + profile = include.root.inputs.aws_profile + cluster_name = dependency.eks.outputs.cluster_name + region = include.root.inputs.aws_region + metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart + metrics_server_tag = include.root.inputs.metrics_server_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl index 62611b1..e6c54b1 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -18,13 +19,20 @@ dependency "eks" { } } -dependency "eks-istio" { - config_path = "../eks-istio" +dependency "eks-dns" { + config_path = "../eks-dns" skip_outputs = true } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + prometheus_chart_version = include.root.inputs.prometheus_chart_version + prometheus_server_tag = include.root.inputs.prometheus_server_tag + prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag + alertmanager_tag = include.root.inputs.alertmanager_tag + kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag + node_exporter_tag = include.root.inputs.node_exporter_tag + pushgateway_tag = include.root.inputs.pushgateway_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl index 7f3d706..e9ebd48 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -32,10 +33,14 @@ dependency "eks-prometheus" { } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region + account_id = include.root.locals.account_id + profile = include.root.locals.aws_profile + region = include.root.locals.aws_region cluster_name = dependency.eks.outputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace + tempo_chart_version = include.root.inputs.tempo_chart_version + tempo_tag = include.root.inputs.tempo_tag + } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl index 90f7104..cc7c893 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl @@ -1,39 +1,37 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } locals { # Set cluster/platform specific variables, or extract from the hierarchy. account_id = include.root.inputs.aws_account_id - vpc_name = include.root.inputs.vpc_name - cluster_name = "platform-eng-eks-test" - cluster_version = "1.30" - vpc_domain_name = include.root.inputs.vpc_domain_name - eks_instance_disk_size = 100 + cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access + cluster_name = include.root.inputs.cluster_name + cluster_version = include.root.inputs.cluster_version + creator = include.root.inputs.creator + eks_instance_disk_size = include.root.inputs.eks_instance_disk_size + eks_ng_desired_size = include.root.inputs.eks_ng_desired_size + eks_ng_max_size = include.root.inputs.eks_ng_max_size + eks_ng_min_size = include.root.inputs.eks_ng_min_size eks_vpc_name = include.root.inputs.vpc_name - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - operators_ns = "operators" - enable_cluster_creator_admin_permissions = true - cluster_endpoint_public_access = true + enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions + environment_abbr = include.root.inputs.environment_abbr + organization = include.root.inputs.organization profile = include.root.inputs.aws_profile + project_name = include.root.inputs.project_name + project_number = include.root.inputs.project_number + project_role = include.root.inputs.project_role region = include.root.inputs.aws_region - cluster_mailing_list = "srinivasa.nangunuri@census.gov" - environment_abbr = include.root.inputs.environment_abbr - - # Tags applied to AWS objects created - tags = { - "Environment" = local.environment_abbr - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - + tags = include.root.inputs.tags + terraform = include.root.inputs.terraform + terragrunt = include.root.inputs.terragrunt + vpc_domain_name = include.root.inputs.vpc_domain_name } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -42,22 +40,17 @@ terraform { inputs = { aws_account_id = local.account_id - profile = local.profile - vpc_name = local.eks_vpc_name + cluster_endpoint_public_access = local.cluster_endpoint_public_access cluster_name = local.cluster_name cluster_version = local.cluster_version + creator = local.creator eks_instance_disk_size = local.eks_instance_disk_size - eks_vpc_name = local.eks_vpc_name eks_ng_desired_size = local.eks_ng_desired_size eks_ng_max_size = local.eks_ng_max_size eks_ng_min_size = local.eks_ng_min_size - operators_ns = local.operators_ns + eks_vpc_name = local.eks_vpc_name enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - cluster_endpoint_public_access = local.cluster_endpoint_public_access - tags = local.tags - vcp_domain_name = local.vpc_domain_name - region = local.region - creator = local.cluster_mailing_list - os_username = local.cluster_mailing_list + os_username = local.creator shared_vpc_label = local.environment_abbr + tags = local.tags } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl new file mode 100644 index 0000000..8d2831c --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl @@ -0,0 +1,20 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + +# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + cluster_endpoint_public_access = true + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 + enable_cluster_creator_admin_permissions = true + terraform = true + terragrunt = true + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl index 1448ac8..35e355a 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -19,16 +20,21 @@ dependency "eks" { } } +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + inputs = { cluster_name = dependency.eks.outputs.cluster_name cluster_mailing_list = dependency.eks.inputs.creator oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region - cert_manager_helm_chart = "1.15.1" - cert_manager_cainjector_tag = "v1.15.1" - cert_manager_controller_tag = "v1.15.1" - cert_manager_startupapicheck_tag = "v1.15.1" - cert_manager_webhook_tag = "v1.15.1" - cluster_issuer_name = "cert-manager" + cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart + cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag + cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag + cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag + cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag + cluster_issuer_name = include.root.inputs.cluster_issuer_name } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl index 84bb1ff..d4a60db 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl @@ -1,14 +1,13 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl + include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } -# locals { -# tag_costallocation = "census:csvd:platformbaseline" -# } - terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -18,12 +17,15 @@ terraform { dependency "eks" { config_path = "../eks" mock_outputs = { - vpc_id = "a-vpc-id" + cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] + cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" cluster_name = "a-cluster-name" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ] - security_group_all_worker_mgmt_id = "sg-00b0000000000000" eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + security_group_all_worker_mgmt_id = "sg-00b0000000000000" + subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] + token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] + vpc_id = "a-vpc-id" } } @@ -36,7 +38,5 @@ inputs = { security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - # tags = dependency.eks.inputs.tags - # tag_costallocation = local.tag_costallocation - # cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name + kubectl_image_tag = include.root.inputs.kubectl_image_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl index 46d26d8..6e28781 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -14,17 +15,28 @@ terraform { dependency "eks" { config_path = "../eks" mock_outputs = { - zone_ids = ["Z12345678CA5FV1LIFBC5"] + subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] + } +} + +dependency "istio" { + config_path = "../eks-istio" + mock_outputs = { + istio_ingress_lb = { + dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" + zone_id = "ZABC123456DEF" + } } } inputs = { - cluster_name = dependency.eks.inputs.cluster_name - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_id = dependency.eks.outputs.vpc_id - vpc_name = dependency.eks.inputs.vpc_name + cluster_name = dependency.eks.inputs.cluster_name + istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + subnets = dependency.eks.outputs.subnets + tags = dependency.eks.inputs.tags + vpc_domain_name = dependency.eks.inputs.vpc_domain_name + vpc_name = dependency.eks.inputs.vpc_name + route53_endpoints = include.root.inputs.route53_endpoints } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl index c2172e8..65ab33f 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -17,22 +18,23 @@ dependency "eks" { cluster_name = "a-cluster-name" } } + dependency "eks-loki" { config_path = "../eks-loki" mock_outputs = { rwo_storage_class = "gp3-encrypted" } } -# dependency "eks-tempo" { -# config_path = "../eks-tempo" -# skip_outputs = true -# } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.grafana_hostname + rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class + grafana_chart_version = include.root.inputs.grafana_chart_version + grafana_tag = include.root.inputs.grafana_tag + download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag + init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl index 5a30c0e..c7c22c8 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -26,6 +27,6 @@ inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = "1.22.1" - istio_version = "1.22.1" + istio_chart_version = include.root.inputs.istio_version + istio_version = include.root.inputs.istio_version } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl new file mode 100644 index 0000000..cd1961b --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl @@ -0,0 +1,36 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + vpc_domain_name = "example.com" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.dashboard_hostname + k8s_dashboard_version = include.root.inputs.k8s_dashboard_version + # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl index 982e1d7..6b1a862 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -35,4 +36,8 @@ inputs = { karpenter_node_group_name = dependency.eks.outputs.node_group_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn vpc_id = dependency.eks.outputs.vpc_id + karpenter_helm_chart = include.root.inputs.karpenter_helm_chart + karpenter_tag = include.root.inputs.karpenter_tag + kubectl_tag = include.root.inputs.kubectl_image_tag + } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali.disable/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali.disable/terragrunt.hcl.disable deleted file mode 100644 index 63e88a4..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali.disable/terragrunt.hcl.disable +++ /dev/null @@ -1,76 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster" - source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.dev.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.dev.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = dependency.eks.inputs.operators_ns - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url - grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-kiali.disable/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable similarity index 82% rename from lab/development/us-gov-east-1/vpc/platform-test-x/eks-kiali.disable/terragrunt.hcl.disable rename to lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable index 3dabd56..1e04fe0 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-kiali.disable/terragrunt.hcl.disable +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable @@ -1,10 +1,12 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" + # source = "../../../../../../../tfmod-kiali" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -41,20 +43,23 @@ dependency "eks-grafana" { port_number = "80" url = "https://grafana.grafana.svc.cluster.local:80/" } - namespace = "grafana" - public_endpoint = { + namespace = "grafana" + public_endpoint = { hostname = "grafana.dev.lab.csp2.census.gov" port_number = "80" url = "https://grafana.dev.lab.csp2.census.gov:80/" } - secret_name = "grafana" + secret_name = "grafana" } } inputs = { + kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_application_version = include.root.inputs.kiali_application_version + profile = include.root.inputs.aws_profile cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = dependency.eks.inputs.operators_ns + operators_namespace = "operators" cluster_name = dependency.eks.outputs.cluster_name certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url @@ -63,7 +68,7 @@ inputs = { grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url grafana_secret_name = "grafana" # grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" + jaeger_internal_url = "" # client_id = var.sso_client_id diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl index cc94f7f..2c6b6be 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -22,10 +23,22 @@ dependency "eks-istio" { config_path = "../eks-istio" skip_outputs = true } +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + skip_outputs = true +} inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + loki_chart_version = include.root.inputs.loki_chart_version + loki_tag = include.root.inputs.loki_tag + canary_tag = include.root.inputs.canary_tag + enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag + gateway_tag = include.root.inputs.gateway_tag + memcached_tag = include.root.inputs.memcached_tag + exporter_tag = include.root.inputs.exporter_tag + sidecar_tag = include.root.inputs.sidecar_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl index 5414a72..387653b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -18,8 +19,15 @@ dependency "eks" { } } +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region + profile = include.root.inputs.aws_profile + cluster_name = dependency.eks.outputs.cluster_name + region = include.root.inputs.aws_region + metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart + metrics_server_tag = include.root.inputs.metrics_server_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl index 62611b1..e6c54b1 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -18,13 +19,20 @@ dependency "eks" { } } -dependency "eks-istio" { - config_path = "../eks-istio" +dependency "eks-dns" { + config_path = "../eks-dns" skip_outputs = true } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + prometheus_chart_version = include.root.inputs.prometheus_chart_version + prometheus_server_tag = include.root.inputs.prometheus_server_tag + prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag + alertmanager_tag = include.root.inputs.alertmanager_tag + kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag + node_exporter_tag = include.root.inputs.node_exporter_tag + pushgateway_tag = include.root.inputs.pushgateway_tag } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl index 7f3d706..e9ebd48 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl @@ -1,10 +1,11 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -32,10 +33,14 @@ dependency "eks-prometheus" { } inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region + account_id = include.root.locals.account_id + profile = include.root.locals.aws_profile + region = include.root.locals.aws_region cluster_name = dependency.eks.outputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace + tempo_chart_version = include.root.inputs.tempo_chart_version + tempo_tag = include.root.inputs.tempo_tag + } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl index f180390..cc7c893 100644 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl @@ -1,39 +1,37 @@ include "root" { - path = find_in_parent_folders() - expose = true + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true } locals { # Set cluster/platform specific variables, or extract from the hierarchy. account_id = include.root.inputs.aws_account_id - vpc_name = include.root.inputs.vpc_name - cluster_name = "platform-test-cicd" - cluster_version = "1.30" - vpc_domain_name = include.root.inputs.vpc_domain_name - eks_instance_disk_size = 100 + cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access + cluster_name = include.root.inputs.cluster_name + cluster_version = include.root.inputs.cluster_version + creator = include.root.inputs.creator + eks_instance_disk_size = include.root.inputs.eks_instance_disk_size + eks_ng_desired_size = include.root.inputs.eks_ng_desired_size + eks_ng_max_size = include.root.inputs.eks_ng_max_size + eks_ng_min_size = include.root.inputs.eks_ng_min_size eks_vpc_name = include.root.inputs.vpc_name - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - operators_ns = "operators" - enable_cluster_creator_admin_permissions = true - cluster_endpoint_public_access = true + enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions + environment_abbr = include.root.inputs.environment_abbr + organization = include.root.inputs.organization profile = include.root.inputs.aws_profile + project_name = include.root.inputs.project_name + project_number = include.root.inputs.project_number + project_role = include.root.inputs.project_role region = include.root.inputs.aws_region - cluster_mailing_list = "ahmed.m.youssef@census.gov" - environment_abbr = include.root.inputs.environment_abbr - - # Tags applied to AWS objects created - tags = { - "Environment" = local.environment_abbr - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - + tags = include.root.inputs.tags + terraform = include.root.inputs.terraform + terragrunt = include.root.inputs.terragrunt + vpc_domain_name = include.root.inputs.vpc_domain_name } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=main" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -42,22 +40,17 @@ terraform { inputs = { aws_account_id = local.account_id - profile = local.profile - vpc_name = local.eks_vpc_name + cluster_endpoint_public_access = local.cluster_endpoint_public_access cluster_name = local.cluster_name cluster_version = local.cluster_version + creator = local.creator eks_instance_disk_size = local.eks_instance_disk_size - eks_vpc_name = local.eks_vpc_name eks_ng_desired_size = local.eks_ng_desired_size eks_ng_max_size = local.eks_ng_max_size eks_ng_min_size = local.eks_ng_min_size - operators_ns = local.operators_ns + eks_vpc_name = local.eks_vpc_name enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - cluster_endpoint_public_access = local.cluster_endpoint_public_access - tags = local.tags - vcp_domain_name = local.vpc_domain_name - region = local.region - creator = local.cluster_mailing_list - os_username = local.cluster_mailing_list + os_username = local.creator shared_vpc_label = local.environment_abbr + tags = local.tags } diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl new file mode 100644 index 0000000..8d2831c --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl @@ -0,0 +1,20 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + +# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + cluster_endpoint_public_access = true + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 + enable_cluster_creator_admin_permissions = true + terraform = true + terragrunt = true + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index f72b39f..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,34 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = dependency.eks.inputs.creator - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cert_manager_helm_chart = "1.15.1" - cert_manager_cainjector_tag = "v1.15.1" - cert_manager_controller_tag = "v1.15.1" - cert_manager_startupapicheck_tag = "v1.15.1" - cert_manager_webhook_tag = "v1.15.1" - cluster_issuer_name = "cert-manager" -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-config/terragrunt.hcl deleted file mode 100644 index 7c6a172..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-config/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -# locals { -# tag_costallocation = "census:csvd:platformbaseline" -# } - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - vpc_id = "a-vpc-id" - cluster_name = "a-cluster-name" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ] - security_group_all_worker_mgmt_id = "sg-00b0000000000000" - eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.outputs.cluster_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - # tags = dependency.eks.inputs.tags - # tag_costallocation = local.tag_costallocation - # cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-dns/terragrunt.hcl deleted file mode 100644 index 46d26d8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - zone_ids = ["Z12345678CA5FV1LIFBC5"] - } -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_id = dependency.eks.outputs.vpc_id - vpc_name = dependency.eks.inputs.vpc_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl deleted file mode 100644 index c2172e8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} -# dependency "eks-tempo" { -# config_path = "../eks-tempo" -# skip_outputs = true -# } - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl,disable b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl,disable deleted file mode 100644 index c2172e8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-grafana/terragrunt.hcl,disable +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} -# dependency "eks-tempo" { -# config_path = "../eks-tempo" -# skip_outputs = true -# } - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-istio/terragrunt.hcl deleted file mode 100644 index c1190ab..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,33 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - - -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = "1.22.1" - istio_version = "1.22.1" -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-k8s-dashboard/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-k8s-dashboard/terragrunt.hcl.disable deleted file mode 100644 index 7004f22..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-k8s-dashboard/terragrunt.hcl.disable +++ /dev/null @@ -1,31 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git" - # source = "../../../../../../../tfmod-k8s-dashboard" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - # k8s_dashboard_version = "v2.0.0" # NEW IDEA TO START PINNING VERSIONING OF COMPONENT TO TF MODULE VERSION -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-karpenter/terragrunt.hcl deleted file mode 100644 index a6e5264..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - node_group_name = "node_group_a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - vpc_id = "a-vpc-name" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - karpenter_node_group_name = dependency.eks.outputs.node_group_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - vpc_id = dependency.eks.outputs.vpc_id -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl deleted file mode 100644 index 069f967..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,31 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl.disable deleted file mode 100644 index 069f967..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-loki/terragrunt.hcl.disable +++ /dev/null @@ -1,31 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 010e61a..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,25 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 308ade0..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable deleted file mode 100644 index 308ade0..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-prometheus/terragrunt.hcl.disable +++ /dev/null @@ -1,30 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl deleted file mode 100644 index c52ffc3..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=main" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - aws_account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl deleted file mode 100644 index 76397c6..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl +++ /dev/null @@ -1,64 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - vpc_name = include.root.inputs.vpc_name - cluster_name = "platform-test-x" - cluster_version = "1.30" - vpc_domain_name = include.root.inputs.vpc_domain_name - eks_instance_disk_size = 100 - eks_vpc_name = include.root.inputs.vpc_name - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - operators_ns = "operators" - enable_cluster_creator_admin_permissions = true - cluster_endpoint_public_access = true - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_mailing_list = "luther.coleman.mcginty@census.gov" - environment_abbr = include.root.inputs.environment_abbr - - # Tags applied to AWS objects created - tags = { - "Environment" = local.environment_abbr - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=main" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - profile = local.profile - vpc_name = local.eks_vpc_name - cluster_name = local.cluster_name - cluster_version = local.cluster_version - eks_instance_disk_size = local.eks_instance_disk_size - eks_vpc_name = local.eks_vpc_name - # eks_instance_types = local.eks_instance_types - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - operators_ns = local.operators_ns - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - cluster_endpoint_public_access = local.cluster_endpoint_public_access - tags = local.tags - vcp_domain_name = local.vpc_domain_name - region = local.region - creator = local.cluster_mailing_list - os_username = local.cluster_mailing_list - shared_vpc_label = local.environment_abbr -} diff --git a/mcmcluster.hcl b/mcmcluster.hcl index d6399d1..b443ab7 100644 --- a/mcmcluster.hcl +++ b/mcmcluster.hcl @@ -21,9 +21,4 @@ locals { "slim:schedule" = "8:00-17:00" "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" } - - - - - } From f2f96452ca17760ce44c2053ea0d5f7cba47f6ec Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 15 Nov 2024 14:09:47 -0500 Subject: [PATCH 10/10] revert overcooked --- mcmcluster.hcl | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 mcmcluster.hcl diff --git a/mcmcluster.hcl b/mcmcluster.hcl deleted file mode 100644 index b443ab7..0000000 --- a/mcmcluster.hcl +++ /dev/null @@ -1,24 +0,0 @@ -locals { - account_name = "lab-dev-ew" - aws_account_id = "224384469011" - aws_profile = "224384469011-lab-dev-gov" - aws_region = "us-gov-east-1" - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - environment = "development" - environment_abbr = "dev" - terraform = true - terragrunt = true - vpc_domain_name = "dev.lab.csp2.census.gov" - vpc_name = "vpc3-lab-dev" - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -}