From f92f1e617a2a0ba2820a90cb85aaf7632c29b52d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 11 Feb 2025 18:47:08 -0500 Subject: [PATCH] seems to work --- lab/_envcommon/empty-provider.hcl | 11 --- lab/_envcommon/helm-provider.hcl | 36 -------- lab/_envcommon/kube-provider.hcl | 34 ------- .../vpc/platform-eng-eks-mcm/cluster.hcl | 5 +- .../eks-cert-manager/terragrunt.hcl | 4 +- .../eks-config/terragrunt.hcl | 2 +- .../eks-dns/terragrunt.hcl | 2 +- .../eks-grafana/terragrunt.hcl | 2 +- .../eks-istio/terragrunt.hcl | 4 +- .../eks-k8s-dashboard/terragrunt.hcl | 2 +- .../eks-karpenter/terragrunt.hcl | 4 - .../eks-loki/terragrunt.hcl | 2 +- .../eks-metrics-server/terragrunt.hcl | 2 +- .../eks-prometheus/terragrunt.hcl | 2 +- .../eks-tempo/terragrunt.hcl | 5 +- .../platform-eng-eks-mcm/eks/terragrunt.hcl | 1 - lab/root.hcl | 88 +++++++++++-------- 17 files changed, 66 insertions(+), 140 deletions(-) delete mode 100644 lab/_envcommon/empty-provider.hcl delete mode 100644 lab/_envcommon/helm-provider.hcl delete mode 100644 lab/_envcommon/kube-provider.hcl diff --git a/lab/_envcommon/empty-provider.hcl b/lab/_envcommon/empty-provider.hcl deleted file mode 100644 index 6b1025b..0000000 --- a/lab/_envcommon/empty-provider.hcl +++ /dev/null @@ -1,11 +0,0 @@ -generate "kube_provider" { - path = "kubernetes-provider.tf" - if_exists = "overwrite_terragrunt" - contents = "" -} - -generate "helm_provider" { - path = "helm-provider.tf" - if_exists = "overwrite_terragrunt" - contents = "" -} diff --git a/lab/_envcommon/helm-provider.hcl b/lab/_envcommon/helm-provider.hcl deleted file mode 100644 index 37d20d3..0000000 --- a/lab/_envcommon/helm-provider.hcl +++ /dev/null @@ -1,36 +0,0 @@ -dependency "eks" { - config_path = "${get_original_terragrunt_dir()}/../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"] - mock_outputs = { - cluster_name = "a-cluster-name" - region = "an-aws-region" - } -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name -} - -generate "helm_provider" { - path = "helm-provider.tf" - if_exists = "overwrite_terragrunt" - contents = <<-EOF - %{if var.cluster_name != "a-cluster-name"~} - data "aws_eks_cluster" "helm" { - name = var.cluster_name - } - data "aws_eks_cluster_auth" "helm" { - name = var.cluster_name - } - %{endif~} - provider "helm" { - kubernetes { - %{if var.cluster_name != "a-cluster-name"~} - host = try(data.aws_eks_cluster.helm.endpoint, "") - cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.helm.certificate_authority[0].data), null) - token = try(data.aws_eks_cluster_auth.helm.token, null) - %{endif~} - } - } -EOF -} diff --git a/lab/_envcommon/kube-provider.hcl b/lab/_envcommon/kube-provider.hcl deleted file mode 100644 index 138515d..0000000 --- a/lab/_envcommon/kube-provider.hcl +++ /dev/null @@ -1,34 +0,0 @@ -dependency "eks" { - config_path = "${get_original_terragrunt_dir()}/../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"] - mock_outputs = { - cluster_name = "a-cluster-name" - region = "an-aws-region" - } -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name -} - -generate "kube_provider" { - path = "kube-provider.tf" - if_exists = "overwrite_terragrunt" - contents = <<-EOF - %{if var.cluster_name != "a-cluster-name"~} - data "aws_eks_cluster" "kube" { - name = var.cluster_name - } - data "aws_eks_cluster_auth" "kube" { - name = var.cluster_name - } - %{endif~} - provider "kubernetes" { - %{if var.cluster_name != "a-cluster-name"~} - host = try(data.aws_eks_cluster.this[0].endpoint, "") - cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data), null) - token = try(data.aws_eks_cluster_auth.kube.token, null) - %{endif~} - } -EOF -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl index e43148a..7d6dd36 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl @@ -5,15 +5,12 @@ locals { cluster_endpoint_public_access = true cluster_name = "platform-eng-eks-mcm" - created_reason = "Terragrunt Development for CICD Delivered EKS Platform" - creator = "matthew.c.morgan@census.gov" + cluster_mailing_list = "matthew.c.morgan@census.gov" eks_instance_disk_size = 100 eks_ng_desired_size = 2 eks_ng_max_size = 10 eks_ng_min_size = 0 enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true tags = { "slim:schedule" = "8:00-17:00" "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl index 3da4e17..1698f07 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl @@ -22,7 +22,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-config"] + paths = ["../eks-config"] } inputs = { @@ -32,7 +32,7 @@ inputs = { cert_manager_startupapicheck_tag = dependency.eks.inputs.cert_manager_startupapicheck_tag cert_manager_webhook_tag = dependency.eks.inputs.cert_manager_webhook_tag cluster_issuer_name = dependency.eks.inputs.cluster_issuer_name - cluster_mailing_list = dependency.eks.inputs.creator + cluster_mailing_list = dependency.eks.inputs.cluster_mailing_list cluster_name = dependency.eks.outputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn profile = dependency.eks.inputs.aws_profile diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl index 8365de8..72c6217 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl @@ -30,7 +30,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-karpenter"] + paths = ["../eks-karpenter"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl index 5e73ce4..ab62d3b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl @@ -32,7 +32,7 @@ dependency "istio" { } dependencies { - paths = ["../eks", "../eks-config", "../eks-istio"] + paths = ["../eks-config", "../eks-istio"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl index dc08d73..ca02842 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl @@ -29,7 +29,7 @@ dependency "eks-loki" { } dependencies { - paths = ["../eks", "../eks-loki", "../eks-config", "../eks-karpenter"] + paths = ["../eks-config", "../eks-karpenter"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl index c998f7e..a65631d 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl @@ -13,7 +13,7 @@ terraform { } dependency "eks" { - config_path = "${get_original_terragrunt_dir()}/../eks" + config_path = "../eks" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate"] mock_outputs = { cluster_name = "a-cluster-name" @@ -21,7 +21,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-karpenter", "../eks-config"] + paths = ["../eks-karpenter", "../eks-config"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl index 35f5926..c02f084 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl @@ -22,7 +22,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-loki", "../eks-config", "../eks-karpenter"] + paths = ["../eks-loki", "../eks-config", "../eks-karpenter"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl index c0ff959..3fb7c11 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl @@ -24,10 +24,6 @@ dependency "eks" { } } -dependencies { - paths = ["../eks"] -} - inputs = { cluster_endpoint = dependency.eks.outputs.cluster_endpoint cluster_name = dependency.eks.outputs.cluster_name diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl index cc9a911..0be4c16 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl @@ -22,7 +22,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-prometheus", "../eks-config", "../eks-karpenter", "../eks-istio"] + paths = ["../eks-prometheus", "../eks-config", "../eks-karpenter", "../eks-istio"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl index 5d67adb..28bb273 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl @@ -21,7 +21,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-config", "../eks-karpenter"] + paths = ["../eks-config", "../eks-karpenter"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl index 54c0dab..edc12b2 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl @@ -21,7 +21,7 @@ dependency "eks" { } dependencies { - paths = ["../eks", "../eks-config", "../eks-karpenter", "../eks-istio", "../eks-dns"] + paths = ["../eks-config", "../eks-karpenter", "../eks-istio", "../eks-dns"] } inputs = { diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl index a0650af..9b1c9ac 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl @@ -31,15 +31,14 @@ dependency "eks-prometheus" { url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" } } - } dependencies { - paths = ["../eks", "../eks-prometheus", "../eks-config", "../eks-karpenter"] + paths = ["../eks-config", "../eks-karpenter"] } inputs = { - account_id = dependency.eks.inputs.account_id + account_id = dependency.eks.inputs.aws_account_id cluster_name = dependency.eks.outputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn profile = dependency.eks.inputs.aws_profile diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl index 7870b02..59e9a75 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl @@ -17,7 +17,6 @@ inputs = { cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access cluster_name = include.root.inputs.cluster_name cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator eks_instance_disk_size = include.root.inputs.eks_instance_disk_size eks_ng_desired_size = include.root.inputs.eks_ng_desired_size eks_ng_max_size = include.root.inputs.eks_ng_max_size diff --git a/lab/root.hcl b/lab/root.hcl index f567534..c3852d3 100644 --- a/lab/root.hcl +++ b/lab/root.hcl @@ -29,8 +29,6 @@ locals { aws_profile = local.account_vars.locals.aws_profile aws_region = local.region_vars.locals.aws_region cluster_name = local.cluster_vars.locals.cluster_name - created_reason = local.cluster_vars.locals.created_reason - creator = local.cluster_vars.locals.creator environment_abbr = local.account_vars.locals.environment_abbr organization = local.common_vars.locals.organization project_name = local.common_vars.locals.project_name @@ -38,26 +36,62 @@ locals { project_role = local.common_vars.locals.project_role state_bucket_prefix = local.common_vars.locals.state_bucket_prefix state_table_name = local.common_vars.locals.state_table_name - terraform = local.cluster_vars.locals.terraform - terragrunt = local.cluster_vars.locals.terragrunt - # Check if current module is the EKS module - module_name = basename(get_original_terragrunt_dir()) + module_name = basename(get_original_terragrunt_dir()) is_eks_module = local.module_name == "eks" +} + +# Only generate providers for non-EKS modules +generate "cluster_data" { + path = "cluster-data.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + data "aws_eks_clusters" "available" {} + + locals { + cluster_exists = contains(data.aws_eks_clusters.available.names, "${local.cluster_name}") + } + + data "aws_eks_cluster" "this" { + count = local.cluster_exists ? 1 : 0 + name = "${local.cluster_name}" + } + + data "aws_eks_cluster_auth" "this" { + count = local.cluster_exists ? 1 : 0 + name = "${local.cluster_name}" + } + EOF +} + +# Generate provider blocks only for non-EKS modules +generate "kube_provider" { + path = "kube-provider.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + provider "kubernetes" { + host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" + cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null + token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" + } + EOF +} - # Load provider configurations if not in EKS module - kube_provider = read_terragrunt_config( - local.is_eks_module ? - "${get_repo_root()}/lab/_envcommon/empty-provider.hcl" : - "${get_repo_root()}/lab/_envcommon/kube-provider.hcl" - ) - helm_provider = read_terragrunt_config( - local.is_eks_module ? - "${get_repo_root()}/lab/_envcommon/empty-provider.hcl" : - "${get_repo_root()}/lab/_envcommon/helm-provider.hcl" - ) +generate "helm_provider" { + path = "helm-provider.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + provider "helm" { + kubernetes { + host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" + cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null + token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" + } + } + EOF } + # Configure Terragrunt to automatically store tfstate files in an S3 bucket remote_state { backend = "s3" @@ -92,18 +126,12 @@ generate "aws-provider" { default_tags { tags = { cluster_name = "${local.cluster_name}" - module_name = "${local.module_name}" - created_by = "${local.creator}" - created_for = "${local.creator}" - created_reason = "${local.created_reason}" + "boc:module_name" = "${local.module_name}" environment = "${local.environment_abbr}" finops_project_name = "${local.project_name}" finops_project_number = "${local.project_number}" finops_project_role = "${local.project_role}" organization = "${local.organization}" - project_identifier = "${local.project_number}:${local.project_name}" - terraform = "${local.terraform}" - terragrunt = "${local.terragrunt}" } } # Only these AWS Account IDs may be operated on by this template @@ -112,18 +140,6 @@ generate "aws-provider" { EOF } -generate "kube_provider" { - path = local.kube_provider.generate.kube_provider.path - if_exists = local.kube_provider.generate.kube_provider.if_exists - contents = local.kube_provider.generate.kube_provider.contents -} - -generate "helm_provider" { - path = local.helm_provider.generate.helm_provider.path - if_exists = local.helm_provider.generate.helm_provider.if_exists - contents = local.helm_provider.generate.helm_provider.contents -} - # --------------------------------------------------------------------------------------------------------------------- # GLOBAL PARAMETERS # These variables apply to all configurations in this subfolder. These are automatically merged into the child