diff --git a/.gitignore b/.gitignore index 4b51fc4..4b072ca 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,4 @@ terraform.rc .terragrunt-cache/ backend.tf provider*.tf +remote_state.backend.tf diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-cert-manager/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-cert-manager/terragrunt.hcl index bd7f869..f72b39f 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-cert-manager/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-cert-manager/terragrunt.hcl @@ -1,5 +1,6 @@ include "root" { - path = find_in_parent_folders() + path = find_in_parent_folders() + expose = true } terraform { @@ -12,14 +13,18 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } } inputs = { - cluster_name = dependency.eks.inputs.cluster_name + cluster_name = dependency.eks.outputs.cluster_name cluster_mailing_list = dependency.eks.inputs.creator oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = dependency.eks.inputs.profile - region = dependency.eks.inputs.region + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region cert_manager_helm_chart = "1.15.1" cert_manager_cainjector_tag = "v1.15.1" cert_manager_controller_tag = "v1.15.1" diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-config/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-config/terragrunt.hcl index 8b288b5..798f704 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-config/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-config/terragrunt.hcl @@ -1,9 +1,6 @@ include "root" { - path = find_in_parent_folders() -} - -locals { - tag_costallocation = "census:csvd:platformbaseline" + path = find_in_parent_folders() + expose = true } terraform { @@ -16,18 +13,24 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + eks_managed_node_groups_autoscaling_group_names = ["eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + security_group_all_worker_mgmt_id = "sg-00b0000000000000" + subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003", ] + vpc_id = "a-vpc-id" + } } inputs = { - profile = dependency.eks.inputs.profile - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.inputs.cluster_name - # cluster_autoscaler_role_name = dependency.eks.outputs.cluster_autoscaler_role_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + cluster_name = dependency.eks.outputs.cluster_name eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + subnets = dependency.eks.outputs.subnets tags = dependency.eks.inputs.tags - tag_costallocation = local.tag_costallocation - region = dependency.eks.inputs.region + vpc_id = dependency.eks.outputs.vpc_id } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-dns/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-dns/terragrunt.hcl new file mode 100644 index 0000000..46d26d8 --- /dev/null +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-dns/terragrunt.hcl @@ -0,0 +1,30 @@ +include "root" { + path = find_in_parent_folders() + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + zone_ids = ["Z12345678CA5FV1LIFBC5"] + } +} + +inputs = { + cluster_name = dependency.eks.inputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + subnets = dependency.eks.outputs.subnets + tags = dependency.eks.inputs.tags + vpc_domain_name = dependency.eks.inputs.vpc_domain_name + vpc_id = dependency.eks.outputs.vpc_id + vpc_name = dependency.eks.inputs.vpc_name +} diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-grafana/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-grafana/terragrunt.hcl index 4836624..1a52e9e 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-grafana/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-grafana/terragrunt.hcl @@ -1,3 +1,8 @@ +include "root" { + path = find_in_parent_folders() + expose = true +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git" extra_arguments "retry_lock" { @@ -8,10 +13,23 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } } dependency "eks-config" { config_path = "../eks-config" + mock_outputs = { + rwo_storage_class = "a-storage-class" + } +} + +dependency "eks-dns" { + config_path = "../eks-dns" + mock_outputs = { + cluster_domain = "a-cluster-domain" + } } dependency "eks-istio" { @@ -25,12 +43,9 @@ dependency "eks-karpenter" { } inputs = { - profile = dependency.eks.inputs.profile - cluster_name = dependency.eks.inputs.cluster_name - region = dependency.eks.inputs.region - cluster_domain = dependency.eks.inputs.vpc_domain_name - # datasources = { - # loki = dependency.eks-loki.outputs.gateway_internal_endpoint - # } + cluster_domain = dependency.eks-dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region rwo_storage_class = dependency.eks-config.outputs.rwo_storage_class } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-istio/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-istio/terragrunt.hcl index 5cd7643..c1190ab 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-istio/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-istio/terragrunt.hcl @@ -1,5 +1,6 @@ include "root" { - path = find_in_parent_folders() + path = find_in_parent_folders() + expose = true } terraform { @@ -12,17 +13,21 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } } + dependency "eks-karpenter" { config_path = "../eks-karpenter" skip_outputs = true } inputs = { - profile = dependency.eks.inputs.profile - cluster_name = dependency.eks.inputs.cluster_name - region = dependency.eks.inputs.region + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name istio_chart_version = "1.22.1" istio_version = "1.22.1" } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-karpenter/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-karpenter/terragrunt.hcl index f8702a8..3297ee1 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-karpenter/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-karpenter/terragrunt.hcl @@ -1,5 +1,6 @@ include "root" { - path = find_in_parent_folders() + path = find_in_parent_folders() + expose = true } terraform { @@ -12,6 +13,13 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" + cluster_name = "a-cluster-name" + node_group_name = "node_group_a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + vpc_id = "a-vpc-name" + } } dependency "eks-cert-manager" { @@ -20,11 +28,11 @@ dependency "eks-cert-manager" { } inputs = { - profile = dependency.eks.inputs.profile cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.inputs.cluster_name + cluster_name = dependency.eks.outputs.cluster_name karpenter_node_group_name = dependency.eks.outputs.node_group_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - region = dependency.eks.inputs.region + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region vpc_id = dependency.eks.outputs.vpc_id } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-kiali/terragrunt.hcl.off b/lab/us-gov-east-1/vpc/_mcmCluster/eks-kiali/terragrunt.hcl.off index f3c35f4..79c48ef 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-kiali/terragrunt.hcl.off +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-kiali/terragrunt.hcl.off @@ -1,9 +1,6 @@ include "root" { path = find_in_parent_folders() -} - -locals { - tag_costallocation = "census:csvd:platformbaseline" + expose = true } terraform { @@ -16,31 +13,55 @@ terraform { dependency "eks" { config_path = "../eks" -} -dependency "eks-config" { - config_path = "../eks-config" + mock_outputs = { + cluster_name = "a-cluster-name" + } } dependency "eks-cert-manager" { config_path = "../eks-cert-manager" + mock_outputs = { + cluster_issuer_name = "acmpca-clusterissuer" + } } dependency "eks-prometheus" { config_path = "../eks-prometheus" + mock_outputs = { + prometheus_server_internal_endpoint = { + hostname = "prometheus-server.prometheus.svc.cluster.local" + port_number = 9090 + url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" + } + } } dependency "eks-grafana" { config_path = "../eks-grafana" + mock_outputs = { + internal_endpoint = { + hostname = "grafana.grafana.svc.cluster.local" + port_number = "80" + url = "https://grafana.grafana.svc.cluster.local:80/" + } + namespace = "grafana" + public_endpoint = { + hostname = "grafana.dev.lab.csp2.census.gov" + port_number = "80" + url = "https://grafana.dev.lab.csp2.census.gov:80/" + } + secret_name = "grafana" + } } inputs = { certificate_issuer = dependency.eks-cert-manager.outputs.certificate_issuer - cluster_domain = dependency.eks.inputs.vpc_domain_name - cluster_name = dependency.eks.inputs.cluster_name + cluster_domain = dependency.eks.outputs.vpc_domain_name + cluster_name = dependency.eks.outputs.cluster_name grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url grafana_namespace = dependency.eks-grafana.outputs.namespace grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url grafana_secret_name = dependency.eks-grafana.outputs.secret_name jaeger_internal_url = "" operators_namespace = dependency.eks-config.outputs.operators_ns - profile = dependency.eks.inputs.profile + profile = include.root.inputs.aws_profile prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-loki/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-loki/terragrunt.hcl index c9fa6ba..4f130d3 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-loki/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-loki/terragrunt.hcl @@ -1,5 +1,6 @@ include "root" { - path = find_in_parent_folders() + path = find_in_parent_folders() + expose = true } terraform { @@ -12,6 +13,10 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } } dependency "eks-grafana" { @@ -20,8 +25,8 @@ dependency "eks-grafana" { } inputs = { - profile = dependency.eks.inputs.profile cluster_name = dependency.eks.inputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - region = dependency.eks.inputs.region + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-metrics-server/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-metrics-server/terragrunt.hcl index f8bd9c2..5243e60 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-metrics-server/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-metrics-server/terragrunt.hcl @@ -1,9 +1,6 @@ include "root" { - path = find_in_parent_folders() -} - -locals { - tag_costallocation = "census:csvd:platformbaseline" + path = find_in_parent_folders() + expose = true } terraform { @@ -16,15 +13,13 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } } -# dependency "eks-config" { -# config_path = "../eks-config" -# skip_outputs = true -# } - inputs = { - profile = dependency.eks.inputs.profile - cluster_name = dependency.eks.inputs.cluster_name - region = dependency.eks.inputs.region + cluster_name = dependency.eks.outputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-prometheus/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-prometheus/terragrunt.hcl index a8679ef..d921ba6 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-prometheus/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-prometheus/terragrunt.hcl @@ -1,5 +1,6 @@ include "root" { - path = find_in_parent_folders() + path = find_in_parent_folders() + expose = true } terraform { @@ -12,15 +13,18 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } } + dependency "eks-grafana" { config_path = "../eks-grafana" skip_outputs = true } - inputs = { - profile = dependency.eks.inputs.profile - cluster_name = dependency.eks.inputs.cluster_name - region = dependency.eks.inputs.region + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks-tempo/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks-tempo/terragrunt.hcl index 87becc7..eaf268b 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks-tempo/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks-tempo/terragrunt.hcl @@ -1,9 +1,6 @@ include "root" { - path = find_in_parent_folders() -} - -locals { - tag_costallocation = "census:csvd:platformbaseline" + path = find_in_parent_folders() + expose = true } terraform { @@ -16,15 +13,28 @@ terraform { dependency "eks" { config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } } + dependency "eks-prometheus" { config_path = "../eks-prometheus" + mock_outputs = { + prometheus_server_internal_endpoint = { + hostname = "prometheus-server.prometheus.svc.cluster.local" + port_number = 9090 + url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" + } + prometheus_namespace = "prometheus" + } } inputs = { - profile = dependency.eks.inputs.profile - region = dependency.eks.inputs.region - cluster_name = dependency.eks.inputs.cluster_name + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/eks/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/eks/terragrunt.hcl index 79966ad..31ba50e 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/eks/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/eks/terragrunt.hcl @@ -8,21 +8,21 @@ locals { region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) # In which AWS region are operations being performed account_id = local.account_vars.locals.aws_account_id - vpc_name = "vpc3-lab-dev" + cluster_endpoint_public_access = true + cluster_mailing_list = "matthew.c.morgan@census.gov" cluster_name = "platform-eng-eks-mcm" cluster_version = "1.30" - vpc_domain_name = "dev.lab.csp2.census.gov" eks_instance_disk_size = 100 - eks_vpc_name = "vpc3-lab-dev" eks_ng_desired_size = 2 eks_ng_max_size = 10 eks_ng_min_size = 2 - operators_ns = "operators" + eks_vpc_name = "vpc3-lab-dev" enable_cluster_creator_admin_permissions = true - cluster_endpoint_public_access = true + operators_ns = "operators" profile = "224384469011-lab-dev-gov" region = local.region_vars.locals.aws_region - cluster_mailing_list = "matthew.c.morgan@census.gov" + vpc_domain_name = "dev.lab.csp2.census.gov" + vpc_name = "vpc3-lab-dev" # Tags applied to AWS objects created tags = { @@ -30,11 +30,10 @@ locals { "slim:schedule" = "8:00-17:00" "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" } - } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=dnsv2" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] @@ -43,22 +42,22 @@ terraform { inputs = { aws_account_id = local.account_id - profile = local.profile - vpc_name = local.eks_vpc_name + cluster_endpoint_public_access = local.cluster_endpoint_public_access cluster_name = local.cluster_name cluster_version = local.cluster_version + creator = local.cluster_mailing_list eks_instance_disk_size = local.eks_instance_disk_size - eks_vpc_name = local.eks_vpc_name eks_ng_desired_size = local.eks_ng_desired_size eks_ng_max_size = local.eks_ng_max_size eks_ng_min_size = local.eks_ng_min_size - operators_ns = local.operators_ns + eks_vpc_name = local.eks_vpc_name enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - cluster_endpoint_public_access = local.cluster_endpoint_public_access - tags = local.tags - vcp_domain_name = local.vpc_domain_name - region = local.region - creator = local.cluster_mailing_list + operators_ns = local.operators_ns os_username = local.cluster_mailing_list + profile = local.profile + region = local.region shared_vpc_label = "dev" + tags = local.tags + vpc_domain_name = local.vpc_domain_name + vpc_name = local.eks_vpc_name } diff --git a/lab/us-gov-east-1/vpc/_mcmCluster/terragrunt.hcl b/lab/us-gov-east-1/vpc/_mcmCluster/terragrunt.hcl index 2886607..77f3d5f 100644 --- a/lab/us-gov-east-1/vpc/_mcmCluster/terragrunt.hcl +++ b/lab/us-gov-east-1/vpc/_mcmCluster/terragrunt.hcl @@ -75,14 +75,18 @@ remote_state { if_exists = "overwrite_terragrunt" } config = { - bucket = "${local.state_bucket_prefix}-${local.account_id}" - dynamodb_table = "${local.state_table_name}" - key = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}" - profile = "${local.profile}" - region = "${local.region}" - skip_bucket_enforced_tls = true - skip_bucket_root_access = true - skip_bucket_ssencryption = true + bucket = "${local.state_bucket_prefix}-${local.account_id}" + dynamodb_table = "${local.state_table_name}" + key = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate" + profile = "${local.profile}" + region = "${local.region}" + disable_bucket_update = true + skip_bucket_enforced_tls = true # use only if you need to access the S3 bucket without TLS being enforced + skip_bucket_public_access_blocking = true + skip_bucket_root_access = true # use only if the AWS account root user should not have access to the remote state bucket for some reason + skip_bucket_ssencryption = true # use only if non-encrypted OpenTofu/Terraform State is required and/or the object store does not support server-side encryption + skip_bucket_versioning = false # use only if the object store does not support versioning + enable_lock_table_ssencryption = false # use only if non-encrypted DynamoDB Lock Table for the OpenTofu/Terraform State is required and/or the NoSQL database service does not support server-side encryption } }