SCT-Engineering · mcgin314 · Oct 10, 2024 · Oct 10, 2024 · Oct 10, 2024 · Oct 10, 2024
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl
@@ -14,12 +14,21 @@ terraform {
 dependency "eks" {
   config_path = "../eks"
   mock_outputs = {
-    zone_ids = ["Z12345678CA5FV1LIFBC5"]
+    subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"]
+    vpc_id  = "vpc-abcdefgh01234567"
+  }
+}
+
+dependency "istio" {
+  config_path = "../eks-istio"
+  mock_outputs = {
+    istio_namespace = "istio-namespace"
   }
 }
 
 inputs = {
   cluster_name    = dependency.eks.inputs.cluster_name
+  istio_namespace = dependency.istio.outputs.istio_namespace
   profile         = include.root.inputs.aws_profile
   region          = include.root.inputs.aws_region
   subnets         = dependency.eks.outputs.subnets

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl
@@ -4,7 +4,7 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl
@@ -4,7 +4,7 @@ include "root" {
 }
 
 terraform {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=main"
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl
@@ -32,8 +32,9 @@ dependency "eks-prometheus" {
 }
 
 inputs = {
-  profile              = include.root.inputs.aws_profile
-  region               = include.root.inputs.aws_region
+  account_id           = include.root.locals.account_id
+  profile              = include.root.locals.aws_profile
+  region               = include.root.locals.aws_region
   cluster_name         = dependency.eks.outputs.cluster_name
   oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
   prometheus_port      = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number

diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl
@@ -6,22 +6,26 @@ include "root" {
 locals {
   # Set cluster/platform specific variables, or extract from the hierarchy. 
   account_id                               = include.root.inputs.aws_account_id
-  vpc_name                                 = include.root.inputs.vpc_name
+  cluster_endpoint_public_access           = true
   cluster_name                             = "platform-eng-eks-mcm"
   cluster_version                          = "1.30"
-  vpc_domain_name                          = include.root.inputs.vpc_domain_name
+  creator                                  = "matthew.c.morgan@census.gov"
   eks_instance_disk_size                   = 100
-  eks_vpc_name                             = include.root.inputs.vpc_name
   eks_ng_desired_size                      = 2
   eks_ng_max_size                          = 10
-  eks_ng_min_size                          = 2
-  eks_vpc_name                             = "vpc3-lab-dev"
+  eks_ng_min_size                          = 0
+  eks_vpc_name                             = include.root.inputs.vpc_name
   enable_cluster_creator_admin_permissions = true
-  cluster_endpoint_public_access           = true
+  environment_abbr                         = include.root.inputs.environment_abbr
+  organization                             = include.root.inputs.organization
   profile                                  = include.root.inputs.aws_profile
+  project_name                             = include.root.inputs.project_name
+  project_number                           = include.root.inputs.project_number
+  project_role                             = include.root.inputs.project_role
   region                                   = include.root.inputs.aws_region
-  cluster_mailing_list                     = "matthew.c.morgan@census.gov"
-  environment_abbr                         = include.root.inputs.environment_abbr
+  terraform                                = true
+  terragrunt                               = true
+  vpc_domain_name                          = include.root.inputs.vpc_domain_name
 
   # Tags applied to AWS objects created
   tags = {
@@ -39,19 +43,61 @@ terraform {
   }
 }
 
+# Generate an AWS provider block
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_version = ">= 1.5.0"
+}
+provider "aws" {
+  region = "${local.region}"
+  profile = "${local.profile}"
+  default_tags {
+    tags = {
+      ProjectNumber = "${local.project_number}"
+      "Project Name" = "${local.project_name}"
+      "Project Role" = "${local.project_role}"
+      "Project Identifier" = "${local.project_number}:${local.project_name}"
+      Organization = "${local.organization}"
+      created_by = "${local.creator}"
+      created_for = "${local.creator}"
+      created_reason = "Terragrunt Development for CICD Delivered EKS Platform"
+      Terraform = "${local.terraform}"
+      Terragrunt = "${local.terragrunt}"
+    }
+  }
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+
+provider "kubernetes" {
+  config_path    = "~/.kube/config"
+}
+ 
+provider "helm" {
+  kubernetes {
+      config_path = "~/.kube/config"
+    }
+}
+
+EOF
+}
+
 inputs = {
   aws_account_id                           = local.account_id
   cluster_endpoint_public_access           = local.cluster_endpoint_public_access
   cluster_name                             = local.cluster_name
   cluster_version                          = local.cluster_version
-  creator                                  = local.cluster_mailing_list
+  creator                                  = local.creator
   eks_instance_disk_size                   = local.eks_instance_disk_size
   eks_ng_desired_size                      = local.eks_ng_desired_size
   eks_ng_max_size                          = local.eks_ng_max_size
   eks_ng_min_size                          = local.eks_ng_min_size
   eks_vpc_name                             = local.eks_vpc_name
   enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
-  operators_ns                             = local.operators_ns
-  os_username                              = local.cluster_mailing_list
+  os_username                              = local.creator
   shared_vpc_label                         = local.environment_abbr
+  tags                                     = local.tags
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/eks/terragrunt.hcl
@@ -25,9 +25,9 @@ locals {
 
   # Tags applied to AWS objects created
   tags = {
-    "Environment"      = local.environment_abbr
-    "slim:schedule"    = "8:00-17:00"
-    "cluster:size"     = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+    "Environment"   = local.environment_abbr
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
   }
 
 }

diff --git a/lab/terragrunt.hcl b/lab/terragrunt.hcl
@@ -12,12 +12,10 @@ locals {
   account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
 
   # Automatically load region-level variables
-  # region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl", find_in_parent_folders("empty.hcl")))
   region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl", "skip-account-if-does-not-exist"))
 
   # Automatically load vpc-level variables
   vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist"))
-  #   vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl", "skip-account-if-does-not-exist"))
 
   # Extract the variables we need for easy access
   account_name        = local.account_vars.locals.account_name
@@ -30,51 +28,8 @@ locals {
   project_role        = local.common_vars.locals.project_role
   state_bucket_prefix = "inf-tfstate"
   state_table_name    = "tf_remote_state"
-}
-
-# Generate an AWS provider block
-generate "provider" {
-  path      = "provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-terraform {
-  required_version = ">= 1.5.0"
-}
-provider "aws" {
-  region = "${local.aws_region}"
-  profile = "${local.aws_profile}"
-  assume_role {
-    role_arn = "arn:aws-us-gov:iam::224384469011:role/r-inf-terraform"
-  }
-  default_tags {
-    tags = {
-      ProjectNumber = "${local.project_number}"
-      "Project Name" = "${local.project_name}"
-      "Project Role" = "${local.project_role}"
-      "Project Identifier" = "${local.project_number}:${local.project_name}"
-      Organization = "${local.organization}"
-      created_by = "luther.coleman.mcginty@census.gov"
-      created_for = "luther.coleman.mcginty@census.gov"
-      created_reason = "Terragrunt Development for CICD Delivered EKS Platform"
-      Terraform = "true"
-      Terragrunt = "true"
-    }
-  }
-  # Only these AWS Account IDs may be operated on by this template
-  allowed_account_ids = ["${local.account_id}"]
-}
-
-provider "kubernetes" {
-  config_path    = "~/.kube/config"
-}
- 
-provider "helm" {
-  kubernetes {
-      config_path = "~/.kube/config"
-    }
-}
-
-EOF
+  terraform           = true
+  terragrunt          = true
 }
 
 # Configure Terragrunt to automatically store tfstate files in an S3 bucket
@@ -90,6 +45,7 @@ remote_state {
     key                                = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate"
     profile                            = "${local.aws_profile}"
     region                             = "${local.aws_region}"
+    disable_bucket_update              = true
     skip_bucket_enforced_tls           = true # use only if you need to access the S3 bucket without TLS being enforced
     skip_bucket_public_access_blocking = true
     skip_bucket_root_access            = true  # use only if the AWS account root user should not have access to the remote state bucket for some reason