Providers

lab/_envcommon/aws-provider.hcl

@@ -0,0 +1,45 @@
+# lab/_envcommon/aws-provider.hcl
+
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = false
+}
+
+# Generate an AWS provider block
+generate "aws_provider" {
+  path      = "${get_original_terragrunt_dir()}/aws_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+  terraform {
+    required_version = "~> ${include.root.inputs.tf_version}"
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> ${include.root.inputs.aws_version}"
+    }
+  }
+  provider "aws" {
+    region = "${include.root.inputs.aws_region}"
+    profile = "${include.root.inputs.aws_profile}"
+    default_tags {
+      tags = {
+        "Project Identifier" = "${include.root.inputs.project_number}:${include.root.inputs.project_name}"
+        "Project Name" = "${include.root.inputs.project_name}"
+        "Project Role" = "${include.root.inputs.project_role}"
+        created_by = "${include.root.inputs.creator}"
+        created_for = "${include.root.inputs.creator}"
+        created_reason = "${include.root.inputs.created_reason}"
+        Environment = "${include.root.inputs.environment_abbr}"
+        Organization = "${include.root.inputs.organization}"
+        ProjectNumber = "${include.root.inputs.project_number}"
+        Terraform = "${include.root.inputs.terraform}"
+        Terragrunt = "${include.root.inputs.terragrunt}"
+      }
+    }
+    # Only these AWS Account IDs may be operated on by this template
+    allowed_account_ids = ["${include.root.inputs.account_id}"]
+  }
+EOF
+}

lab/_envcommon/common-variables.hcl

@@ -1,11 +1,25 @@
+# lab/_envcommon/common-variables.hcl
+
 # ---------------------------------------------------------------------------------------------------------------------
 # GLOBAL PARAMETERS
 # These are the variables we pass to use across modules regardless of environment, i.e. these are the parameters 
 # that are common across all environments/accounts.
 # ---------------------------------------------------------------------------------------------------------------------
 locals {
-  project_number = "fs0000000078"
-  project_name   = "csvd_platformbaseline"
-  project_role   = "csvd_platformbaseline_app"
-  organization   = "census:ocio:csvd"
-}
+  organization        = "census:ocio:csvd"
+  project_name        = "csvd_platformbaseline"
+  project_number      = "fs0000000078"
+  project_role        = "csvd_platformbaseline_app"
+  state_bucket_prefix = "inf-tfstate"
+  state_table_name    = "tf_remote_state"
+  terraform           = true
+  terragrunt          = true
+  route53_endpoints = {
+    route53_main = {
+      "account_id"    = "269244441389"
+      "alias"         = "lab-gov-network-nonprod"
+      "us-gov-east-1" = "vpc-070595c5b133243dd"
+      "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
+    }
+  }
+}

lab/_envcommon/default-versions.hcl

@@ -0,0 +1,107 @@
+# lab/_envcommon/default-versions.hcl
+
+locals {
+  #####################
+  # Module Versions
+  #####################
+  cluster_version            = "1.30"
+  custom_service_eks_account = "${local.release_version}"
+  eks_module_version         = "20.28.0"
+  istio_ingress_version      = "${local.release_version}"
+  release_version            = "0.1.1"
+
+  #####################
+  # TF Providers
+  #####################
+  aws_version        = "5.14.0"
+  helm_version       = "2.11.0"
+  kubernetes_version = "2.33.0"
+  null_version       = "3.2.1"
+  random_version     = "3.5.1"
+  template_version   = "2.2.0"
+  tf_version         = "1.5.0"
+
+  #####################
+  # EKS Config
+  #####################
+  kubectl_image_tag = "1.30.4"
+
+  ################
+  # k8s-dashboard
+  ################
+  dashboard_hostname            = "dashboard"
+  k8s_dashboard_metrics_scraper = "1.0.8"
+  k8s_dashboard_version         = "6.0.6"
+
+  ################
+  # Cert-Manager
+  ################
+  cluster_issuer_name              = "cert-manager"
+  cert_manager_cainjector_tag      = "v${local.cert_manager_version}"
+  cert_manager_controller_tag      = "v${local.cert_manager_version}"
+  cert_manager_helm_chart          = "${local.cert_manager_version}"
+  cert_manager_startupapicheck_tag = "v${local.cert_manager_version}"
+  cert_manager_version             = "1.16.1"
+  cert_manager_webhook_tag         = "v${local.cert_manager_version}"
+
+  ################
+  # Istio
+  ################
+  istio_version = "1.22.1"
+
+  ################
+  # Grafana
+  ################
+  download_dashboards_image_tag = "7.85.0"
+  grafana_chart_version         = "8.5.0"
+  grafana_hostname              = "grafana"
+  grafana_tag                   = "11.1.5"
+  init_chown_data_image_tag     = "1.31.1"
+
+  ################
+  # Karpenter
+  ################
+  karpenter_helm_chart = "1.0.6"
+  karpenter_tag        = "1.0.6"
+
+  ################
+  # Kiali
+  ################
+  kiali_operator_version    = "1.73.0"
+  kiali_application_version = "v${local.kiali_operator_version}"
+
+  ################
+  # Loki
+  ################
+  loki_chart_version              = "6.10.2"
+  loki_tag                        = "3.1.1"
+  canary_tag                      = "3.0.0"
+  enterprise_logs_provisioner_tag = "v1.7.0"
+  gateway_tag                     = "1.25.2-alpine"
+  memcached_tag                   = "1.6.23-alpine"
+  exporter_tag                    = "v0.14.4"
+  sidecar_tag                     = "1.27.4"
+
+  ################
+  # Metrics Server
+  ################
+  metrics_server_helm_chart = "3.12.1"
+  metrics_server_tag        = "v0.7.1"
+
+  ################
+  # Prometheus
+  ################
+  prometheus_chart_version       = "25.26.0"
+  prometheus_server_tag          = "v2.54.0"
+  prometheus_config_reloader_tag = "v0.75.2"
+  alertmanager_tag               = "v0.27.0"
+  kube_state_metrics_tag         = "v2.13.0"
+  node_exporter_tag              = "v1.8.2"
+  pushgateway_tag                = "v1.9.0"
+
+  ################
+  # Tempo
+  ################
+  tempo_chart_version = "1.10.3"
+  tempo_tag           = "2.5.0"
+}

lab/_envcommon/helm-provider.hcl

@@ -0,0 +1,46 @@
+# lab/_envcommon/helm-provider.hcl
+
+dependency "eks" {
+  config_path = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+# Generate a helm provider block
+generate "helm_provider" {
+  path      = "${get_original_terragrunt_dir()}/helm_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+    terraform {
+    required_version = "~> ${include.root.inputs.tf_version}"
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> ${include.root.inputs.aws_version}"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> ${include.root.inputs.helm_version}"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> ${include.root.inputs.kubernetes_version}"
+    }
+  }
+  data "aws_eks_cluster" "helm" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  data "aws_eks_cluster_auth" "helm" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  provider "helm" {
+    kubernetes {
+      host                   = data.aws_eks_cluster.helm[0].endpoint
+      cluster_ca_certificate = base64decode(data.aws_eks_cluster.helm[0].certificate_authority[0].data)
+      token                  = data.aws_eks_cluster_auth.helm.token
+    }
+  }
+EOF
+}

lab/_envcommon/kubernetes-provider.hcl

@@ -0,0 +1,40 @@
+# lab/_envcommon/kubernetes-provider.hcl
+
+dependency "eks" {
+  config_path = "${get_original_terragrunt_dir()}/../eks"
+  mock_outputs = {
+    cluster_name = "a-cluster-name"
+  }
+}
+
+# Generate a k8s provider block
+generate "kube_provider" {
+  path      = "${get_original_terragrunt_dir()}/kube_provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+  terraform {
+    required_version = "~> ${include.root.inputs.tf_version}"
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> ${include.root.inputs.aws_version}"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> ${include.root.inputs.kubernetes_version}"
+    }
+  }
+  data "aws_eks_cluster" "kube" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  data "aws_eks_cluster_auth" "kube" {
+    name = "${dependency.eks.outputs.cluster_name}"
+  }
+  provider "kubernetes" {
+    host                   = data.aws_eks_cluster.kube.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.kube.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.kube.token
+  }
+EOF
+}

lab/development/account.hcl

@@ -1,3 +1,5 @@
+# lab/development/account.hcl
+
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration. Terragrunt often segments account and environment, but given our strategy is to 
 # leverage accounts as environment boundaries, there is an anticipated 1:1 account to environment model that 
@@ -8,4 +10,4 @@ locals {
   aws_profile      = "224384469011-lab-dev-gov"
   environment      = "development"
   environment_abbr = "dev"
-}
+}

lab/development/us-gov-east-1/region.hcl

@@ -1,5 +1,7 @@
+# lab/development/us-gov-east-1/region.hcl
+
 # Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to
 # configure the remote state bucket and pass forward to the child modules as inputs.
 locals {
   aws_region = "us-gov-east-1"
-}
+}