From e7130e4142026cd6ff0b67b9a2b7e1f695a0923b Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 6 Dec 2024 14:24:49 -0500 Subject: [PATCH 1/6] updates for provider generation --- .github/workflows/conductor-workflow.yml | 35 ++++++++ .../infrastructure-provision-workflow.yml | 51 +++++++++++ .github/workflows/pr-checks-workflow.yml | 84 +++++++++++++++++++ .../workflows/pr-security-scan-workflow.yml | 34 ++++++++ .../workflows/pr-terragrunt-plan-workflow.yml | 50 +++++++++++ .github/workflows/security-scan-workflow.yml | 46 ++++++++++ .../workflows/terragrunt-plan-workflow.yml | 61 ++++++++++++++ .../eks-config/terragrunt.hcl | 27 ++++++ .../eks-dns/terragrunt.hcl | 23 +++++ .../eks-grafana/terragrunt.hcl | 23 +++++ .../eks-istio/terragrunt.hcl | 23 +++++ .../eks-k8s-dashboard/terragrunt.hcl | 23 +++++ .../eks-karpenter/terragrunt.hcl | 23 +++++ .../eks-kiali/terragrunt.hcl.disable | 23 +++++ .../eks-loki/terragrunt.hcl | 23 +++++ .../eks-metrics-server/terragrunt.hcl | 23 +++++ .../eks-prometheus/terragrunt.hcl | 23 +++++ .../eks-tempo/terragrunt.hcl | 23 +++++ .../platform-eng-eks-mcm/eks/terragrunt.hcl | 26 ------ 19 files changed, 618 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/conductor-workflow.yml create mode 100644 .github/workflows/infrastructure-provision-workflow.yml create mode 100644 .github/workflows/pr-checks-workflow.yml create mode 100644 .github/workflows/pr-security-scan-workflow.yml create mode 100644 .github/workflows/pr-terragrunt-plan-workflow.yml create mode 100644 .github/workflows/security-scan-workflow.yml create mode 100644 .github/workflows/terragrunt-plan-workflow.yml diff --git a/.github/workflows/conductor-workflow.yml b/.github/workflows/conductor-workflow.yml new file mode 100644 index 0000000..ca3d4a1 --- /dev/null +++ b/.github/workflows/conductor-workflow.yml @@ -0,0 +1,35 @@ +name: Infrastructure CI/CD Conductor + +on: + push: + branches: + - '*feature*' + - 'dev' + pull_request: + branches: + - 'dev' + +jobs: + trigger-terragrunt-plan: + if: github.event_name == 'push' && contains(github.ref, 'feature') + uses: ./.github/workflows/terragrunt-plan-workflow.yml + with: + environment: dev + + trigger-security-scan: + if: github.event_name == 'push' && contains(github.ref, 'feature') + needs: trigger-terragrunt-plan + uses: ./.github/workflows/security-scan-workflow.yml + + trigger-pr-terragrunt-plan: + if: github.event_name == 'pull_request' && github.base_ref == 'dev' + uses: ./.github/workflows/pr-terragrunt-plan-workflow.yml + + trigger-pr-security-scan: + if: github.event_name == 'pull_request' && github.base_ref == 'dev' + needs: trigger-pr-terragrunt-plan + uses: ./.github/workflows/pr-security-scan-workflow.yml + + trigger-infrastructure-provision: + if: github.event_name == 'push' && github.ref == 'refs/heads/dev' + uses: ./.github/workflows/infrastructure-provision-workflow.yml diff --git a/.github/workflows/infrastructure-provision-workflow.yml b/.github/workflows/infrastructure-provision-workflow.yml new file mode 100644 index 0000000..ffeed4d --- /dev/null +++ b/.github/workflows/infrastructure-provision-workflow.yml @@ -0,0 +1,51 @@ +name: Infrastructure Provision + +on: + workflow_call: + +env: + NODE_TLS_REJECT_UNAUTHORIZED: '0' + tg_root_dir: 'terragrunt' + ACCOUNT_PROFILE_NAME: "lab-dev-gov" + +permissions: + actions: read + contents: read + security-events: write + issues: read + checks: write + pull-requests: write + +jobs: + provision-infrastructure: + runs-on: [self-hosted, Linux, X64, buildkitsandbox] + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: etools/configure-aws-credentials@main + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: "arn:aws-us-gov:iam::${{ vars.AWS_ACCOUNT_ID }}:role/r-inf-terraform-eks" + role-skip-session-tagging: true + + - name: Add profile credentials to ~/.aws/credentials + run: | + aws configure set aws_region ${{ vars.AWS_REGION }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_access_key_id ${{ env.AWS_ACCESS_KEY_ID }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_secret_access_key ${{ env.AWS_SECRET_ACCESS_KEY }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_session_token ${{ env.AWS_SESSION_TOKEN }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws sts get-caller-identity --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + + - name: Provision Infrastructure + run: | + pwd + cd lab/development/us-gov-east-1/vpc/platform-test-cicd + https_proxy=http://proxy.tco.census.gov:3128 \ + http_proxy=http://proxy.tco.census.gov:3128 \ + NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev \ + TERRAGRUNT_PROVIDER_CACHE=1 \ + terragrunt run-all apply --terragrunt-non-interactive + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-checks-workflow.yml b/.github/workflows/pr-checks-workflow.yml new file mode 100644 index 0000000..3055085 --- /dev/null +++ b/.github/workflows/pr-checks-workflow.yml @@ -0,0 +1,84 @@ +name: PR Checks + +on: + workflow_call: + +env: + NODE_TLS_REJECT_UNAUTHORIZED: '0' + +permissions: + actions: read + contents: read + security-events: write + issues: read + checks: write + pull-requests: write + +jobs: + pr-checks: + runs-on: [self-hosted, Linux, X64, buildkitsandbox] + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Terraform + run: | + terraform init + + - name: Configure AWS credentials + uses: etools/configure-aws-credentials@main + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.AWS_REGION }} + + - name: Set AWS environment variables + run: | + export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} + export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} + export AWS_REGION=${{ vars.AWS_REGION }} + shell: bash + + - name: Terragrunt Plan + run: | + pwd + cd project-x-infra-live/development + https_proxy=http://proxy.tco.census.gov:3128 \ + http_proxy=http://proxy.tco.census.gov:3128 \ + NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev \ + TERRAGRUNT_PROVIDER_CACHE=1 \ + terragrunt run-all plan --terragrunt-non-interactive + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Scan for Vulnerabilities and Misconfigurations + run: | + export TRIVY_INSECURE=true + export http_proxy=http://proxy.tco.census.gov:3128 + export https_proxy=http://proxy.tco.census.gov:3128 + trivy fs --scanners misconfig,secret --skip-dirs ".terragrunt-cache,.terraform" --format sarif -o trivy-results.sarif . + unset http_proxy + unset https_proxy + + + + - name: Fail if Critical or High severity issues found + run: | + critical_high_count=$(jq '[.runs[].results[] | select(.properties.severity=="CRITICAL" or .properties.severity=="HIGH")] | length' trivy-results.sarif) + if [ "$critical_high_count" -gt 0 ]; then + echo "Found $critical_high_count critical or high severity issues." + exit 1 + else + echo "No critical or high severity issues found." + fi + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + - name: Prevent merge on security issues + if: failure() + run: | + echo "Security issues found. PR cannot be merged." + exit 1 diff --git a/.github/workflows/pr-security-scan-workflow.yml b/.github/workflows/pr-security-scan-workflow.yml new file mode 100644 index 0000000..e63f3b5 --- /dev/null +++ b/.github/workflows/pr-security-scan-workflow.yml @@ -0,0 +1,34 @@ +name: PR Security Scan + +on: + workflow_call: + +env: + NODE_TLS_REJECT_UNAUTHORIZED: '0' + +jobs: + pr-security-scan: + runs-on: [self-hosted, Linux, X64, buildkitsandbox] + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Scan for Vulnerabilities and Misconfigurations + run: | + export TRIVY_INSECURE=true + export http_proxy=http://proxy.tco.census.gov:3128 + export https_proxy=http://proxy.tco.census.gov:3128 + trivy fs --scanners misconfig,secret --skip-dirs ".terragrunt-cache,.terraform" --format sarif -o trivy-results.sarif --exit-code 0 --severity CRITICAL,HIGH . + unset http_proxy + unset https_proxy + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + - name: Prevent merge on security issues + if: failure() + run: | + echo "Security issues found. PR cannot be merged." + exit 1 diff --git a/.github/workflows/pr-terragrunt-plan-workflow.yml b/.github/workflows/pr-terragrunt-plan-workflow.yml new file mode 100644 index 0000000..f4fb9d1 --- /dev/null +++ b/.github/workflows/pr-terragrunt-plan-workflow.yml @@ -0,0 +1,50 @@ +name: PR Terragrunt Plan + +on: + workflow_call: + +env: + NODE_TLS_REJECT_UNAUTHORIZED: '0' + +permissions: + actions: read + contents: read + security-events: write + issues: read + checks: write + pull-requests: write + +jobs: + pr-terragrunt-plan: + runs-on: [self-hosted, Linux, X64, buildkitsandbox] + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: etools/configure-aws-credentials@main + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: "arn:aws-us-gov:iam::${{ vars.AWS_ACCOUNT_ID }}:role/r-inf-terraform-eks" + role-skip-session-tagging: true + + - name: Add profile credentials to ~/.aws/credentials + run: | + aws configure set aws_region ${{ vars.AWS_REGION }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_access_key_id ${{ env.AWS_ACCESS_KEY_ID }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_secret_access_key ${{ env.AWS_SECRET_ACCESS_KEY }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_session_token ${{ env.AWS_SESSION_TOKEN }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws sts get-caller-identity --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + + - name: Terragrunt Plan + run: | + pwd + aws sts get-caller-identity --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + cd lab/development/us-gov-east-1/vpc/platform-test-cicd + https_proxy=http://proxy.tco.census.gov:3128 \ + http_proxy=http://proxy.tco.census.gov:3128 \ + NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev \ + TERRAGRUNT_PROVIDER_CACHE=1 \ + terragrunt run-all plan --terragrunt-non-interactive + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/security-scan-workflow.yml b/.github/workflows/security-scan-workflow.yml new file mode 100644 index 0000000..143b7d6 --- /dev/null +++ b/.github/workflows/security-scan-workflow.yml @@ -0,0 +1,46 @@ +name: Security Scan + +on: + workflow_call: + +jobs: + security-scan: + runs-on: self-hosted + env: + NODE_TLS_REJECT_UNAUTHORIZED: '0' + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Terraform + run: | + # Initialize Terraform/Terragrunt to download modules + export http_proxy=http://proxy.tco.census.gov:3128 + export https_proxy=http://proxy.tco.census.gov:3128 + pwd + cd lab/development/us-gov-east-1/vpc/platform-test-cicd + terraform init + terragrunt run-all init --terragrunt-non-interactive + unset http_proxy + unset https_proxy + - name: Scan for Vulnerabilities and Misconfigurations # I need to check if the report can be adjusted from trivy itself, pre-scan, using flags + run: | + export TRIVY_INSECURE=true + export http_proxy=http://proxy.tco.census.gov:3128 + export https_proxy=http://proxy.tco.census.gov:3128 + trivy fs --scanners misconfig,secret --format sarif -o trivy-results.sarif . + unset http_proxy + unset https_proxy + jq 'walk( + if type == "object" and .uri? and (.uri | test("git@")) then + .uri |= sub("git@([^:]+):"; "\\1/") + else + . + end + )' trivy-results.sarif > trivy-results-fixed.sarif + + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results-fixed.sarif' diff --git a/.github/workflows/terragrunt-plan-workflow.yml b/.github/workflows/terragrunt-plan-workflow.yml new file mode 100644 index 0000000..3559284 --- /dev/null +++ b/.github/workflows/terragrunt-plan-workflow.yml @@ -0,0 +1,61 @@ +name: Terragrunt Plan + +on: + workflow_dispatch: + workflow_call: + inputs: + environment: + required: true + type: string + +env: + NODE_TLS_REJECT_UNAUTHORIZED: '0' + tg_root_dir: 'terragrunt' + ACCOUNT_PROFILE_NAME: "lab-dev-gov" +# aws-region: 'us-east-1' + +permissions: + actions: read + contents: read + security-events: write + issues: read + checks: write + pull-requests: write + +jobs: + terragrunt-plan: + runs-on: [self-hosted, Linux, X64, buildkitsandbox] + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: etools/configure-aws-credentials@main + with: +# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} +# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: "arn:aws-us-gov:iam::${{ vars.AWS_ACCOUNT_ID }}:role/r-inf-terraform-eks" + role-skip-session-tagging: true + + - name: Add profile credentials to ~/.aws/credentials + run: | + aws configure set aws_region ${{ vars.AWS_REGION }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_access_key_id ${{ env.AWS_ACCESS_KEY_ID }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_secret_access_key ${{ env.AWS_SECRET_ACCESS_KEY }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws configure set aws_session_token ${{ env.AWS_SESSION_TOKEN }} --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + aws sts get-caller-identity --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + + - name: Terragrunt Plan + run: | + pwd + aws sts get-caller-identity --profile "${{ vars.AWS_ACCOUNT_ID }}-${{ env.ACCOUNT_PROFILE_NAME }}" + rm -rf ~/.kube/config + cd lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm + https_proxy=http://proxy.tco.census.gov:3128 \ + http_proxy=http://proxy.tco.census.gov:3128 \ + NO_PROXY=.census.gov,169.254.169.254,148.129.0.0/16,10.0.0.0/8,172.16.0/12,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev \ + TERRAGRUNT_PROVIDER_CACHE=1 \ + terragrunt run-all plan --terragrunt-non-interactive --terragrunt-log-level debug + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl index d4a60db..9d919ac 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl @@ -29,6 +29,33 @@ dependency "eks" { } } +locals { + providers = ["aws", "kubernetes"] +} + +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl index 6e28781..d0c2f63 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl @@ -29,6 +29,29 @@ dependency "istio" { } } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { cluster_name = dependency.eks.inputs.cluster_name istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl index 65ab33f..9215e89 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl @@ -26,6 +26,29 @@ dependency "eks-loki" { } } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl index c7c22c8..67457cd 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl @@ -23,6 +23,29 @@ dependency "eks-karpenter" { skip_outputs = true } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl index cd1961b..02c4e1b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl @@ -25,6 +25,29 @@ dependency "eks-loki" { skip_outputs = true } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl index 6b1a862..ba364ee 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl @@ -28,6 +28,29 @@ dependency "eks-config" { skip_outputs = true } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable index 1e04fe0..d735b8b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable @@ -53,6 +53,29 @@ dependency "eks-grafana" { } } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { kiali_operator_version = include.root.inputs.kiali_operator_version kiali_application_version = include.root.inputs.kiali_application_version diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl index 2c6b6be..327335d 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl @@ -28,6 +28,29 @@ dependency "eks-prometheus" { skip_outputs = true } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl index 387653b..7ec3d76 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl @@ -24,6 +24,29 @@ dependency "eks_config" { skip_outputs = true } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile cluster_name = dependency.eks.outputs.cluster_name diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl index e6c54b1..0d684f8 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl @@ -24,6 +24,29 @@ dependency "eks-dns" { skip_outputs = true } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl index e9ebd48..b85df70 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl @@ -32,6 +32,29 @@ dependency "eks-prometheus" { } } +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + inputs = { account_id = include.root.locals.account_id profile = include.root.locals.aws_profile diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl index cc7c893..0a10b20 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl @@ -4,32 +4,6 @@ include "root" { expose = true } -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator - eks_instance_disk_size = include.root.inputs.eks_instance_disk_size - eks_ng_desired_size = include.root.inputs.eks_ng_desired_size - eks_ng_max_size = include.root.inputs.eks_ng_max_size - eks_ng_min_size = include.root.inputs.eks_ng_min_size - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - tags = include.root.inputs.tags - terraform = include.root.inputs.terraform - terragrunt = include.root.inputs.terragrunt - vpc_domain_name = include.root.inputs.vpc_domain_name -} - terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { From 0f206bed76df3d4d1448558daa2a549161aca7b9 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 6 Dec 2024 15:03:32 -0500 Subject: [PATCH 2/6] remove other clusters --- .../vpc/platform-eng-eks-mcm/cluster.hcl | 5 +- .../platform-eng-eks-mcm/eks/terragrunt.hcl | 27 ++- .../vpc/platform-eng-eks-test/cluster.hcl | 20 -- .../eks-cert-manager/terragrunt.hcl | 40 ---- .../eks-config/terragrunt.hcl | 42 ---- .../eks-dns/terragrunt.hcl | 42 ---- .../eks-grafana/terragrunt.hcl | 40 ---- .../eks-istio/terragrunt.hcl | 32 --- .../eks-k8s-dashboard/terragrunt.hcl | 36 ---- .../eks-karpenter/terragrunt.hcl | 43 ---- .../eks-kiali/terragrunt.hcl.disable | 81 ------- .../eks-loki/terragrunt.hcl | 44 ---- .../eks-metrics-server/terragrunt.hcl | 33 --- .../eks-prometheus/README.md | 198 ------------------ .../eks-prometheus/terragrunt.hcl | 38 ---- .../eks-tempo/terragrunt.hcl | 46 ---- .../platform-eng-eks-test/eks/terragrunt.hcl | 56 ----- .../vpc/platform-test-cicd/cluster.hcl | 20 -- .../eks-cert-manager/terragrunt.hcl | 40 ---- .../eks-config/terragrunt.hcl | 42 ---- .../platform-test-cicd/eks-dns/terragrunt.hcl | 42 ---- .../eks-grafana/terragrunt.hcl | 40 ---- .../eks-istio/terragrunt.hcl | 32 --- .../eks-k8s-dashboard/terragrunt.hcl | 36 ---- .../eks-karpenter/terragrunt.hcl | 43 ---- .../eks-kiali/terragrunt.hcl.disable | 81 ------- .../eks-loki/terragrunt.hcl | 44 ---- .../eks-metrics-server/terragrunt.hcl | 33 --- .../eks-prometheus/README.md | 198 ------------------ .../eks-prometheus/terragrunt.hcl | 38 ---- .../eks-tempo/terragrunt.hcl | 46 ---- .../vpc/platform-test-cicd/eks/terragrunt.hcl | 56 ----- .../vpc/platform-test-x/cluster.hcl | 20 -- lab/root.hcl | 69 +++++- 34 files changed, 77 insertions(+), 1626 deletions(-) delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl delete mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl index 98d12d7..e43148a 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl @@ -5,6 +5,7 @@ locals { cluster_endpoint_public_access = true cluster_name = "platform-eng-eks-mcm" + created_reason = "Terragrunt Development for CICD Delivered EKS Platform" creator = "matthew.c.morgan@census.gov" eks_instance_disk_size = 100 eks_ng_desired_size = 2 @@ -17,8 +18,4 @@ locals { "slim:schedule" = "8:00-17:00" "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" } - eks_version = "0.1.1" - eks_enabled = true - - } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl index 0a10b20..ba46766 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl @@ -13,18 +13,17 @@ terraform { } inputs = { - aws_account_id = local.account_id - cluster_endpoint_public_access = local.cluster_endpoint_public_access - cluster_name = local.cluster_name - cluster_version = local.cluster_version - creator = local.creator - eks_instance_disk_size = local.eks_instance_disk_size - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - eks_vpc_name = local.eks_vpc_name - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - os_username = local.creator - shared_vpc_label = local.environment_abbr - tags = local.tags + cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access + cluster_name = include.root.inputs.cluster_name + cluster_version = include.root.inputs.cluster_version + creator = include.root.inputs.creator + eks_instance_disk_size = include.root.inputs.eks_instance_disk_size + eks_ng_desired_size = include.root.inputs.eks_ng_desired_size + eks_ng_max_size = include.root.inputs.eks_ng_max_size + eks_ng_min_size = include.root.inputs.eks_ng_min_size + eks_vpc_name = include.root.inputs.vpc_name + enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions + environment_abbr = include.root.inputs.environment_abbr + tags = include.root.inputs.tags + vpc_name = include.root.inputs.vpc_name } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl deleted file mode 100644 index 8d2831c..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index 35e355a..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = dependency.eks.inputs.creator - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag - cluster_issuer_name = include.root.inputs.cluster_issuer_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl deleted file mode 100644 index d4a60db..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl - -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] - cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - security_group_all_worker_mgmt_id = "sg-00b0000000000000" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] - vpc_id = "a-vpc-id" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.outputs.cluster_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - kubectl_image_tag = include.root.inputs.kubectl_image_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl deleted file mode 100644 index 6e28781..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] - } -} - -dependency "istio" { - config_path = "../eks-istio" - mock_outputs = { - istio_ingress_lb = { - dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" - zone_id = "ZABC123456DEF" - } - } -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_name = dependency.eks.inputs.vpc_name - route53_endpoints = include.root.inputs.route53_endpoints -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl deleted file mode 100644 index 65ab33f..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.grafana_hostname - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl deleted file mode 100644 index c7c22c8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,32 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = include.root.inputs.istio_version - istio_version = include.root.inputs.istio_version -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index cd1961b..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,36 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - vpc_domain_name = "example.com" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.dashboard_hostname - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 6b1a862..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,43 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - node_group_name = "node_group_a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - vpc_id = "a-vpc-name" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - karpenter_node_group_name = dependency.eks.outputs.node_group_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - vpc_id = dependency.eks.outputs.vpc_id - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_tag = include.root.inputs.karpenter_tag - kubectl_tag = include.root.inputs.kubectl_image_tag - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable deleted file mode 100644 index 1e04fe0..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable +++ /dev/null @@ -1,81 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" - # source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.dev.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.dev.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -inputs = { - kiali_operator_version = include.root.inputs.kiali_operator_version - kiali_application_version = include.root.inputs.kiali_application_version - - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = "operators" - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url - grafana_secret_name = "grafana" - # grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl deleted file mode 100644 index 2c6b6be..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - canary_tag = include.root.inputs.canary_tag - enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag - gateway_tag = include.root.inputs.gateway_tag - memcached_tag = include.root.inputs.memcached_tag - exporter_tag = include.root.inputs.exporter_tag - sidecar_tag = include.root.inputs.sidecar_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 387653b..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,33 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl deleted file mode 100644 index e6c54b1..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl deleted file mode 100644 index e9ebd48..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,46 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl deleted file mode 100644 index cc7c893..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl +++ /dev/null @@ -1,56 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator - eks_instance_disk_size = include.root.inputs.eks_instance_disk_size - eks_ng_desired_size = include.root.inputs.eks_ng_desired_size - eks_ng_max_size = include.root.inputs.eks_ng_max_size - eks_ng_min_size = include.root.inputs.eks_ng_min_size - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - tags = include.root.inputs.tags - terraform = include.root.inputs.terraform - terragrunt = include.root.inputs.terragrunt - vpc_domain_name = include.root.inputs.vpc_domain_name -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - cluster_endpoint_public_access = local.cluster_endpoint_public_access - cluster_name = local.cluster_name - cluster_version = local.cluster_version - creator = local.creator - eks_instance_disk_size = local.eks_instance_disk_size - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - eks_vpc_name = local.eks_vpc_name - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - os_username = local.creator - shared_vpc_label = local.environment_abbr - tags = local.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl deleted file mode 100644 index 8d2831c..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index 35e355a..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = dependency.eks.inputs.creator - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag - cluster_issuer_name = include.root.inputs.cluster_issuer_name -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl deleted file mode 100644 index d4a60db..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl - -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] - cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - security_group_all_worker_mgmt_id = "sg-00b0000000000000" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] - vpc_id = "a-vpc-id" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.outputs.cluster_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - kubectl_image_tag = include.root.inputs.kubectl_image_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl deleted file mode 100644 index 6e28781..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] - } -} - -dependency "istio" { - config_path = "../eks-istio" - mock_outputs = { - istio_ingress_lb = { - dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" - zone_id = "ZABC123456DEF" - } - } -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_name = dependency.eks.inputs.vpc_name - route53_endpoints = include.root.inputs.route53_endpoints -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl deleted file mode 100644 index 65ab33f..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.grafana_hostname - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl deleted file mode 100644 index c7c22c8..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,32 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = include.root.inputs.istio_version - istio_version = include.root.inputs.istio_version -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index cd1961b..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,36 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - vpc_domain_name = "example.com" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.dashboard_hostname - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 6b1a862..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,43 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - node_group_name = "node_group_a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - vpc_id = "a-vpc-name" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - karpenter_node_group_name = dependency.eks.outputs.node_group_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - vpc_id = dependency.eks.outputs.vpc_id - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_tag = include.root.inputs.karpenter_tag - kubectl_tag = include.root.inputs.kubectl_image_tag - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable deleted file mode 100644 index 1e04fe0..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable +++ /dev/null @@ -1,81 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" - # source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.dev.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.dev.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -inputs = { - kiali_operator_version = include.root.inputs.kiali_operator_version - kiali_application_version = include.root.inputs.kiali_application_version - - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = "operators" - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url - grafana_secret_name = "grafana" - # grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl deleted file mode 100644 index 2c6b6be..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - canary_tag = include.root.inputs.canary_tag - enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag - gateway_tag = include.root.inputs.gateway_tag - memcached_tag = include.root.inputs.memcached_tag - exporter_tag = include.root.inputs.exporter_tag - sidecar_tag = include.root.inputs.sidecar_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 387653b..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,33 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl deleted file mode 100644 index e6c54b1..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl deleted file mode 100644 index e9ebd48..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,46 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl deleted file mode 100644 index cc7c893..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl +++ /dev/null @@ -1,56 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator - eks_instance_disk_size = include.root.inputs.eks_instance_disk_size - eks_ng_desired_size = include.root.inputs.eks_ng_desired_size - eks_ng_max_size = include.root.inputs.eks_ng_max_size - eks_ng_min_size = include.root.inputs.eks_ng_min_size - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - tags = include.root.inputs.tags - terraform = include.root.inputs.terraform - terragrunt = include.root.inputs.terragrunt - vpc_domain_name = include.root.inputs.vpc_domain_name -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - cluster_endpoint_public_access = local.cluster_endpoint_public_access - cluster_name = local.cluster_name - cluster_version = local.cluster_version - creator = local.creator - eks_instance_disk_size = local.eks_instance_disk_size - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - eks_vpc_name = local.eks_vpc_name - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - os_username = local.creator - shared_vpc_label = local.environment_abbr - tags = local.tags -} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl deleted file mode 100644 index 8d2831c..0000000 --- a/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/lab/root.hcl b/lab/root.hcl index 87fe323..802d298 100644 --- a/lab/root.hcl +++ b/lab/root.hcl @@ -9,18 +9,18 @@ locals { # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) - # Automatically load _envcommon, cross account and environment common variables - common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) - - # Automatically load versions - versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl")) - # Automatically load cluster-level variables cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl")) + # Automatically load _envcommon, cross account and environment common variables + common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) + # Automatically load region-level variables region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + # Automatically load versions + versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl")) + # Automatically load vpc-level variables vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) @@ -28,8 +28,18 @@ locals { account_id = local.account_vars.locals.aws_account_id aws_profile = local.account_vars.locals.aws_profile aws_region = local.region_vars.locals.aws_region + created_reason = local.cluster_vars.locals.created_reason + creator = local.cluster_vars.locals.creator + environment_abbr = local.account_vars.locals.environment_abbr + organization = local.common_vars.locals.organization + project_name = local.common_vars.locals.project_name + project_number = local.common_vars.locals.project_number + project_role = local.common_vars.locals.project_role state_bucket_prefix = local.common_vars.locals.state_bucket_prefix state_table_name = local.common_vars.locals.state_table_name + terraform = local.cluster_vars.locals.terraform + terragrunt = local.cluster_vars.locals.terragrunt + providers = ["aws"] } # Configure Terragrunt to automatically store tfstate files in an S3 bucket @@ -55,6 +65,53 @@ remote_state { } } +# Generate an AWS provider block +generate "providers" { + path = "providers.tf" + if_exists = "overwrite" + contents = <<-EOF +%{if contains(local.providers, "aws")} +provider "aws" { + region = "${local.aws_region}" + profile = "${local.aws_profile}" + default_tags { + tags = { + project_identifier = "${local.project_number}:${local.project_name}" + project_name = "${local.project_name}" + project_role = "${local.project_role}" + created_by = "${local.creator}" + created_for = "${local.creator}" + created_reason = "${local.created_reason}" + environment = "${local.environment_abbr}" + organization = "${local.organization}" + project_number = "${local.project_number}" + terraform = "${local.terraform}" + terragrunt = "${local.terragrunt}" + } + } + # Only these AWS Account IDs may be operated on by this template + allowed_account_ids = ["${local.account_id}"] +} +%{endif} +%{if contains(local.providers, "kubernetes")} +provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" +} +%{endif} +%{if contains(local.providers, "helm")} +provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + } +} +%{endif} +EOF +} + # --------------------------------------------------------------------------------------------------------------------- # GLOBAL PARAMETERS # These variables apply to all configurations in this subfolder. These are automatically merged into the child From 7cf9fe00f90c0c5c6c5f51915a5650ba22c84044 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 6 Dec 2024 16:24:26 -0500 Subject: [PATCH 3/6] run-all plan --- .../eks-cert-manager/terragrunt.hcl | 27 ++++++++++++++++ .../eks-config/terragrunt.hcl | 6 ++-- .../eks-dns/terragrunt.hcl | 30 +++++++++-------- .../eks-grafana/terragrunt.hcl | 30 +++++++++-------- .../eks-istio/terragrunt.hcl | 30 +++++++++-------- .../eks-k8s-dashboard/terragrunt.hcl | 30 +++++++++-------- .../eks-karpenter/terragrunt.hcl | 30 +++++++++-------- .../eks-kiali/terragrunt.hcl.disable | 30 +++++++++-------- .../eks-loki/terragrunt.hcl | 32 +++++++++++-------- .../eks-metrics-server/terragrunt.hcl | 30 +++++++++-------- .../eks-prometheus/terragrunt.hcl | 30 +++++++++-------- .../eks-tempo/terragrunt.hcl | 30 +++++++++-------- .../platform-eng-eks-mcm/eks/terragrunt.hcl | 2 +- 13 files changed, 203 insertions(+), 134 deletions(-) diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl index 35e355a..3999e10 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl @@ -25,6 +25,33 @@ dependency "eks_config" { skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + +generate "other-providers" { + path = "other-providers.tf" + if_exists = "overwrite" + contents = <<-EOF + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} +EOF +} + inputs = { cluster_name = dependency.eks.outputs.cluster_name cluster_mailing_list = dependency.eks.inputs.creator diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl index 9d919ac..46e04b0 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl @@ -24,7 +24,7 @@ dependency "eks" { oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" security_group_all_worker_mgmt_id = "sg-00b0000000000000" subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] + cluster_token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] vpc_id = "a-vpc-id" } } @@ -41,7 +41,7 @@ generate "other-providers" { provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } %{endif} %{if contains(local.providers, "helm")} @@ -49,7 +49,7 @@ provider "helm" { kubernetes { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } } %{endif} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl index d0c2f63..e792085 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl @@ -29,26 +29,30 @@ dependency "istio" { } } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl index 9215e89..efb0710 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl @@ -26,26 +26,30 @@ dependency "eks-loki" { } } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl index 67457cd..0cbd751 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl @@ -23,26 +23,30 @@ dependency "eks-karpenter" { skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl index 02c4e1b..6001036 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl @@ -25,26 +25,30 @@ dependency "eks-loki" { skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl index ba364ee..3afd731 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl @@ -28,26 +28,30 @@ dependency "eks-config" { skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable index d735b8b..9f8027b 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl.disable @@ -53,26 +53,30 @@ dependency "eks-grafana" { } } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl index 327335d..b59a73a 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl @@ -19,35 +19,41 @@ dependency "eks" { oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" } } + dependency "eks-istio" { config_path = "../eks-istio" skip_outputs = true } + dependency "eks-prometheus" { config_path = "../eks-prometheus" skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl index 7ec3d76..2804272 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl @@ -24,26 +24,30 @@ dependency "eks_config" { skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl index 0d684f8..52078a5 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl @@ -24,26 +24,30 @@ dependency "eks-dns" { skip_outputs = true } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl index b85df70..8b26975 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl @@ -32,26 +32,30 @@ dependency "eks-prometheus" { } } +locals { + providers = ["aws", "kubernetes", "helm"] +} + generate "other-providers" { path = "other-providers.tf" if_exists = "overwrite" contents = <<-EOF -%{if contains(local.providers, "kubernetes")} -provider "kubernetes" { - host = "${dependency.eks.outputs.cluster_endpoint}" - cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" -} -%{endif} -%{if contains(local.providers, "helm")} -provider "helm" { - kubernetes { + %{if contains(local.providers, "kubernetes")} + provider "kubernetes" { host = "${dependency.eks.outputs.cluster_endpoint}" cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") - token = "${dependency.eks.outputs.provider_kubernetes_config.token}" + token = "${dependency.eks.outputs.cluster_token.token}" } -} -%{endif} + %{endif} + %{if contains(local.providers, "helm")} + provider "helm" { + kubernetes { + host = "${dependency.eks.outputs.cluster_endpoint}" + cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}") + token = "${dependency.eks.outputs.cluster_token.token}" + } + } + %{endif} EOF } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl index ba46766..aa592a8 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=new_providers" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"] From f5d13b645b63d49fe855628e814aec42f394e078 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 18 Dec 2024 14:20:35 -0500 Subject: [PATCH 4/6] worked in cicd --- lab/_envcommon/aws-provider.hcl | 45 --------------- lab/_envcommon/helm-provider.hcl | 46 --------------- lab/_envcommon/kubernetes-provider.hcl | 40 ------------- .../eks-cert-manager/terragrunt.hcl | 27 --------- .../eks-config/terragrunt.hcl | 43 +++++++------- .../eks-dns/terragrunt.hcl | 27 --------- .../eks-grafana/terragrunt.hcl | 27 --------- .../eks-istio/terragrunt.hcl | 28 +--------- .../eks-k8s-dashboard/terragrunt.hcl | 27 --------- .../eks-karpenter/terragrunt.hcl | 27 --------- .../eks-kiali/terragrunt.hcl.disable | 27 --------- .../eks-loki/terragrunt.hcl | 27 --------- .../eks-metrics-server/terragrunt.hcl | 27 --------- .../eks-prometheus/terragrunt.hcl | 27 --------- .../eks-tempo/terragrunt.hcl | 27 --------- lab/root.hcl | 56 ++++++++++++++----- 16 files changed, 62 insertions(+), 466 deletions(-) delete mode 100644 lab/_envcommon/aws-provider.hcl delete mode 100644 lab/_envcommon/helm-provider.hcl delete mode 100644 lab/_envcommon/kubernetes-provider.hcl diff --git a/lab/_envcommon/aws-provider.hcl b/lab/_envcommon/aws-provider.hcl deleted file mode 100644 index 18483ac..0000000 --- a/lab/_envcommon/aws-provider.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# lab/_envcommon/aws-provider.hcl - -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = false -} - -# Generate an AWS provider block -generate "aws_provider" { - path = "${get_original_terragrunt_dir()}/aws_provider.tf" - if_exists = "overwrite_terragrunt" - contents = < Date: Wed, 18 Dec 2024 14:26:37 -0500 Subject: [PATCH 5/6] restore other clusters --- .../vpc/platform-eng-eks-test/cluster.hcl | 20 ++ .../eks-cert-manager/terragrunt.hcl | 40 ++++ .../eks-config/terragrunt.hcl | 42 ++++ .../eks-dns/terragrunt.hcl | 42 ++++ .../eks-grafana/terragrunt.hcl | 40 ++++ .../eks-istio/terragrunt.hcl | 32 +++ .../eks-k8s-dashboard/terragrunt.hcl | 36 ++++ .../eks-karpenter/terragrunt.hcl | 43 ++++ .../eks-kiali/terragrunt.hcl.disable | 81 +++++++ .../eks-loki/terragrunt.hcl | 44 ++++ .../eks-metrics-server/terragrunt.hcl | 33 +++ .../eks-prometheus/README.md | 198 ++++++++++++++++++ .../eks-prometheus/terragrunt.hcl | 38 ++++ .../eks-tempo/terragrunt.hcl | 46 ++++ .../platform-eng-eks-test/eks/terragrunt.hcl | 56 +++++ .../vpc/platform-test-cicd/cluster.hcl | 20 ++ .../eks-cert-manager/terragrunt.hcl | 40 ++++ .../eks-config/terragrunt.hcl | 42 ++++ .../platform-test-cicd/eks-dns/terragrunt.hcl | 42 ++++ .../eks-grafana/terragrunt.hcl | 40 ++++ .../eks-istio/terragrunt.hcl | 32 +++ .../eks-k8s-dashboard/terragrunt.hcl | 36 ++++ .../eks-karpenter/terragrunt.hcl | 43 ++++ .../eks-kiali/terragrunt.hcl.disable | 81 +++++++ .../eks-loki/terragrunt.hcl | 44 ++++ .../eks-metrics-server/terragrunt.hcl | 33 +++ .../eks-prometheus/README.md | 198 ++++++++++++++++++ .../eks-prometheus/terragrunt.hcl | 38 ++++ .../eks-tempo/terragrunt.hcl | 46 ++++ .../vpc/platform-test-cicd/eks/terragrunt.hcl | 56 +++++ .../vpc/platform-test-x/cluster.hcl | 20 ++ 31 files changed, 1602 insertions(+) create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl create mode 100644 lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl new file mode 100644 index 0000000..8d2831c --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/cluster.hcl @@ -0,0 +1,20 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + +# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + cluster_endpoint_public_access = true + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 + enable_cluster_creator_admin_permissions = true + terraform = true + terragrunt = true + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl new file mode 100644 index 0000000..35e355a --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-cert-manager/terragrunt.hcl @@ -0,0 +1,40 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } +} + +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + +inputs = { + cluster_name = dependency.eks.outputs.cluster_name + cluster_mailing_list = dependency.eks.inputs.creator + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart + cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag + cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag + cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag + cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag + cluster_issuer_name = include.root.inputs.cluster_issuer_name +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl new file mode 100644 index 0000000..d4a60db --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-config/terragrunt.hcl @@ -0,0 +1,42 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl + +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] + cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" + cluster_name = "a-cluster-name" + eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + security_group_all_worker_mgmt_id = "sg-00b0000000000000" + subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] + token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] + vpc_id = "a-vpc-id" + } +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + vpc_id = dependency.eks.outputs.vpc_id + cluster_name = dependency.eks.outputs.cluster_name + subnets = dependency.eks.outputs.subnets + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + kubectl_image_tag = include.root.inputs.kubectl_image_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl new file mode 100644 index 0000000..6e28781 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-dns/terragrunt.hcl @@ -0,0 +1,42 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] + } +} + +dependency "istio" { + config_path = "../eks-istio" + mock_outputs = { + istio_ingress_lb = { + dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" + zone_id = "ZABC123456DEF" + } + } +} + +inputs = { + cluster_name = dependency.eks.inputs.cluster_name + istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + subnets = dependency.eks.outputs.subnets + tags = dependency.eks.inputs.tags + vpc_domain_name = dependency.eks.inputs.vpc_domain_name + vpc_name = dependency.eks.inputs.vpc_name + route53_endpoints = include.root.inputs.route53_endpoints +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl new file mode 100644 index 0000000..65ab33f --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-grafana/terragrunt.hcl @@ -0,0 +1,40 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + mock_outputs = { + rwo_storage_class = "gp3-encrypted" + } +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.grafana_hostname + rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class + grafana_chart_version = include.root.inputs.grafana_chart_version + grafana_tag = include.root.inputs.grafana_tag + download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag + init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl new file mode 100644 index 0000000..c7c22c8 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-istio/terragrunt.hcl @@ -0,0 +1,32 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} +dependency "eks-karpenter" { + config_path = "../eks-karpenter" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + istio_chart_version = include.root.inputs.istio_version + istio_version = include.root.inputs.istio_version +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl new file mode 100644 index 0000000..cd1961b --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-k8s-dashboard/terragrunt.hcl @@ -0,0 +1,36 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + vpc_domain_name = "example.com" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.dashboard_hostname + k8s_dashboard_version = include.root.inputs.k8s_dashboard_version + # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl new file mode 100644 index 0000000..6b1a862 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-karpenter/terragrunt.hcl @@ -0,0 +1,43 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" + cluster_name = "a-cluster-name" + node_group_name = "node_group_a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + vpc_id = "a-vpc-name" + } +} + +dependency "eks-config" { + config_path = "../eks-config" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_endpoint = dependency.eks.outputs.cluster_endpoint + cluster_name = dependency.eks.outputs.cluster_name + karpenter_node_group_name = dependency.eks.outputs.node_group_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + vpc_id = dependency.eks.outputs.vpc_id + karpenter_helm_chart = include.root.inputs.karpenter_helm_chart + karpenter_tag = include.root.inputs.karpenter_tag + kubectl_tag = include.root.inputs.kubectl_image_tag + +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable new file mode 100644 index 0000000..1e04fe0 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-kiali/terragrunt.hcl.disable @@ -0,0 +1,81 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" + # source = "../../../../../../../tfmod-kiali" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} +dependency "eks-cert-manager" { + config_path = "../eks-cert-manager" + mock_outputs = { + cluster_issuer_name = "acmpca-clusterissuer" + } +} +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + mock_outputs = { + prometheus_server_internal_endpoint = { + hostname = "prometheus-server.prometheus.svc.cluster.local" + port_number = 9090 + url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" + } + } +} +dependency "eks-grafana" { + config_path = "../eks-grafana" + mock_outputs = { + internal_endpoint = { + hostname = "grafana.grafana.svc.cluster.local" + port_number = "80" + url = "https://grafana.grafana.svc.cluster.local:80/" + } + namespace = "grafana" + public_endpoint = { + hostname = "grafana.dev.lab.csp2.census.gov" + port_number = "80" + url = "https://grafana.dev.lab.csp2.census.gov:80/" + } + secret_name = "grafana" + } +} + +inputs = { + kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_application_version = include.root.inputs.kiali_application_version + + profile = include.root.inputs.aws_profile + cluster_domain = dependency.eks.inputs.vpc_domain_name + operators_namespace = "operators" + cluster_name = dependency.eks.outputs.cluster_name + certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name + prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url + grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url + grafana_namespace = dependency.eks-grafana.outputs.namespace + grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url + grafana_secret_name = "grafana" + # grafana_secret_name = dependency.eks-grafana.outputs.secret_name + jaeger_internal_url = "" + + + # client_id = var.sso_client_id + # client_secret = var.sso_client_secret + # keycloak_public_url = var.keycloak_public_url + # gogatekeeper_chart_version = var.gogatekeeper_chart_version + # gogatekeeper_registry = var.gogatekeeper_registry + # gogatekeeper_repository = var.gogatekeeper_repository + # gogatekeeper_tag = var.gogatekeeper_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl new file mode 100644 index 0000000..2c6b6be --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-loki/terragrunt.hcl @@ -0,0 +1,44 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } +} +dependency "eks-istio" { + config_path = "../eks-istio" + skip_outputs = true +} +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + loki_chart_version = include.root.inputs.loki_chart_version + loki_tag = include.root.inputs.loki_tag + canary_tag = include.root.inputs.canary_tag + enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag + gateway_tag = include.root.inputs.gateway_tag + memcached_tag = include.root.inputs.memcached_tag + exporter_tag = include.root.inputs.exporter_tag + sidecar_tag = include.root.inputs.sidecar_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl new file mode 100644 index 0000000..387653b --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-metrics-server/terragrunt.hcl @@ -0,0 +1,33 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + cluster_name = dependency.eks.outputs.cluster_name + region = include.root.inputs.aws_region + metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart + metrics_server_tag = include.root.inputs.metrics_server_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md new file mode 100644 index 0000000..bbbffb2 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/README.md @@ -0,0 +1,198 @@ +## eks-prometheus +This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. +This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. + 1. prometheus-alert-manager + 2. prometheus-node-exporter + 3. prometheus-pushgateway + 4. prometheus-server + +### Dependencies +This module is dependent on EKS module (eks). The cluster should exist already for this module to work. + +### Inputs + cluster_name + profile + prometheus_chart_version + prometheus_server_tag + prometheus_config_reloader_tag + alertmanager_tag + kube_state_metrics_tag + node_exporter_tag + pushgateway_tag + rwo_storage_class + +### Outputs + alertmanager_internal_endpoint + alertmanager_headless_internal_endpoint + pushgateway_internal_endpoint + prometheus_server_internal_endpoint + +### Issues observed/fixed +1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" +2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" +3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" +4. The alertmanager_tag value had to be updated from +5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: + + ``` + set { + name = "kube-state-metrics.image.registry" + value = module.images.images[local.ksm_key].dest_registry + } + set { + name = "kube-state-metrics.image.repository" + value = module.images.images[local.ksm_key].dest_repository + } + ``` + +6. In some other cases the image ecr repository had to be split by the colon separatory (:) + + ``` + set { + name = "alertmanager.configmapReload.image.repository" + value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] + } + ``` + +### Chart Notes + 1. Get the application URL by running these commands: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward $POD_NAME 9091 + echo "Visit http://127.0.0.1:9091 to use your application" + ``` + + The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: + prometheus-server.prometheus.svc.cluster.local + + + Get the Prometheus server URL by running these commands in the same shell: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace prometheus port-forward $POD_NAME 9090 + ``` + + The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: + `prometheus-alertmanager.prometheus.svc.cluster.local` + + + Get the Alertmanager URL by running these commands in the same shell: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace prometheus port-forward $POD_NAME 9093 + ``` + + ################################################################################# + ###### WARNING: Pod Security Policy has been disabled by default since ##### + ###### it deprecated after k8s 1.25+. use ##### + ###### (index .Values "prometheus-node-exporter" "rbac" ##### + ###### "pspEnabled") with (index .Values ##### + ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### + ###### in case you still need it. ##### + ################################################################################# + + + The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: + `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` + + + Get the PushGateway URL by running these commands in the same shell: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace prometheus port-forward $POD_NAME 9091 + ``` + + For more information on running Prometheus, visit: + https://prometheus.io/ + + kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. + The exposed metrics can be found here: + https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + + The metrics are exported on the HTTP endpoint /metrics on the listening port. + In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` + + They are served either as plaintext or protobuf depending on the Accept header. + They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + + 1. Get the application URL by running these commands: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9093 to use your application" + kubectl --namespace prometheus port-forward $POD_NAME 9093:80 + ``` + + 1. Get the application URL by running these commands: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9100 to use your application" + kubectl port-forward --namespace prometheus $POD_NAME 9100 + ``` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 5.14.0 | +| [helm](#requirement\_helm) | >= 2.11.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | +| [null](#requirement\_null) | >= 3.2.1 | + +## Providers + +| Name | Version | +|------|---------| +| [helm](#provider\_helm) | >= 2.11.0 | +| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | +| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | +| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | +| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | +| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | +| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | +| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | +| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | +| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | +| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | +| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | +| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | +| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | +| [module\_name](#output\_module\_name) | The name of this module. | +| [module\_version](#output\_module\_version) | The version of this module. | +| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | +| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | +| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | + diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl new file mode 100644 index 0000000..e6c54b1 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-prometheus/terragrunt.hcl @@ -0,0 +1,38 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks-dns" { + config_path = "../eks-dns" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + prometheus_chart_version = include.root.inputs.prometheus_chart_version + prometheus_server_tag = include.root.inputs.prometheus_server_tag + prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag + alertmanager_tag = include.root.inputs.alertmanager_tag + kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag + node_exporter_tag = include.root.inputs.node_exporter_tag + pushgateway_tag = include.root.inputs.pushgateway_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl new file mode 100644 index 0000000..e9ebd48 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks-tempo/terragrunt.hcl @@ -0,0 +1,46 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } +} + +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + mock_outputs = { + prometheus_server_internal_endpoint = { + hostname = "prometheus-server.prometheus.svc.cluster.local" + port_number = 9090 + url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" + } + prometheus_namespace = "prometheus" + } +} + +inputs = { + account_id = include.root.locals.account_id + profile = include.root.locals.aws_profile + region = include.root.locals.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number + prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace + tempo_chart_version = include.root.inputs.tempo_chart_version + tempo_tag = include.root.inputs.tempo_tag + +} diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl new file mode 100644 index 0000000..cc7c893 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-test/eks/terragrunt.hcl @@ -0,0 +1,56 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Set cluster/platform specific variables, or extract from the hierarchy. + account_id = include.root.inputs.aws_account_id + cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access + cluster_name = include.root.inputs.cluster_name + cluster_version = include.root.inputs.cluster_version + creator = include.root.inputs.creator + eks_instance_disk_size = include.root.inputs.eks_instance_disk_size + eks_ng_desired_size = include.root.inputs.eks_ng_desired_size + eks_ng_max_size = include.root.inputs.eks_ng_max_size + eks_ng_min_size = include.root.inputs.eks_ng_min_size + eks_vpc_name = include.root.inputs.vpc_name + enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions + environment_abbr = include.root.inputs.environment_abbr + organization = include.root.inputs.organization + profile = include.root.inputs.aws_profile + project_name = include.root.inputs.project_name + project_number = include.root.inputs.project_number + project_role = include.root.inputs.project_role + region = include.root.inputs.aws_region + tags = include.root.inputs.tags + terraform = include.root.inputs.terraform + terragrunt = include.root.inputs.terragrunt + vpc_domain_name = include.root.inputs.vpc_domain_name +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +inputs = { + aws_account_id = local.account_id + cluster_endpoint_public_access = local.cluster_endpoint_public_access + cluster_name = local.cluster_name + cluster_version = local.cluster_version + creator = local.creator + eks_instance_disk_size = local.eks_instance_disk_size + eks_ng_desired_size = local.eks_ng_desired_size + eks_ng_max_size = local.eks_ng_max_size + eks_ng_min_size = local.eks_ng_min_size + eks_vpc_name = local.eks_vpc_name + enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions + os_username = local.creator + shared_vpc_label = local.environment_abbr + tags = local.tags +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl new file mode 100644 index 0000000..8d2831c --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl @@ -0,0 +1,20 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + +# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + cluster_endpoint_public_access = true + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 + enable_cluster_creator_admin_permissions = true + terraform = true + terragrunt = true + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl new file mode 100644 index 0000000..35e355a --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl @@ -0,0 +1,40 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } +} + +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + +inputs = { + cluster_name = dependency.eks.outputs.cluster_name + cluster_mailing_list = dependency.eks.inputs.creator + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart + cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag + cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag + cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag + cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag + cluster_issuer_name = include.root.inputs.cluster_issuer_name +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl new file mode 100644 index 0000000..d4a60db --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl @@ -0,0 +1,42 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl + +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] + cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" + cluster_name = "a-cluster-name" + eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + security_group_all_worker_mgmt_id = "sg-00b0000000000000" + subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] + token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] + vpc_id = "a-vpc-id" + } +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + vpc_id = dependency.eks.outputs.vpc_id + cluster_name = dependency.eks.outputs.cluster_name + subnets = dependency.eks.outputs.subnets + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + kubectl_image_tag = include.root.inputs.kubectl_image_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl new file mode 100644 index 0000000..6e28781 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl @@ -0,0 +1,42 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] + } +} + +dependency "istio" { + config_path = "../eks-istio" + mock_outputs = { + istio_ingress_lb = { + dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" + zone_id = "ZABC123456DEF" + } + } +} + +inputs = { + cluster_name = dependency.eks.inputs.cluster_name + istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + subnets = dependency.eks.outputs.subnets + tags = dependency.eks.inputs.tags + vpc_domain_name = dependency.eks.inputs.vpc_domain_name + vpc_name = dependency.eks.inputs.vpc_name + route53_endpoints = include.root.inputs.route53_endpoints +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl new file mode 100644 index 0000000..65ab33f --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl @@ -0,0 +1,40 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + mock_outputs = { + rwo_storage_class = "gp3-encrypted" + } +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.grafana_hostname + rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class + grafana_chart_version = include.root.inputs.grafana_chart_version + grafana_tag = include.root.inputs.grafana_tag + download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag + init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl new file mode 100644 index 0000000..c7c22c8 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl @@ -0,0 +1,32 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} +dependency "eks-karpenter" { + config_path = "../eks-karpenter" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + istio_chart_version = include.root.inputs.istio_version + istio_version = include.root.inputs.istio_version +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl new file mode 100644 index 0000000..cd1961b --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl @@ -0,0 +1,36 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + vpc_domain_name = "example.com" + } +} + +dependency "eks-loki" { + config_path = "../eks-loki" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks.inputs.vpc_domain_name + public_hostname = include.root.inputs.dashboard_hostname + k8s_dashboard_version = include.root.inputs.k8s_dashboard_version + # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl new file mode 100644 index 0000000..6b1a862 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl @@ -0,0 +1,43 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" + cluster_name = "a-cluster-name" + node_group_name = "node_group_a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + vpc_id = "a-vpc-name" + } +} + +dependency "eks-config" { + config_path = "../eks-config" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_endpoint = dependency.eks.outputs.cluster_endpoint + cluster_name = dependency.eks.outputs.cluster_name + karpenter_node_group_name = dependency.eks.outputs.node_group_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + vpc_id = dependency.eks.outputs.vpc_id + karpenter_helm_chart = include.root.inputs.karpenter_helm_chart + karpenter_tag = include.root.inputs.karpenter_tag + kubectl_tag = include.root.inputs.kubectl_image_tag + +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable new file mode 100644 index 0000000..1e04fe0 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable @@ -0,0 +1,81 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" + # source = "../../../../../../../tfmod-kiali" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} +dependency "eks-cert-manager" { + config_path = "../eks-cert-manager" + mock_outputs = { + cluster_issuer_name = "acmpca-clusterissuer" + } +} +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + mock_outputs = { + prometheus_server_internal_endpoint = { + hostname = "prometheus-server.prometheus.svc.cluster.local" + port_number = 9090 + url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" + } + } +} +dependency "eks-grafana" { + config_path = "../eks-grafana" + mock_outputs = { + internal_endpoint = { + hostname = "grafana.grafana.svc.cluster.local" + port_number = "80" + url = "https://grafana.grafana.svc.cluster.local:80/" + } + namespace = "grafana" + public_endpoint = { + hostname = "grafana.dev.lab.csp2.census.gov" + port_number = "80" + url = "https://grafana.dev.lab.csp2.census.gov:80/" + } + secret_name = "grafana" + } +} + +inputs = { + kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_application_version = include.root.inputs.kiali_application_version + + profile = include.root.inputs.aws_profile + cluster_domain = dependency.eks.inputs.vpc_domain_name + operators_namespace = "operators" + cluster_name = dependency.eks.outputs.cluster_name + certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name + prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url + grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url + grafana_namespace = dependency.eks-grafana.outputs.namespace + grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url + grafana_secret_name = "grafana" + # grafana_secret_name = dependency.eks-grafana.outputs.secret_name + jaeger_internal_url = "" + + + # client_id = var.sso_client_id + # client_secret = var.sso_client_secret + # keycloak_public_url = var.keycloak_public_url + # gogatekeeper_chart_version = var.gogatekeeper_chart_version + # gogatekeeper_registry = var.gogatekeeper_registry + # gogatekeeper_repository = var.gogatekeeper_repository + # gogatekeeper_tag = var.gogatekeeper_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl new file mode 100644 index 0000000..2c6b6be --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl @@ -0,0 +1,44 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } +} +dependency "eks-istio" { + config_path = "../eks-istio" + skip_outputs = true +} +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + loki_chart_version = include.root.inputs.loki_chart_version + loki_tag = include.root.inputs.loki_tag + canary_tag = include.root.inputs.canary_tag + enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag + gateway_tag = include.root.inputs.gateway_tag + memcached_tag = include.root.inputs.memcached_tag + exporter_tag = include.root.inputs.exporter_tag + sidecar_tag = include.root.inputs.sidecar_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl new file mode 100644 index 0000000..387653b --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl @@ -0,0 +1,33 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks_config" { + config_path = "../eks-config" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + cluster_name = dependency.eks.outputs.cluster_name + region = include.root.inputs.aws_region + metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart + metrics_server_tag = include.root.inputs.metrics_server_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md new file mode 100644 index 0000000..bbbffb2 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md @@ -0,0 +1,198 @@ +## eks-prometheus +This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. +This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. + 1. prometheus-alert-manager + 2. prometheus-node-exporter + 3. prometheus-pushgateway + 4. prometheus-server + +### Dependencies +This module is dependent on EKS module (eks). The cluster should exist already for this module to work. + +### Inputs + cluster_name + profile + prometheus_chart_version + prometheus_server_tag + prometheus_config_reloader_tag + alertmanager_tag + kube_state_metrics_tag + node_exporter_tag + pushgateway_tag + rwo_storage_class + +### Outputs + alertmanager_internal_endpoint + alertmanager_headless_internal_endpoint + pushgateway_internal_endpoint + prometheus_server_internal_endpoint + +### Issues observed/fixed +1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" +2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" +3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" +4. The alertmanager_tag value had to be updated from +5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: + + ``` + set { + name = "kube-state-metrics.image.registry" + value = module.images.images[local.ksm_key].dest_registry + } + set { + name = "kube-state-metrics.image.repository" + value = module.images.images[local.ksm_key].dest_repository + } + ``` + +6. In some other cases the image ecr repository had to be split by the colon separatory (:) + + ``` + set { + name = "alertmanager.configmapReload.image.repository" + value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] + } + ``` + +### Chart Notes + 1. Get the application URL by running these commands: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward $POD_NAME 9091 + echo "Visit http://127.0.0.1:9091 to use your application" + ``` + + The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: + prometheus-server.prometheus.svc.cluster.local + + + Get the Prometheus server URL by running these commands in the same shell: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace prometheus port-forward $POD_NAME 9090 + ``` + + The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: + `prometheus-alertmanager.prometheus.svc.cluster.local` + + + Get the Alertmanager URL by running these commands in the same shell: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace prometheus port-forward $POD_NAME 9093 + ``` + + ################################################################################# + ###### WARNING: Pod Security Policy has been disabled by default since ##### + ###### it deprecated after k8s 1.25+. use ##### + ###### (index .Values "prometheus-node-exporter" "rbac" ##### + ###### "pspEnabled") with (index .Values ##### + ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### + ###### in case you still need it. ##### + ################################################################################# + + + The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: + `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` + + + Get the PushGateway URL by running these commands in the same shell: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace prometheus port-forward $POD_NAME 9091 + ``` + + For more information on running Prometheus, visit: + https://prometheus.io/ + + kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. + The exposed metrics can be found here: + https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + + The metrics are exported on the HTTP endpoint /metrics on the listening port. + In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` + + They are served either as plaintext or protobuf depending on the Accept header. + They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + + 1. Get the application URL by running these commands: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9093 to use your application" + kubectl --namespace prometheus port-forward $POD_NAME 9093:80 + ``` + + 1. Get the application URL by running these commands: + + ```bash + export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9100 to use your application" + kubectl port-forward --namespace prometheus $POD_NAME 9100 + ``` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 5.14.0 | +| [helm](#requirement\_helm) | >= 2.11.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | +| [null](#requirement\_null) | >= 3.2.1 | + +## Providers + +| Name | Version | +|------|---------| +| [helm](#provider\_helm) | >= 2.11.0 | +| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | +| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | +| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | +| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | +| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | +| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | +| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | +| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | +| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | +| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | +| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | +| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | +| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | +| [module\_name](#output\_module\_name) | The name of this module. | +| [module\_version](#output\_module\_version) | The version of this module. | +| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | +| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | +| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | + diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl new file mode 100644 index 0000000..e6c54b1 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl @@ -0,0 +1,38 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + } +} + +dependency "eks-dns" { + config_path = "../eks-dns" + skip_outputs = true +} + +inputs = { + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + cluster_name = dependency.eks.outputs.cluster_name + prometheus_chart_version = include.root.inputs.prometheus_chart_version + prometheus_server_tag = include.root.inputs.prometheus_server_tag + prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag + alertmanager_tag = include.root.inputs.alertmanager_tag + kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag + node_exporter_tag = include.root.inputs.node_exporter_tag + pushgateway_tag = include.root.inputs.pushgateway_tag +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl new file mode 100644 index 0000000..e9ebd48 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl @@ -0,0 +1,46 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs = { + cluster_name = "a-cluster-name" + oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" + } +} + +dependency "eks-prometheus" { + config_path = "../eks-prometheus" + mock_outputs = { + prometheus_server_internal_endpoint = { + hostname = "prometheus-server.prometheus.svc.cluster.local" + port_number = 9090 + url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" + } + prometheus_namespace = "prometheus" + } +} + +inputs = { + account_id = include.root.locals.account_id + profile = include.root.locals.aws_profile + region = include.root.locals.aws_region + cluster_name = dependency.eks.outputs.cluster_name + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number + prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace + tempo_chart_version = include.root.inputs.tempo_chart_version + tempo_tag = include.root.inputs.tempo_tag + +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl new file mode 100644 index 0000000..cc7c893 --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl @@ -0,0 +1,56 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Set cluster/platform specific variables, or extract from the hierarchy. + account_id = include.root.inputs.aws_account_id + cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access + cluster_name = include.root.inputs.cluster_name + cluster_version = include.root.inputs.cluster_version + creator = include.root.inputs.creator + eks_instance_disk_size = include.root.inputs.eks_instance_disk_size + eks_ng_desired_size = include.root.inputs.eks_ng_desired_size + eks_ng_max_size = include.root.inputs.eks_ng_max_size + eks_ng_min_size = include.root.inputs.eks_ng_min_size + eks_vpc_name = include.root.inputs.vpc_name + enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions + environment_abbr = include.root.inputs.environment_abbr + organization = include.root.inputs.organization + profile = include.root.inputs.aws_profile + project_name = include.root.inputs.project_name + project_number = include.root.inputs.project_number + project_role = include.root.inputs.project_role + region = include.root.inputs.aws_region + tags = include.root.inputs.tags + terraform = include.root.inputs.terraform + terragrunt = include.root.inputs.terragrunt + vpc_domain_name = include.root.inputs.vpc_domain_name +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } +} + +inputs = { + aws_account_id = local.account_id + cluster_endpoint_public_access = local.cluster_endpoint_public_access + cluster_name = local.cluster_name + cluster_version = local.cluster_version + creator = local.creator + eks_instance_disk_size = local.eks_instance_disk_size + eks_ng_desired_size = local.eks_ng_desired_size + eks_ng_max_size = local.eks_ng_max_size + eks_ng_min_size = local.eks_ng_min_size + eks_vpc_name = local.eks_vpc_name + enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions + os_username = local.creator + shared_vpc_label = local.environment_abbr + tags = local.tags +} diff --git a/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl new file mode 100644 index 0000000..8d2831c --- /dev/null +++ b/lab/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl @@ -0,0 +1,20 @@ +# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl + +# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + cluster_endpoint_public_access = true + cluster_name = "platform-eng-eks-mcm" + creator = "matthew.c.morgan@census.gov" + eks_instance_disk_size = 100 + eks_ng_desired_size = 2 + eks_ng_max_size = 10 + eks_ng_min_size = 0 + enable_cluster_creator_admin_permissions = true + terraform = true + terragrunt = true + tags = { + "slim:schedule" = "8:00-17:00" + "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" + } +} From 5863e680411a990f8a2a38364635ec2b157668b5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 18 Dec 2024 14:31:51 -0500 Subject: [PATCH 6/6] cleanup --- .../vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl | 1 - .../us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl index da0ea8b..d77ec8a 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl @@ -24,7 +24,6 @@ dependency "eks" { oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" security_group_all_worker_mgmt_id = "sg-00b0000000000000" subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - cluster_token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] vpc_id = "a-vpc-id" } } diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl index aa592a8..ba46766 100644 --- a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl +++ b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl @@ -5,7 +5,7 @@ include "root" { } terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=new_providers" + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { commands = get_terraform_commands_that_need_locking() arguments = ["-lock-timeout=20m"]