SCT-Engineering · patel385 · Feb 21, 2025 · Jan 27, 2025 · Jan 28, 2025 · Jan 28, 2025
diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace
@@ -0,0 +1,81 @@
+{
+	"folders": [
+		{
+			"name": "platform-tg-infra",
+			"path": "../"
+		},
+		{
+			"name": "tfmod-cert-mgr",
+			"path": "../../tfmod-cert-mgr"
+		},
+		{
+			"name": "tfmod-config-job",
+			"path": "../../tfmod-config-job"
+		},
+		{
+			"name": "tfmod-custom-iam-role-for-service-account-eks",
+			"path": "../../tfmod-custom-iam-role-for-service-account-eks"
+		},
+		{
+			"name": "tfmod-eks",
+			"path": "../../tfmod-eks"
+		},
+		{
+			"name": "tfmod-eks-configuration",
+			"path": "../../tfmod-eks-configuration"
+		},
+		{
+			"name": "tfmod-eks-dns",
+			"path": "../../tfmod-eks-dns"
+		},
+		{
+			"name": "tfmod-grafana",
+			"path": "../../tfmod-grafana"
+		},
+		{
+			"name": "tfmod-istio",
+			"path": "../../tfmod-istio"
+		},
+		{
+			"name": "tfmod-istio-service-ingress",
+			"path": "../../tfmod-istio-service-ingress"
+		},
+		{
+			"name": "tfmod-k8s-dashboard",
+			"path": "../../tfmod-k8s-dashboard"
+		},
+		{
+			"name": "tfmod-karpenter",
+			"path": "../../tfmod-karpenter"
+		},
+		{
+			"name": "tfmod-kiali",
+			"path": "../../tfmod-kiali"
+		},
+		{
+			"name": "tfmod-loki",
+			"path": "../../tfmod-loki"
+		},
+		{
+			"name": "tfmod-metrics-server",
+			"path": "../../tfmod-metrics-server"
+		},
+		{
+			"name": "tfmod-prometheus",
+			"path": "../../tfmod-prometheus"
+		},
+		{
+			"name": "tfmod-tempo",
+			"path": "../../tfmod-tempo"
+		},
+		{
+			"path": "../../terraform-aws-eks"
+		},
+		{
+			"path": "../../karpenter-provider-aws"
+		},
+		{
+			"path": "../../terragrunt"
+		}
+	]
+}
diff --git a/Makefile b/Makefile
@@ -0,0 +1,35 @@
+.PHONY: help init validate plan fmt check clean
+
+help:
+	@echo "Available targets:"
+	@echo "  init      - Initialize Terragrunt configurations"
+	@echo "  validate  - Validate all Terragrunt configurations"
+	@echo "  plan      - Run plan in dry-run mode across all configurations"
+	@echo "  fmt       - Format HCL files"
+	@echo "  check     - Run all checks (format, validate, plan)"
+	@echo "  clean     - Clean up Terragrunt cache and temporary files"
+
+init:
+	@echo "Initializing Terragrunt configurations..."
+	terragrunt run-all init
+
+validate:
+	@echo "Validating Terragrunt configurations..."
+	terragrunt run-all validate
+
+plan:
+	@echo "Running plan in dry-run mode..."
+	terragrunt run-all plan --terragrunt-non-interactive
+
+fmt:
+	@echo "Formatting HCL files..."
+	find . -type f -name "*.hcl" -exec terragrunt hclfmt {} \;
+
+check: fmt validate plan
+	@echo "All checks completed"
+
+clean:
+	@echo "Cleaning Terragrunt cache..."
+	find . -type d -name ".terragrunt-cache" -exec rm -rf {} +
+	find . -type f -name ".terraform.lock.hcl" -delete
+	find . -type f -name "terragrunt-debug.tfvars.json" -delete
diff --git a/lab/_envcommon/common-variables.hcl b/lab/_envcommon/common-variables.hcl
@@ -12,8 +12,6 @@ locals {
   project_role        = "csvd_platformbaseline_app"
   state_bucket_prefix = "inf-tfstate"
   state_table_name    = "tf_remote_state"
-  terraform           = true
-  terragrunt          = true
   route53_endpoints = {
     route53_main = {
       "account_id"    = "269244441389"

diff --git a/lab/_envcommon/default-versions.hcl b/lab/_envcommon/default-versions.hcl
@@ -6,9 +6,9 @@ locals {
   #####################
   cluster_version            = "1.31"
   custom_service_eks_account = "${local.release_version}"
-  eks_module_version         = "20.31.1"
+  eks_module_version         = "20.33.1"
   istio_ingress_version      = "${local.release_version}"
-  release_version            = "0.1.1"
+  release_version            = "main" # change to main when testing updated modules
 
   #####################
   # TF Providers
@@ -29,7 +29,7 @@ locals {
   ################
   # k8s-dashboard
   ################
-  dashboard_hostname            = "dashboard"
+  dashboard_hostname            = "k8s-dashboard"
   k8s_dashboard_metrics_scraper = "1.0.8"
   k8s_dashboard_version         = "6.0.6"
 
@@ -47,14 +47,16 @@ locals {
   ################
   # Istio
   ################
-  istio_version = "1.24.2"
+  istio_namespace = "istio-system"
+  istio_version   = "1.24.2"
 
   ################
   # Grafana
   ################
   download_dashboards_image_tag = "7.85.0"
   grafana_chart_version         = "8.8.5"
   grafana_hostname              = "grafana"
+  grafana_namespace             = "grafana"
   grafana_tag                   = "11.4.0"
   init_chown_data_image_tag     = "1.31.1"
 
@@ -92,6 +94,7 @@ locals {
   # Prometheus
   ################
   prometheus_chart_version       = "25.26.0"
+  prometheus_namespace           = "prometheus"
   prometheus_server_tag          = "v2.54.0"
   prometheus_config_reloader_tag = "v0.75.2"
   alertmanager_tag               = "v0.27.0"
@@ -103,5 +106,6 @@ locals {
   # Tempo
   ################
   tempo_chart_version = "1.18.1"
+  tempo_namespace     = "tempo"
   tempo_tag           = "2.7.0"
 }
diff --git a/lab/_envcommon/helm-provider.hcl b/lab/_envcommon/helm-provider.hcl
diff --git a/lab/_envcommon/kube-provider.hcl b/lab/_envcommon/kube-provider.hcl
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
@@ -1,21 +1,28 @@
-# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl
-
-# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root
-# terragrunt.hcl configuration.
 locals {
+  # Cluster specific configuration
   cluster_endpoint_public_access           = true
   cluster_name                             = "platform-eng-eks-mcm"
-  created_reason                           = "Terragrunt Development for CICD Delivered EKS Platform"
-  creator                                  = "matthew.c.morgan@census.gov"
+  cluster_mailing_list                     = "matthew.c.morgan@census.gov"
   eks_instance_disk_size                   = 100
   eks_ng_desired_size                      = 2
   eks_ng_max_size                          = 10
   eks_ng_min_size                          = 0
   enable_cluster_creator_admin_permissions = true
-  terraform                                = true
-  terragrunt                               = true
   tags = {
     "slim:schedule" = "8:00-17:00"
     "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
   }
+
+  # Common configuration
+  common_retry_args = {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+
+  common_dependencies = ["../eks", "../eks-config"]
+
+  common_mock_eks = {
+    cluster_name      = "mock-cluster"
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+  }
 }
diff --git a/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl
@@ -6,36 +6,51 @@ include "root" {
 
 terraform {
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
+
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
-    arguments = ["-lock-timeout=20m"]
+    arguments = ["-lock-timeout=20s"]
   }
 }
 
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-karpenter"
+  ]
+}
+
 dependency "eks" {
-  config_path = "../eks"
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
   mock_outputs = {
-    cluster_name      = "a-cluster-name"
-    oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA"
+    cluster_name      = include.root.inputs.cluster_name
+    oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    cluster_endpoint  = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_version   = include.root.inputs.cluster_version
   }
 }
 
-dependency "eks_config" {
-  config_path  = "../eks-config"
-  skip_outputs = true
-}
-
 inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Cluster Configuration
+  cluster_name         = dependency.eks.outputs.cluster_name
+  cluster_mailing_list = include.root.inputs.cluster_mailing_list
+  oidc_provider_arn    = dependency.eks.outputs.oidc_provider_arn
+
+  # Cert Manager Configuration
+  cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart
+  cluster_issuer_name     = include.root.inputs.cluster_issuer_name
+
+  # Version Tags
   cert_manager_cainjector_tag      = include.root.inputs.cert_manager_cainjector_tag
   cert_manager_controller_tag      = include.root.inputs.cert_manager_controller_tag
-  cert_manager_helm_chart          = include.root.inputs.cert_manager_helm_chart
   cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag
   cert_manager_webhook_tag         = include.root.inputs.cert_manager_webhook_tag
-  cluster_issuer_name              = include.root.inputs.cluster_issuer_name
-  cluster_mailing_list             = dependency.eks.inputs.creator
-  cluster_name                     = dependency.eks.outputs.cluster_name
-  oidc_provider_arn                = dependency.eks.outputs.oidc_provider_arn
-  profile                          = include.root.inputs.aws_profile
-  region                           = include.root.inputs.aws_region
-  release_version                  = include.root.inputs.release_version
 }