From 0424c37ce121a5c49bde7034d3ab602aef2faf75 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 20 Feb 2026 15:32:14 -0500 Subject: [PATCH 1/2] remove old clsuters --- .github/platform-tg-infra.code-workspace | 20 +- .github/prompts/socratic_planning.prompt.md | 105 ++++++++ .gitignore | 1 + .gitmodules | 16 +- Makefile | 30 +-- NOTES.md | 118 +++++++++ cluster-version.sh | 54 ++++ config.json | 66 +++-- docs/ARCHITECTURE.md | 6 +- docs/MODULE_RELEASE_PROCESS.md | 276 ++++++++++++++++++++ ent/dev/csvd-dev-mcm | 1 + ent/prod/eks-ois-eem-cribl-prod | 1 + lab/clusters/csvd-platform-lab-dja | 1 - lab/clusters/csvd-platform-lab-srn | 1 - lab/clusters/eks-ois-eem-cribl-prod | 1 - 15 files changed, 612 insertions(+), 85 deletions(-) create mode 100644 .github/prompts/socratic_planning.prompt.md create mode 100644 NOTES.md create mode 100755 cluster-version.sh create mode 100644 docs/MODULE_RELEASE_PROCESS.md create mode 160000 ent/dev/csvd-dev-mcm create mode 160000 ent/prod/eks-ois-eem-cribl-prod delete mode 160000 lab/clusters/csvd-platform-lab-dja delete mode 160000 lab/clusters/csvd-platform-lab-srn delete mode 160000 lab/clusters/eks-ois-eem-cribl-prod diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace index b9434ca..c5fca22 100644 --- a/.github/platform-tg-infra.code-workspace +++ b/.github/platform-tg-infra.code-workspace @@ -4,10 +4,6 @@ "name": "platform-tg-infra", "path": ".." }, - { - "name": "tfmod-cert-mgr", - "path": "../../tfmod-cert-mgr" - }, { "name": "tfmod-config-job", "path": "../../tfmod-config-job" @@ -16,6 +12,10 @@ "name": "tfmod-cribl", "path": "../../tfmod-cribl" }, + { + "name": "tfmod-cubestore", + "path": "../../tfmod-cubestore" + }, { "name": "tfmod-custom-iam-role-for-service-account-eks", "path": "../../tfmod-custom-iam-role-for-service-account-eks" @@ -77,8 +77,8 @@ "path": "../../tfmod-loki" }, { - "name": "tfmod-metrics-server", - "path": "../../tfmod-metrics-server" + "name": "tfmod-misp", + "path": "../../tfmod-misp" }, { "name": "tfmod-open-telemetry", @@ -101,16 +101,16 @@ "path": "../../tfmod-tempo" }, { + "name": "repo-setup", "path": "../../repo-setup" }, { + "name": "template-eks-cluster", "path": "../../template-eks-cluster" }, { - "path": "../../module-decomposition" - }, - { - "path": "../../csvd-platform-lab-srn" + "name": "terraform-eks-deployment", + "path": "../../terraform-eks-deployment" } ] } diff --git a/.github/prompts/socratic_planning.prompt.md b/.github/prompts/socratic_planning.prompt.md new file mode 100644 index 0000000..5172190 --- /dev/null +++ b/.github/prompts/socratic_planning.prompt.md @@ -0,0 +1,105 @@ +--- +agent: agent +--- +# Copilot Instructions: Iterative Socratic Planning Assistant + +## Role +You are a Socratic planning facilitator. Your purpose is to help users develop well-reasoned plans through guided questioning and iterative refinement, not by providing direct solutions. + +## Core Behavior + +### Always Begin With Questions +- Start by understanding the user's goal through open-ended questions +- Never jump to solutions or implementation details immediately +- Build context before making suggestions + +### Question Framework + +**Phase 1: Discovery** +- "What problem are you trying to solve?" +- "What does success look like for this plan?" +- "Who are the stakeholders or users?" +- "What's the broader context or motivation?" + +**Phase 2: Challenge Assumptions** +- "What assumptions are you making about [X]?" +- "Why do you believe [approach] will work?" +- "What alternatives have you considered?" +- "What constraints are real vs. perceived?" + +**Phase 3: Explore Context** +- "What resources or tools do you have available?" +- "What similar efforts have been attempted before?" +- "What dependencies or prerequisites exist?" +- "What timeline are you working with?" + +**Phase 4: Break Down Complexity** +- "What's the smallest first step?" +- "Which components are most critical?" +- "What would happen if we removed [element]?" +- "How would you prioritize these aspects?" + +**Phase 5: Test Logic** +- "How would you verify that assumption?" +- "What could go wrong with this approach?" +- "What evidence supports this direction?" +- "What would cause you to change course?" + +**Phase 6: Iterate** +- "Based on what we've discussed, what changes to your initial thinking?" +- "What have we learned that affects the plan?" +- "What questions remain unanswered?" + +## Response Guidelines + +### DO: +- Ask one or two focused questions per response +- Acknowledge user insights and build on them +- Point out contradictions gently: "Earlier you mentioned X, but now you're suggesting Y. How do these fit together?" +- Summarize understanding periodically: "So if I understand correctly..." +- Encourage the user to document their own conclusions + +### DON'T: +- Provide complete solutions unprompted +- Make decisions for the user +- Move to implementation before the plan is well-reasoned +- Ignore contradictions or logical gaps +- Rush through the discovery process + +## Iteration Pattern +1. User provides initial idea/plan +2. You ask clarifying questions +3. User responds +4. You probe deeper or challenge assumptions +5. User refines thinking +6. Repeat until plan is well-defined +7. Summarize key decisions and rationale + +## When to Shift from Questions to Assistance +Only after: +- Core goals are clearly defined +- Major assumptions have been validated or acknowledged +- User has explored alternatives +- Critical constraints are understood +- User explicitly requests implementation help + +Then you may say: "It sounds like you have a solid plan. Would you like help implementing [specific aspect]?" + +## Example Interaction Flow + +**User:** "I need to build a monitoring system." + +**You:** "Let's explore this together. What specific problems are you experiencing that led you to need monitoring? What are you hoping to observe or track?" + +**User:** [Explains issues] + +**You:** "I see. You mentioned [X]. What have you tried so far to address this? What monitoring tools or systems already exist in your environment?" + +**User:** [Provides context] + +**You:** "Interesting. What would success look like? How would you know the monitoring system is working effectively?" + +[Continue iterating...] + +## Remember +Your goal is to help users think through their plans thoroughly, not to think for them. The best outcome is when the user arrives at their own well-reasoned conclusions. diff --git a/.gitignore b/.gitignore index e99855b..8592de6 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,4 @@ terraform.rc backend.tf provider*.tf remote_state.backend.tf +terragrunt-debug.tfvars.json diff --git a/.gitmodules b/.gitmodules index 7ba89d3..2bd526f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,12 +1,6 @@ -[submodule "lab/clusters/csvd-platform-lab-mcm"] - path = lab/clusters/csvd-platform-lab-mcm - url = git@github.e.it.census.gov:sct-engineering/csvd-platform-lab-mcm -[submodule "lab/clusters/csvd-platform-lab-srn"] - path = lab/clusters/csvd-platform-lab-srn - url = git@github.e.it.census.gov:sct-engineering/csvd-platform-lab-srn -[submodule "lab/clusters/csvd-platform-lab-dja"] - path = lab/clusters/csvd-platform-lab-dja - url = git@github.e.it.census.gov:sct-engineering/csvd-platform-lab-dja -[submodule "lab/clusters/eks-ois-eem-cribl-prod"] - path = lab/clusters/eks-ois-eem-cribl-prod +[submodule "ent/prod/eks-ois-eem-cribl-prod"] + path = ent/prod/eks-ois-eem-cribl-prod url = git@github.e.it.census.gov:sct-engineering/eks-ois-eem-cribl-prod +[submodule "ent/dev/csvd-dev-mcm"] + path = ent/dev/csvd-dev-mcm + url = git@github.e.it.census.gov:sct-engineering/csvd-dev-mcm diff --git a/Makefile b/Makefile index 07c869a..8397377 100644 --- a/Makefile +++ b/Makefile @@ -2,12 +2,12 @@ # Default values ENV ?= development AWS_REGION ?= us-gov-east-1 -AWS_ACCOUNT_ID ?= 066921446319 -ACCOUNT_NAME ?= ent-ew-logging-prod -AWS_PROFILE ?= 066921446319-ent-gov-logging-prod -CLUSTER_NAME ?= eks-ois-eem-cribl-prod +AWS_ACCOUNT_ID ?= 224384469011 +ACCOUNT_NAME ?= lab-dev-gov +AWS_PROFILE ?= 224384469011-lab-dev-gov +CLUSTER_NAME ?= csvd-platform-lab-mcm REGION_DIR ?= us-gov-east-1 -CLUSTER_DIR ?= ois-eem-cribl-prod +CLUSTER_DIR ?= "lab/clusters/csvd-platform-lab-mcm" help: @echo "Available targets:" @@ -25,22 +25,6 @@ help: config: @echo "Loading configuration..." -# # Detect configuration files -# $(eval ACCOUNT_HCL=lab/$(ENV)/account.hcl) -# $(eval REGION_HCL=lab/$(ENV)/$(REGION_DIR)/region.hcl) -# $(eval CLUSTER_HCL=lab/$(ENV)/$(REGION_DIR)/vpc/$(CLUSTER_DIR)/cluster.hcl) - -# @if [ ! -f "$(ACCOUNT_HCL)" ]; then echo "Error: $(ACCOUNT_HCL) not found"; exit 1; fi -# @if [ ! -f "$(REGION_HCL)" ]; then echo "Error: $(REGION_HCL) not found"; exit 1; fi -# @if [ ! -f "$(CLUSTER_HCL)" ]; then echo "Error: $(CLUSTER_HCL) not found"; exit 1; fi - -# # Extract values from HCL files -# $(eval AWS_ACCOUNT_ID=$(shell grep -oP 'aws_account_id\s*=\s*"\K[^"]+' $(ACCOUNT_HCL))) -# $(eval ACCOUNT_NAME=$(shell grep -oP 'account_name\s*=\s*"\K[^"]+' $(ACCOUNT_HCL))) -# $(eval AWS_PROFILE=$(shell echo $(AWS_ACCOUNT_ID)-$(shell echo $(ACCOUNT_NAME) | sed 's/-ew/-gov/'))) -# $(eval AWS_REGION=$(shell grep -oP 'aws_region\s*=\s*"\K[^"]+' $(REGION_HCL))) -# $(eval CLUSTER_NAME=$(shell grep -oP 'cluster_name\s*=\s*"\K[^"]+' $(CLUSTER_HCL))) - # Calculate derived values $(eval REGION_SHORT=$(shell echo $(AWS_REGION) | sed 's/\([a-z]\)[a-z]*-/\1/g')) $(eval S3_BUCKET=v-s3-eks-$(CLUSTER_NAME)-artifacts-$(AWS_ACCOUNT_ID)-$(REGION_SHORT)) @@ -105,10 +89,10 @@ deploy-to-pipeline: config @echo "Copy buildspecs from tfmod-pipeline" mkdir -p ./buildspecs - cp -r ../tfmod-pipeline/buildspecs/* ./buildspecs + cp -r /apps/terraform/workspaces/morga471/terraform/tfmod-pipeline/buildspecs/* ./buildspecs @echo "Creating zip file..." - zip -r platform-tg-infra.zip . -x "*.git*" "*.github*" "*.terragrunt-cache*" "*.terraform*" + zip -r platform-tg-infra.zip buildspecs $(CLUSTER_DIR) -x "*.git*" "*.github*" "*.terragrunt-cache*" "*.terraform*" rm -rf ./buildspecs diff --git a/NOTES.md b/NOTES.md new file mode 100644 index 0000000..d9065d9 --- /dev/null +++ b/NOTES.md @@ -0,0 +1,118 @@ +# NOTES.md + +```json +{ + "body": { + "project_name": "eks-ois-cribl-prod", + "owning_team": "tf-module-admins", + "template_settings": { + "environment": "production", + "region": "us-gov-east-1", + "cluster_dir": "eks-ois-cribl-prod", + "enable_all_modules": true, + "account": { + "account_name": "ent-ew-logging-prod", + "aws_account_id": "066921446319", + "aws_profile": "066921446319-ent-gov-logging-prod", + "environment_abbr": "prod" + }, + "vpc": { + "vpc_name": "vpc1-inf-services", + "vpc_domain_name": "services.inf.csp1.census.gov" + }, + "cluster": { + "cluster_name": "eks-ois-cribl-prod", + "cluster_mailing_list": "ois.acmt.list@census.gov", + "eks_instance_disk_size": 200, + "eks_ng_desired_size": 2, + "eks_ng_max_size": 2, + "eks_ng_min_size": 2, + "organization": "CHANGEME", + "finops_project_name": "CHANGEME", + "finops_project_number": "CHANGEME", + "finops_project_role": "CHANGEME", + "tags": { + "slim:schedule": "CHANGEME", + "environment": "production", + "owner": "OIS Security Engineering", + "managed_by": "terragrunt" + } + } + } + } +} +``` + +## EKS Cluster Deployment Instructions + +The above config.json contains placeholders that need to be replaced with actual values before deployment. + +### FYI +- csvd-platform-lab-mcm and csvd-platform-lab-srn clusters are provisioned and ready +- The dja cluster has been destroyed but files/repo remain + +### Step 1: Merge Required PRs +Ensure these PRs are merged before proceeding: +- **Platform Infrastructure PR**: https://github.e.it.census.gov/SCT-Engineering/platform-tg-infra/pull/24 + - This adds submodules for provisioned clusters +- **Cluster Repository PR**: https://github.e.it.census.gov/SCT-Engineering/eks-ois-eem-cribl-prod/pull/1 + - This updates the main branch for the cluster + +### Step 2: Update Submodules and Navigate to Cluster +```bash +git submodule update +cd lab/clusters/eks-ois-eem-cribl-prod/ +``` +*Note: If the cluster folder is empty, verify that the cluster repository PR above has been merged.* + +### Step 3: Update Configuration with Actual Values +Replace all "CHANGEME" placeholders in config.json with the actual values: +- `organization` +- `finops_project_name` +- `finops_project_number` +- `finops_project_role` +- `slim:schedule` (in tags) + +### Step 4: Regenerate Files with Ansible +```bash +# Install ansible if not already installed +pip install ansible + +# Generate HCL files from updated config +ansible-playbook ansible/generate_hcl_files.yml -e config_file=../config.json +``` + +### Step 5: Commit and Push Changes +```bash +# Review the changes +git diff + +# Stage all changes +git add . + +# Create a new branch +git checkout -b change + +# Commit changes +git commit -m "updated finops codes and regenerated files" + +# Push to remote +git push +``` + +### Step 6: Create and Merge PR +1. Open a Pull Request with the changes +2. Review the changes in the PR +3. Get approval and merge the PR + +### Step 7: Deploy Infrastructure +```bash +# Navigate back to cluster root +cd lab/clusters/eks-ois-eem-cribl-prod/ + +# Apply Terragrunt configuration +terragrunt run-all apply +``` + +### Questions? +Contact me via cell phone for any questions or issues. diff --git a/cluster-version.sh b/cluster-version.sh new file mode 100755 index 0000000..85f271b --- /dev/null +++ b/cluster-version.sh @@ -0,0 +1,54 @@ +#! /bin/bash + +# execute with ./cluster-version.sh CLUSTERNAME +# this is a script to query an aws eks cluster and return the following information: +# - cluster version +# - node image version +# - addon versions +# - latest available version of each addon +# - for each running pod in the cluster: +# - namespace +# - pod name +# - container image registry +# - container image repo +# - container image tag + +# get cluster version +CLUSTERNAME=$1 +echo "Cluster Name: $CLUSTERNAME" +echo "Cluster Version:" +aws eks describe-cluster --name $CLUSTERNAME --query "cluster.version" --output text +echo "" +# get node image version +echo "Node Image Version:" +aws eks describe-nodegroup --cluster-name $CLUSTERNAME --nodegroup-name --query "nodegroup.releaseVersion" --output text +echo "" +# get addon versions +echo "Addon Versions:" +aws eks list-addons --cluster-name $CLUSTERNAME --query "addons[]" --output text | while read addon; do + current_version=$(aws eks describe-addon --cluster-name $CLUSTERNAME --addon-name $addon --query "addon.addonVersion" --output text) + latest_version=$(aws eks describe-addon-versions --addon-name $addon --query "addons[0].addonVersions[-1].addonVersion" --output text) + echo "Addon: $addon" + echo " Current Version: $current_version" + echo " Latest Available Version: $latest_version" +done +echo "" +# get pod container image details +echo "Pod Container Image Details:" +kubectl get pods --all-namespaces -o json | jq -r '.items[] | .metadata.namespace as $ns | .metadata.name as $pod | .spec.containers[] | "\($ns) \($pod) \(.image)"' | while read namespace pod image; do + registry=$(echo $image | awk -F'/' '{if (NF>2) print $1; else print "unknown"}') + repo_tag=$(echo $image | awk -F'/' '{if (NF>2) {for (i=2;i<=NF;i++) printf $i"/";} else {for (i=1;i<=NF;i++) printf $i"/";}}' | sed 's:/$::') + repo=$(echo $repo_tag | awk -F':' '{print $1}') + tag=$(echo $repo_tag | awk -F':' '{if (NF>1) print $2; else print "unknown"}') + echo "Namespace: $namespace" + echo "Pod Name: $pod" + echo " Image Registry: $registry" + echo " Image Repo: $repo" + echo " Image Tag: $tag" +done +echo "" + + +# Note: Replace with the actual node group name of your EKS cluster. +# Note: This script requires AWS CLI, kubectl, and jq to be installed and configured. +# Note: Ensure you have the necessary permissions to access EKS cluster details and pods. diff --git a/config.json b/config.json index 907dcb8..619228e 100644 --- a/config.json +++ b/config.json @@ -1,40 +1,34 @@ { - "body": { - "project_name": "eks-ois-eem-cribl-prod", - "owning_team": "tf-module-admins", - "template_settings": { - "environment": "production", - "region": "us-gov-east-1", - "cluster_dir": "ois-eem-cribl-prod", - "enable_all_modules": true, - "account": { - "account_name": "ent-ew-logging-prod", - "aws_account_id": "066921446319", - "aws_profile": "066921446319-ent-gov-logging-prod", - "environment_abbr": "prod" - }, - "vpc": { - "vpc_name": "vpc1-inf-services", - "vpc_domain_name": "services.inf.csp1.census.gov" - }, - "cluster": { - "cluster_name": "ois-eem-cribl-prod", - "cluster_mailing_list": "ois.acmt.list@census.gov", - "eks_instance_disk_size": 200, - "eks_ng_desired_size": 2, - "eks_ng_max_size": 2, - "eks_ng_min_size": 2, - "organization": "CHANGEME", - "finops_project_name": "CHANGEME", - "finops_project_number": "CHANGEME", - "finops_project_role": "CHANGEME", - "tags": { - "slim:schedule": "CHANGEME", - "environment": "production", - "owner": "OIS Security Engineering", - "managed_by": "terragrunt" - } - } + "environment": "development", + "region": "us-gov-east-1", + "cluster_dir": "csvd-platform-lab-mcm", + "enable_all_modules": true, + "account": { + "account_name": "lab-dev-gov", + "aws_account_id": "224384469011", + "aws_profile": "224384469011-lab-dev-gov", + "environment_abbr": "dev" + }, + "vpc": { + "vpc_name": "vpc3-lab-dev", + "vpc_domain_name": "dev.lab.csp2.census.gov" + }, + "cluster": { + "cluster_name": "csvd-platform-lab-mcm", + "cluster_mailing_list": "matthew.c.morgan@census.gov", + "eks_instance_disk_size": 200, + "eks_ng_desired_size": 2, + "eks_ng_max_size": 2, + "eks_ng_min_size": 2, + "organization": "census:ocio:csvd", + "finops_project_name": "csvd_platformbaseline", + "finops_project_number": "fs0000000078", + "finops_project_role": "csvd_platformbaseline_eks", + "tags": { + "slim:schedule": "8:00-17:00", + "environment": "development", + "owner": "matthew.c.morgan@census.gov", + "managed_by": "terragrunt" } } } diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md index 8ea6c67..aa6d168 100644 --- a/docs/ARCHITECTURE.md +++ b/docs/ARCHITECTURE.md @@ -31,6 +31,7 @@ graph TD MONITORING --> GRAFANA[Grafana] MONITORING --> LOKI[Loki Log Aggregation] MONITORING --> TEMPO[Tempo Tracing] + MONITORING --> OPENTELEMETRY[OpenTelemetry] %% Additional Services EKS --> DASHBOARD[Kubernetes Dashboard] @@ -51,13 +52,12 @@ graph TD class VPC,EKS,EKS_CONFIG core class CERT_MGR,GATEKEEPER,IAM security - class PROMETHEUS,GRAFANA,LOKI,TEMPO monitoring + class PROMETHEUS,GRAFANA,LOKI,TEMPO,OPENTELEMETRY monitoring ``` ## Component Descriptions ### Core Infrastructure -- **VPC Module**: Network foundation with public/private subnets - **EKS Cluster**: Managed Kubernetes service - **Karpenter**: Autoscaling node management - **DNS Module**: Route53 DNS management @@ -77,6 +77,8 @@ graph TD - **Grafana**: Metrics visualization - **Loki**: Log aggregation - **Tempo**: Distributed tracing +- **Cribl**: Observability pipeline for logs and metrics +- **OpenTelemetry**: Collection of telemetry data (traces, metrics, logs) ### Additional Services - **Kubernetes Dashboard**: Cluster management UI diff --git a/docs/MODULE_RELEASE_PROCESS.md b/docs/MODULE_RELEASE_PROCESS.md new file mode 100644 index 0000000..bcd6870 --- /dev/null +++ b/docs/MODULE_RELEASE_PROCESS.md @@ -0,0 +1,276 @@ +# Module Release Process + +## Overview + +This document describes the automated release workflow for Terraform modules and how versions are coordinated across the platform. + +## Release Workflow + +### Individual Module Release + +Each module repository follows an automated release process: + +1. **Development** - Make changes on feature branch +2. **Pull Request** - Open PR to `main` branch +3. **Review & Merge** - PR approved and merged +4. **Automated Tagging** - GitHub Action creates version tag +5. **Release Notes** - Auto-generated from PR metadata + +### Automated Tagging + +When a PR is merged to `main`: +- CI/CD pipeline analyzes commit messages +- Determines version bump (MAJOR.MINOR.PATCH) +- Creates and pushes GitHub tag +- Example: `v1.2.3` + +### Version Determination + +The automation follows semantic versioning based on commit prefixes: + +```bash +# PATCH bump (1.2.3 → 1.2.4) +fix: correct validation logic +chore: update dependencies + +# MINOR bump (1.2.3 → 1.3.0) +feat: add new input variable +feat: support additional ports + +# MAJOR bump (1.2.3 → 2.0.0) +feat!: change resource naming convention +BREAKING CHANGE: remove deprecated variables +``` + +## Module Examples + +### Single Module Release + +```bash +# tfmod-istio-service-ingress repository +# PR #42: "feat: add name length validation" +# Merged → Auto-tagged as v0.2.0 +``` + +Module repository structure: +``` +tfmod-istio-service-ingress/ +├── .github/ +│ └── workflows/ +│ └── release.yml # Automated tagging workflow +├── main.tf +├── variables.tf +├── README.md +└── CHANGELOG.md # Auto-updated +``` + +### Multi-Module Release Cycle + +For platform-wide releases involving multiple modules: + +```bash +# Release 1.5.0 preparation +tfmod-istio-service-ingress → v0.2.0 +tfmod-eks-configuration → v1.3.1 +tfmod-gatekeeper → v2.1.0 +tfmod-prometheus → v3.0.0 +``` + +## Coordinating Platform Releases + +### Default Versions Map + +After individual modules are released, update the centralized version map: + +**File:** `template-eks-cluster/_envcommon/default_versions.tf` + +```hcl +# filepath: template-eks-cluster/_envcommon/default_versions.tf +locals { + default_module_versions = { + # Core Infrastructure + "tfmod-eks" = "v2.5.0" + "tfmod-eks-configuration" = "v1.3.1" # Updated + "tfmod-eks-dns" = "v1.2.0" + + # Service Mesh & Networking + "tfmod-istio" = "v1.8.0" + "tfmod-istio-service-ingress" = "v0.2.0" # Updated + "tfmod-kiali" = "v1.1.0" + + # Security & Policy + "tfmod-gatekeeper" = "v2.1.0" # Updated + "tfmod-keycloak" = "v1.4.0" + + # Observability + "tfmod-prometheus" = "v3.0.0" # Updated + "tfmod-grafana" = "v2.2.0" + "tfmod-loki" = "v1.5.0" + "tfmod-tempo" = "v1.3.0" + + # Data & Storage + "tfmod-postgresql" = "v1.6.0" + "tfmod-cubestore" = "v1.1.0" + } +} +``` + +### Update Process + +1. **Verify Module Tags** + ```bash + # Check each module has been tagged + git ls-remote --tags https://github.com/org/tfmod-istio-service-ingress + ``` + +2. **Update Version Map** + ```bash + cd template-eks-cluster/_envcommon + # Edit default_versions.tf + # Update module versions + ``` + +3. **Create Platform Release PR** + ```bash + git checkout -b release/platform-1.5.0 + git add default_versions.tf + git commit -m "chore: update module versions for platform 1.5.0" + git push origin release/platform-1.5.0 + # Open PR + ``` + +4. **Document Changes** + Create release notes in PR description: + ```markdown + ## Platform Release 1.5.0 + + ### Updated Modules + - tfmod-istio-service-ingress v0.2.0 + - Added name length validation + - tfmod-eks-configuration v1.3.1 + - Fixed DNS configuration bug + - tfmod-gatekeeper v2.1.0 + - Added new policy templates + - tfmod-prometheus v3.0.0 + - BREAKING: Updated CRD versions + + ### Migration Notes + See [UPGRADE_GUIDE.md](./UPGRADE_GUIDE.md) + ``` + +## Release Checklist + +### Pre-Release (Per Module) +- [ ] All tests passing +- [ ] README.md updated +- [ ] Breaking changes documented +- [ ] Migration guide created (if needed) +- [ ] Changelog reviewed + +### Release (Automated) +- [ ] PR approved by required reviewers +- [ ] PR merged to main +- [ ] GitHub tag created automatically +- [ ] Release notes generated + +### Post-Release (Platform) +- [ ] Version added to `default_versions.tf` +- [ ] Integration tests run +- [ ] Documentation portal updated +- [ ] Team notified + +## Version Pinning in Modules + +### Recommended Pattern +```hcl +# Consumer of tfmod-istio-service-ingress +module "ingress" { + source = "git::https://github.com/org/tfmod-istio-service-ingress.git?ref=v0.2.0" + # OR use version from default_versions.tf + # source = "git::...?ref=${local.default_module_versions["tfmod-istio-service-ingress"]}" + + public_hostname = "dashboard" + # ... +} +``` + +### Version Selection Strategy +```hcl +locals { + # Override default versions when needed + module_versions = merge( + local.default_module_versions, + { + # Test pre-release version + "tfmod-istio-service-ingress" = "v0.3.0-beta.1" + } + ) +} +``` + +## Rollback Procedures + +### Module Rollback +If a module release has issues: + +```bash +# Consumers can pin to previous version +module "ingress" { + source = "git::...?ref=v0.1.2" # Rollback from v0.2.0 +} +``` + +### Platform Version Rollback +Update `default_versions.tf`: + +```hcl +locals { + default_module_versions = { + "tfmod-istio-service-ingress" = "v0.1.2" # Reverted + } +} +``` + +## Troubleshooting + +### Tag Not Created +```bash +# Check GitHub Actions workflow +# Verify commit message format +# Check repository permissions +``` + +### Version Conflict +```bash +# Two modules with incompatible versions +# Review breaking changes +# Coordinate updates across modules +``` + +### Failed Integration Test +```bash +# Rollback problematic module +# Update default_versions.tf +# Rerun integration tests +``` + +## Best Practices + +1. **Single Responsibility** - One feature per PR/release +2. **Descriptive Commits** - Use conventional commit format +3. **Test Coverage** - Verify changes before merge +4. **Breaking Changes** - Document thoroughly with migration guides +5. **Coordinated Releases** - Update `default_versions.tf` atomically +6. **Version Pinning** - Always pin in production environments + +## Related Documentation + +- [Version Control Standards](./VERSION_CONTROL.md) +- [Semantic Versioning](https://semver.org/) +- [Conventional Commits](https://www.conventionalcommits.org/) + +## Support + +For questions about the release process: +- Platform team Slack channel +- Create issue in `platform-tg-infra` repository diff --git a/ent/dev/csvd-dev-mcm b/ent/dev/csvd-dev-mcm new file mode 160000 index 0000000..e22b082 --- /dev/null +++ b/ent/dev/csvd-dev-mcm @@ -0,0 +1 @@ +Subproject commit e22b08258e5f8da4e36c6697dc09175f85582fda diff --git a/ent/prod/eks-ois-eem-cribl-prod b/ent/prod/eks-ois-eem-cribl-prod new file mode 160000 index 0000000..7d3ef93 --- /dev/null +++ b/ent/prod/eks-ois-eem-cribl-prod @@ -0,0 +1 @@ +Subproject commit 7d3ef93b3255373998c4a96a7e7a34e961704d41 diff --git a/lab/clusters/csvd-platform-lab-dja b/lab/clusters/csvd-platform-lab-dja deleted file mode 160000 index 16c1db3..0000000 --- a/lab/clusters/csvd-platform-lab-dja +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 16c1db3c97392516efc173be6a155f370f336df3 diff --git a/lab/clusters/csvd-platform-lab-srn b/lab/clusters/csvd-platform-lab-srn deleted file mode 160000 index 65a48f8..0000000 --- a/lab/clusters/csvd-platform-lab-srn +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 65a48f80acfb07392098ba2505a6077c2738aee5 diff --git a/lab/clusters/eks-ois-eem-cribl-prod b/lab/clusters/eks-ois-eem-cribl-prod deleted file mode 160000 index 79e3527..0000000 --- a/lab/clusters/eks-ois-eem-cribl-prod +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 79e3527137e8856709f00643db56de0e055763e3 From 10cee0ce3a85d4e8c8050c8aed42ef86b962f7da Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 18 Mar 2026 19:13:52 -0400 Subject: [PATCH 2/2] cleanup test clusters --- .github/platform-tg-infra.code-workspace | 3 +++ .gitmodules | 6 ++++++ docs/MODULE_ORDER.md | 16 ++++++++++++++++ lab/clusters/csvd-platform-lab-mcm | 1 - 4 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 docs/MODULE_ORDER.md delete mode 160000 lab/clusters/csvd-platform-lab-mcm diff --git a/.github/platform-tg-infra.code-workspace b/.github/platform-tg-infra.code-workspace index c5fca22..6ae8f42 100644 --- a/.github/platform-tg-infra.code-workspace +++ b/.github/platform-tg-infra.code-workspace @@ -111,6 +111,9 @@ { "name": "terraform-eks-deployment", "path": "../../terraform-eks-deployment" + }, + { + "path": "../../terraform-github-repo" } ] } diff --git a/.gitmodules b/.gitmodules index 2bd526f..5cf0d52 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,9 @@ [submodule "ent/dev/csvd-dev-mcm"] path = ent/dev/csvd-dev-mcm url = git@github.e.it.census.gov:sct-engineering/csvd-dev-mcm +[submodule "ent/dev/adsd-tools-dev"] + path = ent/dev/adsd-tools-dev + url = git@github.e.it.census.gov:sct-engineering/adsd-tools-dev +[submodule "ent/dev/csvd-mcm-common"] + path = ent/dev/csvd-mcm-common + url = git@github.e.it.census.gov:sct-engineering/csvd-mcm-common \ No newline at end of file diff --git a/docs/MODULE_ORDER.md b/docs/MODULE_ORDER.md new file mode 100644 index 0000000..695b853 --- /dev/null +++ b/docs/MODULE_ORDER.md @@ -0,0 +1,16 @@ +- Unit ./eks +- Unit ./eks-karpenter +- Unit ./eks-config +- Unit ./eks-loki +- Unit ./eks-prometheus +- Unit ./eks-tempo +- Unit ./eks-otel +- Unit ./eks-istio +- Unit ./eks-dns +- Unit ./eks-grafana +- Unit ./eks-keycloak +- Unit ./eks-kiali +- Unit ./eks-gatekeeper + + + diff --git a/lab/clusters/csvd-platform-lab-mcm b/lab/clusters/csvd-platform-lab-mcm deleted file mode 160000 index a732eea..0000000 --- a/lab/clusters/csvd-platform-lab-mcm +++ /dev/null @@ -1 +0,0 @@ -Subproject commit a732eeaa885f4dfb3b42bbbbe058360c2e9d96d3