Mcm cluster

.gitignore

@@ -0,0 +1,42 @@
+# Local .terraform directories
+**/.terraform/*
+
+# terraform lock file.
+**/.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data,
+# such as password, private keys, and other secrets. These should not be
+# part of version control as they are data points which are potentially
+# sensitive and subject to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources
+# locally and so are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# include tg stuff
+.terragrunt-cache/
+backend.tf
+provider*.tf

lab/us-gov-east-1/vpc/cluster/eks-config/terragrunt.hcl

@@ -26,7 +26,7 @@ locals {
 }
 
 terraform {
-  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=1.0.2"
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]

lab/us-gov-east-1/vpc/cluster/eks-loki/terragrunt.hcl

@@ -1,5 +1,5 @@
 terraform {
-  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git"
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3"
   extra_arguments "retry_lock" {
     commands  = get_terraform_commands_that_need_locking()
     arguments = ["-lock-timeout=20m"]

lab/us-gov-east-1/vpc/mcmCluster/eks-cert-manager/terragrunt.hcl

@@ -0,0 +1,23 @@
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+dependency "eks-config" {
+  config_path = "../eks-config"
+}
+dependency "eks-istio" {
+  config_path = "../eks-istio"
+}
+
+inputs = {
+  cluster_name     = dependency.eks.inputs.cluster_name
+  profile          = dependency.eks.inputs.profile
+  contact_email    = dependency.eks.inputs.creator
+}

lab/us-gov-east-1/vpc/mcmCluster/eks-config/terragrunt.hcl

@@ -0,0 +1,66 @@
+locals {
+  tag_costallocation                              = "census:csvd:platformbaseline"
+  region                                          = "us-gov-east-1"
+  tags = {
+      "eks-cluster-name"      = "platform-eng-eks-mcm"
+      "CostAllocation"        = "census:csvd:platformbaseline"
+      "boc:tf_module_version" = "1.0.0"
+      "boc:created_by"        = "terraform"
+  }
+}
+
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=lokiv3"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  cluster_autoscaler_role_name                    = dependency.eks.outputs.cluster_autoscaler_role_name
+  subnets                                         = dependency.eks.outputs.subnets
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  tags                                            = local.tags
+  tag_costallocation                              = local.tag_costallocation
+  region                                          = local.region
+}
+
+generate "provider-eks" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+data "aws_eks_cluster" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+provider "kubernetes" {
+  host = data.aws_eks_cluster.cluster.endpoint
+
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host = data.aws_eks_cluster.cluster.endpoint
+
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
+EOF
+}

lab/us-gov-east-1/vpc/mcmCluster/eks-istio/providers.tf

@@ -0,0 +1,30 @@
+
+
+provider "aws" {
+  profile = var.profile
+  region  = var.region
+}
+
+data "aws_eks_cluster" "cluster" {
+  name = var.cluster_name
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = var.cluster_name
+}
+
+provider "kubernetes" {
+  host = data.aws_eks_cluster.cluster.endpoint
+
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host = data.aws_eks_cluster.cluster.endpoint
+
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}

lab/us-gov-east-1/vpc/mcmCluster/eks-istio/terragrunt.hcl

@@ -0,0 +1,22 @@
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=1.0.4"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+dependency "eks-config" {
+  config_path = "../eks-config"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  region                                          = dependency.eks.inputs.region
+  istio_chart_version                             = "1.22.1"
+  istio_version                                   = "1.22.1"
+}

lab/us-gov-east-1/vpc/mcmCluster/eks-loki/terragrunt.hcl

@@ -0,0 +1,54 @@
+terraform {
+  source      = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=lokiv3"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+dependency "eks" {
+  config_path = "../eks"
+}
+dependency "eks-config" {
+  config_path = "../eks-config"
+}
+dependency "eks-istio" {
+  config_path = "../eks-istio"
+}
+
+inputs = {
+  profile                                         = dependency.eks.inputs.profile
+  cluster_name                                    = dependency.eks.inputs.cluster_name
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  region                                          = dependency.eks.inputs.region
+}
+
+generate "provider-eks" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+data "aws_eks_cluster" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = "${dependency.eks.inputs.cluster_name}"
+}
+
+provider "kubernetes" {
+  host = data.aws_eks_cluster.cluster.endpoint
+
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host = data.aws_eks_cluster.cluster.endpoint
+
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
+EOF
+}

lab/us-gov-east-1/vpc/mcmCluster/eks/terragrunt.hcl

@@ -0,0 +1,81 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+locals {
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  # In which AWS region are operations being performed
+  vpc_name                                 = "vpc3-lab-dev"
+  cluster_name                             = "platform-eng-eks-mcm"
+  cluster_version                          = "1.30"
+  domain                                   = "dev.lab.csp2.census.gov"
+  eks_instance_disk_size                   = 60
+  eks_vpc_name                             = "vpc3-lab-dev"
+  eks_ng_desired_size                      = 1
+  eks_ng_max_size                          = 10
+  eks_ng_min_size                          = 1
+  operators_ns                             = "operators"
+  enable_cluster_creator_admin_permissions = true
+  cluster_endpoint_public_access           = true
+  profile                                  = "224384469011-lab-dev-gov"
+  region                                   = local.region_vars.locals.aws_region
+  cluster_mailing_list                     = "matthew.c.morgan@census.gov"
+
+  # Tags applied to AWS objects created
+  tags = {
+    "Environment"   = "dev"
+    "slim:schedule" = "8:00-17:00"
+    "cluster:size"  = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}"
+  }
+
+  aws_auth_roles = [
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/r-inf-terraform"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    },
+    {
+      rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      aws_rolename : ""
+      username : "admin"
+      groups = ["system:masters"]
+    }
+  ]
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=lokiv3"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20m"]
+  }
+}
+
+inputs = {
+  profile                = local.profile
+  vpc_name               = local.eks_vpc_name
+  cluster_name           = local.cluster_name
+  cluster_version        = local.cluster_version
+  eks_instance_disk_size = local.eks_instance_disk_size
+  eks_vpc_name           = local.eks_vpc_name
+  #eks_instance_types     = local.eks_instance_types
+  eks_ng_desired_size                      = local.eks_ng_desired_size
+  eks_ng_max_size                          = local.eks_ng_max_size
+  eks_ng_min_size                          = local.eks_ng_min_size
+  operators_ns                             = local.operators_ns
+  enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions
+  cluster_endpoint_public_access           = local.cluster_endpoint_public_access
+  tags                                     = local.tags
+  aws_auth_roles                           = local.aws_auth_roles
+  domain                                   = local.domain
+  region                                   = local.region
+  creator                                  = local.cluster_mailing_list
+}