Add Terragrunt configurations for EKS cluster components

- Introduced new Terragrunt configurations for various EKS components including k8s-dashboard, karpenter, keycloak, kiali, loki, metrics-server, open-telemetry, prometheus, tempo, and pipeline. - Each component includes dependencies on the EKS module and mock outputs for local development. - Updated inputs to reflect AWS configurations, cluster configurations, and specific component settings. - Added README documentation for the eks-prometheus module detailing its components, dependencies, inputs, and outputs. - Configured retry lock arguments for Terraform commands to enhance stability during execution. - Established a VPC configuration with specific naming conventions for lab environments.
SCT-Engineering · Jun 26, 2025 · 665611b · 665611b
1 parent cc49e86
commit 665611b
Show file tree

Hide file tree

Showing 27 changed files with 686 additions and 159 deletions.
diff --git a/enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off b/enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off
diff --git a/enviornment/account.hcl → environment/account.hcl b/enviornment/account.hcl → environment/account.hcl
diff --git a/enviornment/region/region.hcl → environment/region/region.hcl b/enviornment/region/region.hcl → environment/region/region.hcl
diff --git a/enviornment/region/vpc/cluster/cluster.hcl → environment/region/vpc/cluster/cluster.hcl b/enviornment/region/vpc/cluster/cluster.hcl → environment/region/vpc/cluster/cluster.hcl
diff --git a/environment/region/vpc/cluster/eks-arcgis/terragrunt.hcl b/environment/region/vpc/cluster/eks-arcgis/terragrunt.hcl
@@ -0,0 +1,86 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+locals {
+  # Skip this module if disabled
+  skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
+}
+
+exclude {
+  if                   = local.skip
+  actions              = ["all_except_output"]
+  exclude_dependencies = false
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-ersi-arcgis.git?ref=${include.root.inputs.release_version}"
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_name = "mock-cluster"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.domain.example.com"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-kiali",
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+  eecr_info  = include.root.inputs.eecr_info
+
+  # Cluster Configuration
+  cluster_domain    = dependency.eks_dns.outputs.cluster_domain
+  cluster_name      = dependency.eks.outputs.cluster_name
+  namespace         = "arcgis"
+  rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class
+
+  # Dockerhub Creds
+  dockerhub_username = ""
+  dockerhub_password = ""
+
+  # ArcGIS Config
+  ersi_image_tag                  = "11.4.0.6285"
+  arcgis_license_json             = ""
+  arcgis_admin_username           = "admin"
+  arcgis_admin_password           = "password"
+  arcgis_admin_email              = include.root.inputs.cluster_mailing_list
+  arcgis_admin_firstname          = "admin"
+  arcgis_admin_lastname           = "admin"
+  arcgis_security_question_index  = 1
+  arcgis_security_question_answer = "Las Vegas"
+}
diff --git a/...c/cluster/eks-cert-manager/terragrunt.hcl → ...c/cluster/eks-cert-manager/terragrunt.hcl b/...c/cluster/eks-cert-manager/terragrunt.hcl → ...c/cluster/eks-cert-manager/terragrunt.hcl
@@ -4,6 +4,17 @@ include "root" {
   expose         = true
 }
 
+locals {
+  # Skip this module if disabled
+  skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
+}
+
+exclude {
+  if                   = local.skip
+  actions              = ["all_except_output"]
+  exclude_dependencies = false
+}
+
 terraform {
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}"
 
@@ -39,6 +50,7 @@ inputs = {
   account_id = include.root.inputs.aws_account_id
   profile    = include.root.inputs.aws_profile
   region     = include.root.inputs.aws_region
+  eecr_info  = include.root.inputs.eecr_info
 
   # Cluster Configuration
   cluster_name         = dependency.eks.outputs.cluster_name

diff --git a/...ion/vpc/cluster/eks-config/terragrunt.hcl → ...ion/vpc/cluster/eks-config/terragrunt.hcl b/...ion/vpc/cluster/eks-config/terragrunt.hcl → ...ion/vpc/cluster/eks-config/terragrunt.hcl
@@ -4,12 +4,15 @@ include "root" {
   expose         = true
 }
 
-dependencies {
-  paths = [
-    "../eks",
-    "../eks-karpenter",
-    "../eks-metrics-server",
-  ]
+locals {
+  # Skip this module if disabled
+  skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
+}
+
+exclude {
+  if                   = local.skip
+  actions              = ["all_except_output"]
+  exclude_dependencies = false
 }
 
 terraform {
@@ -37,6 +40,14 @@ dependency "eks" {
   }
 }
 
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-karpenter",
+    "../eks-metrics-server",
+  ]
+}
+
 inputs = {
   # AWS Configuration
   account_id = include.root.inputs.aws_account_id

diff --git a/environment/region/vpc/cluster/eks-cribl/terragrunt.hcl b/environment/region/vpc/cluster/eks-cribl/terragrunt.hcl
@@ -0,0 +1,90 @@
+include "root" {
+  path           = find_in_parent_folders("root.hcl")
+  merge_strategy = "deep"
+  expose         = true
+}
+
+locals {
+  # Skip this module if disabled
+  skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
+}
+
+exclude {
+  if                   = local.skip
+  actions              = ["all_except_output"]
+  exclude_dependencies = false
+}
+
+terraform {
+  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cribl.git?ref=${include.root.inputs.release_version}"
+
+  extra_arguments "retry_lock" {
+    commands  = get_terraform_commands_that_need_locking()
+    arguments = ["-lock-timeout=20s"]
+  }
+}
+
+dependency "eks" {
+  config_path                             = "../eks"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+
+  mock_outputs = {
+    cluster_name                                    = "mock-cluster"
+    cluster_endpoint                                = "https://mock-endpoint.eks.amazonaws.com"
+    cluster_certificate_authority_data              = [{ data = "mock-cert-data" }]
+    eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"]
+    oidc_provider_arn                               = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock"
+    security_group_all_worker_mgmt_id               = "sg-mock"
+    subnets                                         = ["subnet-mock1", "subnet-mock2"]
+    vpc_id                                          = "vpc-mock"
+  }
+}
+
+dependency "eks_config" {
+  config_path                             = "../eks-config"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    rwo_storage_class = "gp3-mock"
+  }
+}
+
+dependency "eks_dns" {
+  config_path                             = "../eks-dns"
+  mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"]
+  mock_outputs = {
+    cluster_domain = "mock.example.com"
+  }
+}
+
+dependencies {
+  paths = [
+    "../eks",
+    "../eks-config",
+    "../eks-dns",
+    "../eks-gatekeeper",
+  ]
+}
+
+inputs = {
+  # AWS Configuration
+  account_id = include.root.inputs.aws_account_id
+  profile    = include.root.inputs.aws_profile
+  region     = include.root.inputs.aws_region
+
+  # Core Cluster Configuration
+  cluster_domain                                  = dependency.eks_dns.outputs.cluster_domain
+  cluster_name                                    = dependency.eks.outputs.cluster_name
+  eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names
+  oidc_provider_arn                               = dependency.eks.outputs.oidc_provider_arn
+  operators_ns                                    = include.root.inputs.operator_namespace
+  rwo_storage_class                               = dependency.eks_config.outputs.rwo_storage_class
+  security_group_all_worker_mgmt_id               = dependency.eks.outputs.security_group_all_worker_mgmt_id
+  subnets                                         = dependency.eks.outputs.subnets
+  telemetry_ns                                    = include.root.inputs.telemetry_namespace
+  vpc_id                                          = dependency.eks.outputs.vpc_id
+
+  # Cribl configs
+  cribl_tag    = include.root.inputs.cribl_app_version
+  namespace    = include.root.inputs.namespaces["cribl"]
+  service_name = "cribl-leader"
+}
diff --git a/...region/vpc/cluster/eks-dns/terragrunt.hcl → ...region/vpc/cluster/eks-dns/terragrunt.hcl b/...region/vpc/cluster/eks-dns/terragrunt.hcl → ...region/vpc/cluster/eks-dns/terragrunt.hcl
@@ -4,6 +4,17 @@ include "root" {
   expose         = true
 }
 
+locals {
+  # Skip this module if disabled
+  skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true)
+}
+
+exclude {
+  if                   = local.skip
+  actions              = ["all_except_output"]
+  exclude_dependencies = false
+}
+
 terraform {
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}"
   extra_arguments "retry_lock" {