diff --git a/enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off b/enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off deleted file mode 100644 index 119537e..0000000 --- a/enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off +++ /dev/null @@ -1,80 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gogatekeeper.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - } -} - -dependency "eks_grafana" { - config_path = "../eks-grafana" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - public_endpoint = "mock.grafaba.example.com" - } -} - -dependency "eks_keycloak" { - config_path = "../eks-keycloak" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - public_endpoint = "mock.keycloak.example.com" - discovery_url = "mock.keycloak.example.com/auth" - client_id = "mock-client-id" - client_secret = "mock-client-secret" - } -} - -dependencies { - paths = [ - "../eks", - "../eks-dns", - "../eks-grafana", - "../eks-keycloak", - "../eks-prometheus", - ] -} - -inputs = { - # Base Cluster Config - cluster_domain = dependency.eks_dns.outputs.cluster_domain - namespace = include.root.inputs.namespaces["gogatekeeper"] - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Gatekeeper Config - gogatekeeper_tag = include.root.inputs.gogatekeeper_tag - gogatekeeper_chart_version = include.root.inputs.gogatekeeper_chart_version - keycloak_discovery_url = dependency.eks_keycloak.outputs.discovery_url - - # Service Behind Gatekeeper Config - service_name = "test-gc" - upstream_url = dependency.eks_grafana.outputs.public_endpoint - redirection_url = dependency.eks_grafana.outputs.public_endpoint - client_id = dependency.eks_keycloak.outputs.client_id - client_secret = dependency.eks_keycloak.outputs.client_secret - keycloak_public_url = dependency.eks_keycloak.outputs.public_endpoint -} diff --git a/enviornment/account.hcl b/environment/account.hcl similarity index 100% rename from enviornment/account.hcl rename to environment/account.hcl diff --git a/enviornment/region/region.hcl b/environment/region/region.hcl similarity index 100% rename from enviornment/region/region.hcl rename to environment/region/region.hcl diff --git a/enviornment/region/vpc/cluster/cluster.hcl b/environment/region/vpc/cluster/cluster.hcl similarity index 100% rename from enviornment/region/vpc/cluster/cluster.hcl rename to environment/region/vpc/cluster/cluster.hcl diff --git a/environment/region/vpc/cluster/eks-arcgis/terragrunt.hcl b/environment/region/vpc/cluster/eks-arcgis/terragrunt.hcl new file mode 100644 index 0000000..38cf455 --- /dev/null +++ b/environment/region/vpc/cluster/eks-arcgis/terragrunt.hcl @@ -0,0 +1,86 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-ersi-arcgis.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_name = "mock-cluster" + } +} + +dependency "eks_config" { + config_path = "../eks-config" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + rwo_storage_class = "gp3-mock" + } +} + +dependency "eks_dns" { + config_path = "../eks-dns" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_domain = "mock.domain.example.com" + } +} + +dependencies { + paths = [ + "../eks", + "../eks-config", + "../eks-dns", + "../eks-kiali", + ] +} + +inputs = { + # AWS Configuration + account_id = include.root.inputs.aws_account_id + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + eecr_info = include.root.inputs.eecr_info + + # Cluster Configuration + cluster_domain = dependency.eks_dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + namespace = "arcgis" + rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class + + # Dockerhub Creds + dockerhub_username = "" + dockerhub_password = "" + + # ArcGIS Config + ersi_image_tag = "11.4.0.6285" + arcgis_license_json = "" + arcgis_admin_username = "admin" + arcgis_admin_password = "password" + arcgis_admin_email = include.root.inputs.cluster_mailing_list + arcgis_admin_firstname = "admin" + arcgis_admin_lastname = "admin" + arcgis_security_question_index = 1 + arcgis_security_question_answer = "Las Vegas" +} diff --git a/enviornment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl b/environment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl similarity index 86% rename from enviornment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl rename to environment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl index 5e03cd4..569a355 100644 --- a/enviornment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" @@ -39,6 +50,7 @@ inputs = { account_id = include.root.inputs.aws_account_id profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region + eecr_info = include.root.inputs.eecr_info # Cluster Configuration cluster_name = dependency.eks.outputs.cluster_name diff --git a/enviornment/region/vpc/cluster/eks-config/terragrunt.hcl b/environment/region/vpc/cluster/eks-config/terragrunt.hcl similarity index 89% rename from enviornment/region/vpc/cluster/eks-config/terragrunt.hcl rename to environment/region/vpc/cluster/eks-config/terragrunt.hcl index 4a6a659..49e0ea2 100644 --- a/enviornment/region/vpc/cluster/eks-config/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-config/terragrunt.hcl @@ -4,12 +4,15 @@ include "root" { expose = true } -dependencies { - paths = [ - "../eks", - "../eks-karpenter", - "../eks-metrics-server", - ] +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false } terraform { @@ -37,6 +40,14 @@ dependency "eks" { } } +dependencies { + paths = [ + "../eks", + "../eks-karpenter", + "../eks-metrics-server", + ] +} + inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id diff --git a/environment/region/vpc/cluster/eks-cribl/terragrunt.hcl b/environment/region/vpc/cluster/eks-cribl/terragrunt.hcl new file mode 100644 index 0000000..d18b180 --- /dev/null +++ b/environment/region/vpc/cluster/eks-cribl/terragrunt.hcl @@ -0,0 +1,90 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cribl.git?ref=${include.root.inputs.release_version}" + + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + + mock_outputs = { + cluster_name = "mock-cluster" + cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" + cluster_certificate_authority_data = [{ data = "mock-cert-data" }] + eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"] + oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + security_group_all_worker_mgmt_id = "sg-mock" + subnets = ["subnet-mock1", "subnet-mock2"] + vpc_id = "vpc-mock" + } +} + +dependency "eks_config" { + config_path = "../eks-config" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + rwo_storage_class = "gp3-mock" + } +} + +dependency "eks_dns" { + config_path = "../eks-dns" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_domain = "mock.example.com" + } +} + +dependencies { + paths = [ + "../eks", + "../eks-config", + "../eks-dns", + "../eks-gatekeeper", + ] +} + +inputs = { + # AWS Configuration + account_id = include.root.inputs.aws_account_id + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + + # Core Cluster Configuration + cluster_domain = dependency.eks_dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names + oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + operators_ns = include.root.inputs.operator_namespace + rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class + security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id + subnets = dependency.eks.outputs.subnets + telemetry_ns = include.root.inputs.telemetry_namespace + vpc_id = dependency.eks.outputs.vpc_id + + # Cribl configs + cribl_tag = include.root.inputs.cribl_app_version + namespace = include.root.inputs.namespaces["cribl"] + service_name = "cribl-leader" +} diff --git a/enviornment/region/vpc/cluster/eks-dns/terragrunt.hcl b/environment/region/vpc/cluster/eks-dns/terragrunt.hcl similarity index 86% rename from enviornment/region/vpc/cluster/eks-dns/terragrunt.hcl rename to environment/region/vpc/cluster/eks-dns/terragrunt.hcl index 6ab9858..feecb98 100644 --- a/enviornment/region/vpc/cluster/eks-dns/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-dns/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { diff --git a/environment/region/vpc/cluster/eks-gatekeeper/terragrunt.hcl b/environment/region/vpc/cluster/eks-gatekeeper/terragrunt.hcl new file mode 100644 index 0000000..971dd2e --- /dev/null +++ b/environment/region/vpc/cluster/eks-gatekeeper/terragrunt.hcl @@ -0,0 +1,140 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-gatekeeper.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_name = "mock-cluster" + oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + } +} + +dependency "eks_dns" { + config_path = "../eks-dns" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_domain = "mock.example.com" + } +} + +dependency "eks_keycloak" { + config_path = "../eks-keycloak" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + user_auth_realm = "mock.keycloak.example.com/auth" + client_id = "mock-client-id" + client_secret = "mock-client-secret" + namespace = "keycloak" + user_secret = "user-sso" + } +} + +dependency "eks-k8s-dashboard" { + config_path = "../eks-k8s-dashboard" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + namespace = "telemetry" + internal_endpoint = { + hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" + port_number = 80 + url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" + } + dashboard-user-token = "Iamanextremelylongstring" + } +} + +dependency "eks-grafana" { + config_path = "../eks-grafana" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + namespace = "telemetry" + internal_endpoint = { + hostname = "kubernetes-dashboard.telemetry.svc.cluster.local" + port_number = 80 + url = "http://kubernetes-dashboard.telemetry.svc.cluster.local:80/" + } + } +} + +dependency "eks-kiali" { + config_path = "../eks-kiali" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + namespace = "istio-system" + internal_endpoint = { + hostname = "kiali.telemetry.svc.cluster.local" + port_number = 80 + url = "http://kiali.telemetry.svc.cluster.local:80/" + } + } +} + +dependencies { + paths = [ + "../eks", + "../eks-dns", + "../eks-keycloak", + "../eks-k8s-dashboard", + "../eks-grafana", + "../eks-kiali", + ] +} + +inputs = { + # AWS Configuration + account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + + # Cluster Configuration + cluster_domain = dependency.eks_dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + + # Gatekeeper Standard Config + gatekeeper_chart_version = include.root.inputs.gatekeeper_chart_version + gatekeeper_tag = include.root.inputs.gatekeeper_tag + keycloak_client_id = dependency.eks_keycloak.outputs.client_id + keycloak_client_secret = dependency.eks_keycloak.outputs.client_secret + keycloak_fqdn = dependency.eks_keycloak.outputs.user_auth_realm + user_secret = dependency.eks_keycloak.outputs.user_secret + + # Dashboard Gatekeeper Config + dashboard_ns = dependency.eks-k8s-dashboard.outputs.namespace + dashboard_service_name = "dashboard" + dashboard_url = dependency.eks-k8s-dashboard.outputs.internal_endpoint.url + dashboard_user_token = dependency.eks-k8s-dashboard.outputs.dashboard-user-token + + # Grafana Gatekeeper Config + grafana_ns = dependency.eks-grafana.outputs.namespace + grafana_service_name = "grafana" + grafana_url = dependency.eks-grafana.outputs.internal_endpoint.url + + # Kaili Gatekeeper Config + kiali_ns = dependency.eks-kiali.outputs.namespace + kiali_service_name = "kiali" + kiali_url = dependency.eks-kiali.outputs.internal_endpoint.url +} diff --git a/enviornment/region/vpc/cluster/eks-grafana/terragrunt.hcl b/environment/region/vpc/cluster/eks-grafana/terragrunt.hcl similarity index 82% rename from enviornment/region/vpc/cluster/eks-grafana/terragrunt.hcl rename to environment/region/vpc/cluster/eks-grafana/terragrunt.hcl index 7830797..07cc34d 100644 --- a/enviornment/region/vpc/cluster/eks-grafana/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-grafana/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -16,8 +27,7 @@ dependency "eks" { config_path = "../eks" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + cluster_name = include.root.inputs.cluster_name } } @@ -44,9 +54,10 @@ dependency "eks_prometheus" { config_path = "../eks-prometheus" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - rwo_storage_class = "gp3-mocked" prometheus_server_internal_endpoint = { - url = "mock.prometheus.enpoint.example.com" + hostname = "prometheus.mock.svc.cluster.local" + port_number = "80" + url = "https://prometheus.mock.svc.cluster.local:80/" } } } @@ -75,13 +86,13 @@ dependencies { inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks_dns.outputs.cluster_domain - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + cluster_name = dependency.eks.outputs.cluster_name + cluster_domain = dependency.eks_dns.outputs.cluster_domain # Storage Configuration rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class diff --git a/enviornment/region/vpc/cluster/eks-istio/terragrunt.hcl b/environment/region/vpc/cluster/eks-istio/terragrunt.hcl similarity index 69% rename from enviornment/region/vpc/cluster/eks-istio/terragrunt.hcl rename to environment/region/vpc/cluster/eks-istio/terragrunt.hcl index 0cd1e1f..9f10168 100644 --- a/enviornment/region/vpc/cluster/eks-istio/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-istio/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -16,6 +27,7 @@ dependencies { paths = [ "../eks", "../eks-cert-manager", + "../eks-otel" ] } @@ -23,20 +35,19 @@ dependency "eks" { config_path = "../eks" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + cluster_name = include.root.inputs.cluster_name } } inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn + cluster_name = dependency.eks.outputs.cluster_name # Istio Configuration namespace = include.root.inputs.namespaces["istio"] diff --git a/enviornment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl b/environment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl similarity index 84% rename from enviornment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl rename to environment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl index 1d02df6..9527e5f 100644 --- a/enviornment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -42,6 +53,7 @@ inputs = { account_id = include.root.inputs.aws_account_id profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region + eecr_info = include.root.inputs.eecr_info # Cluster Configuration cluster_domain = dependency.eks_dns.outputs.cluster_domain diff --git a/enviornment/region/vpc/cluster/eks-karpenter/terragrunt.hcl b/environment/region/vpc/cluster/eks-karpenter/terragrunt.hcl similarity index 84% rename from enviornment/region/vpc/cluster/eks-karpenter/terragrunt.hcl rename to environment/region/vpc/cluster/eks-karpenter/terragrunt.hcl index 25c22d7..9233255 100644 --- a/enviornment/region/vpc/cluster/eks-karpenter/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-karpenter/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" @@ -38,6 +49,7 @@ inputs = { account_id = include.root.inputs.aws_account_id profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region + eecr_info = include.root.inputs.eecr_info # Cluster Configuration cluster_endpoint = dependency.eks.outputs.cluster_endpoint diff --git a/enviornment/region/vpc/cluster/eks-keycloak/terragrunt.hcl b/environment/region/vpc/cluster/eks-keycloak/terragrunt.hcl similarity index 79% rename from enviornment/region/vpc/cluster/eks-keycloak/terragrunt.hcl rename to environment/region/vpc/cluster/eks-keycloak/terragrunt.hcl index 74132d7..f17489e 100644 --- a/enviornment/region/vpc/cluster/eks-keycloak/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-keycloak/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -49,6 +60,7 @@ dependencies { inputs = { cluster_domain = dependency.eks_dns.outputs.cluster_domain cluster_name = dependency.eks.outputs.cluster_name + eecr_info = include.root.inputs.eecr_info namespace = include.root.inputs.namespaces["keycloak"] profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region @@ -56,21 +68,11 @@ inputs = { # keycloak config default_storage_class = dependency.eks_config.outputs.rwo_storage_class keycloak_chart_version = include.root.inputs.keycloak_chart_version - keycloak_hostname = include.root.inputs.keycloak_hostname keycloak_tag = include.root.inputs.keycloak_tag realm_email = include.root.inputs.cluster_mailing_list realm_name = "master" - realm_password = include.root.inputs.keycloak_password - realm_username = include.root.inputs.keycloak_username service_name = "keycloak" telemetry_namespace = include.root.inputs.telemetry_namespace + admin_email = include.root.inputs.cluster_mailing_list - # # Database configuration - keycloak_database = include.root.inputs.keycloak_database - keycloak_user = include.root.inputs.keycloak_username - keycloak_password = include.root.inputs.keycloak_password - - # Project information - project_name = include.root.inputs.project_name - tags = include.root.inputs.tags } diff --git a/enviornment/region/vpc/cluster/eks-kiali/terragrunt.hcl b/environment/region/vpc/cluster/eks-kiali/terragrunt.hcl similarity index 79% rename from enviornment/region/vpc/cluster/eks-kiali/terragrunt.hcl rename to environment/region/vpc/cluster/eks-kiali/terragrunt.hcl index f1c9bdc..8f19b76 100644 --- a/enviornment/region/vpc/cluster/eks-kiali/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-kiali/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -33,7 +44,7 @@ dependency "eks_dns" { config_path = "../eks-dns" mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] mock_outputs = { - cluster_domain = "mock.example.com" + cluster_domain = "mock.example.com" } } @@ -46,14 +57,9 @@ dependency "eks_grafana" { port_number = "80" url = "https://grafana.mock.svc.cluster.local:80/" } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.mock.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.mock.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - tempo_datasource_id = "mock-tempo-datasource-id" + namespace = "grafana" + secret_name = "grafana" + tempo_datasource_id = "mock-tempo-datasource-id" } } @@ -96,31 +102,30 @@ dependencies { inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks_cert_manager.outputs.cluster_issuer_name + cluster_domain = dependency.eks_dns.outputs.cluster_domain + cluster_name = dependency.eks.outputs.cluster_name + certificate_issuer = dependency.eks_cert_manager.outputs.cluster_issuer_name # Kiali Configuration service_name = "kiali" - namespace = include.root.inputs.namespaces["kiali"] - istio_namespace = include.root.inputs.namespaces["istio"] + namespace = include.root.inputs.namespaces["kiali"] + istio_namespace = include.root.inputs.namespaces["istio"] grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url grafana_namespace = dependency.eks_grafana.outputs.namespace grafana_secret_name = dependency.eks_grafana.outputs.secret_name - grafana_public_url = dependency.eks_grafana.outputs.public_endpoint kiali_application_version = include.root.inputs.kiali_application_version - kiali_operator_version = include.root.inputs.kiali_operator_version + kiali_operator_version = include.root.inputs.kiali_operator_version prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url grafana_namespace = dependency.eks_grafana.outputs.namespace grafana_secret_name = dependency.eks_grafana.outputs.secret_name grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url - grafana_public_url = dependency.eks_grafana.outputs.public_endpoint tempo_datasource_id = dependency.eks_grafana.outputs.tempo_datasource_id tempo_internal_url = dependency.eks_tempo.outputs.tempo_internal_endpoint.url } diff --git a/enviornment/region/vpc/cluster/eks-loki/terragrunt.hcl b/environment/region/vpc/cluster/eks-loki/terragrunt.hcl similarity index 83% rename from enviornment/region/vpc/cluster/eks-loki/terragrunt.hcl rename to environment/region/vpc/cluster/eks-loki/terragrunt.hcl index e126331..54586f1 100644 --- a/enviornment/region/vpc/cluster/eks-loki/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-loki/terragrunt.hcl @@ -4,12 +4,23 @@ include "root" { expose = true } -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-metrics-server", - ] +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } } dependency "eks" { @@ -29,17 +40,18 @@ dependency "eks_config" { } } -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } +dependencies { + paths = [ + "../eks", + "../eks-config", + "../eks-metrics-server", + ] } inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/enviornment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl b/environment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl similarity index 79% rename from enviornment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl rename to environment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl index fd02a7a..241bbc5 100644 --- a/enviornment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl @@ -4,18 +4,15 @@ include "root" { expose = true } -dependencies { - paths = [ - "../eks", - ] +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) } -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - } +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false } terraform { @@ -26,9 +23,24 @@ terraform { } } +dependency "eks" { + config_path = "../eks" + mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] + mock_outputs = { + cluster_name = "mock-cluster" + } +} + +dependencies { + paths = [ + "../eks", + ] +} + inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/enviornment/region/vpc/cluster/eks-otel/terragrunt.hcl b/environment/region/vpc/cluster/eks-otel/terragrunt.hcl similarity index 58% rename from enviornment/region/vpc/cluster/eks-otel/terragrunt.hcl rename to environment/region/vpc/cluster/eks-otel/terragrunt.hcl index 2c93211..a8a7d7c 100644 --- a/enviornment/region/vpc/cluster/eks-otel/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-otel/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=${include.root.inputs.release_version}" # source = "../../../../../../../tfmod-open-telemetry" @@ -13,15 +24,6 @@ terraform { } } -dependencies { - paths = [ - "../eks", - "../eks-loki", - "../eks-prometheus", - "../eks-tempo" - ] -} - dependency "eks" { config_path = "../eks" mock_outputs = { @@ -51,11 +53,33 @@ dependency "eks-tempo" { } } +dependencies { + paths = [ + "../eks", + "../eks-loki", + "../eks-prometheus", + "../eks-tempo" + ] +} + inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region + # AWS Configuration + account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info + profile = include.root.inputs.aws_profile + region = include.root.inputs.aws_region + + # Clouster Config + cluster_name = dependency.eks.outputs.cluster_name + + # OTEL Configuration namespace = include.root.inputs.namespaces["otel"] loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url + # Image Version + auto_instrumentation_java_version = include.root.inputs.auto_instrumentation_java_version + collector_contrib_version = include.root.inputs.collector_contrib_version + collector_version = include.root.inputs.collector_version + otel_helm_version = include.root.inputs.otel_helm_version + rbac_proxy_version = include.root.inputs.rbac_proxy_version } diff --git a/environment/region/vpc/cluster/eks-pipeline/terragrunt.hcl b/environment/region/vpc/cluster/eks-pipeline/terragrunt.hcl new file mode 100644 index 0000000..8d705a7 --- /dev/null +++ b/environment/region/vpc/cluster/eks-pipeline/terragrunt.hcl @@ -0,0 +1,100 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + merge_strategy = "deep" + expose = true +} + +locals { + # Skip this module if disabled OR if running in CodeBuild (to avoid circular dependency) + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) || get_env("CODEBUILD_BUILD_ID", "") != "" + + artifact_bucket = format("%v%v-%v-%v-%v", + include.root.inputs.prefixes["eks-s3"], + include.root.inputs.cluster_name, + "artifacts", + include.root.inputs.aws_account_id, + join("", [for c in split("-", include.root.inputs.aws_region) : substr(c, 0, 1)])) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + +terraform { + source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-pipeline.git?ref=${include.root.inputs.release_version}" + + extra_arguments "retry_lock" { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20s"] + } +} + +inputs = { + account_id = include.root.inputs.aws_account_id + cluster_name = include.root.inputs.cluster_name + environment = include.root.inputs.environment_abbr + region = include.root.inputs.aws_region + state_bucket_prefix = include.root.inputs.state_bucket_prefix + + # VPC Configuration + vpc_name = include.root.inputs.vpc_name + subnet_filter = "*-container-*" # or any specific pattern you want to use + + is_infrastructure_pipeline = true + + # Updated to use buildspecs from the platform-tg-infra repository + # made deploy-to-pipeline will update them from tfmod-pipeline module + buildspec_template_path = "buildspecs" + + build_configuration = { + compute_type = "BUILD_GENERAL1_LARGE" + image = "aws/codebuild/amazonlinux-x86_64-standard:5.0" + buildspec_path = "build.yml" + privileged_mode = true + environment_variables = { + ARTIFACT_BUCKET = local.artifact_bucket + TERRAGRUNT_PATH = "lab/${include.root.inputs.environment}/${include.root.inputs.aws_region}/vpc/${include.root.inputs.cluster_name}" + REGION = include.root.inputs.aws_region + ENVIRONMENT = include.root.inputs.environment_abbr + AWS_ACCOUNT_ID = include.root.inputs.aws_account_id + PROXY_CONFIG = "http://vlab-proxy.tco.census.gov:3128" + } + } + + security_scan_configuration = { + compute_type = "BUILD_GENERAL1_MEDIUM" + image = "aws/codebuild/amazonlinux-x86_64-standard:5.0" + buildspec_path = "security.yml" + environment_variables = { + ARTIFACT_BUCKET = local.artifact_bucket + TERRAGRUNT_PATH = "lab/${include.root.inputs.environment}/${include.root.inputs.aws_region}/vpc/${include.root.inputs.cluster_name}" + REGION = include.root.inputs.aws_region + ENVIRONMENT = include.root.inputs.environment_abbr + AWS_ACCOUNT_ID = include.root.inputs.aws_account_id + PROXY_CONFIG = "http://vlab-proxy.tco.census.gov:3128" + } + } + + approval_configuration = { + enabled = true + notify_emails = [include.root.inputs.cluster_mailing_list] + custom_message = "Please review and approve infrastructure changes to the CSVD platform" + } + + deployment_configuration = { + target_type = "Build" + compute_type = "BUILD_GENERAL1_MEDIUM" + image = "aws/codebuild/amazonlinux-x86_64-standard:5.0" + buildspec_path = "deploy.yml" + environment_variables = { + ARTIFACT_BUCKET = local.artifact_bucket + TERRAGRUNT_PATH = "lab/${include.root.inputs.environment}/${include.root.inputs.aws_region}/vpc/${include.root.inputs.cluster_name}" + REGION = include.root.inputs.aws_region + ENVIRONMENT = include.root.inputs.environment_abbr + AWS_ACCOUNT_ID = include.root.inputs.aws_account_id + PROXY_CONFIG = "http://vlab-proxy.tco.census.gov:3128" + } + } +} diff --git a/enviornment/region/vpc/cluster/eks-prometheus/README.md b/environment/region/vpc/cluster/eks-prometheus/README.md similarity index 100% rename from enviornment/region/vpc/cluster/eks-prometheus/README.md rename to environment/region/vpc/cluster/eks-prometheus/README.md diff --git a/enviornment/region/vpc/cluster/eks-prometheus/terragrunt.hcl b/environment/region/vpc/cluster/eks-prometheus/terragrunt.hcl similarity index 86% rename from enviornment/region/vpc/cluster/eks-prometheus/terragrunt.hcl rename to environment/region/vpc/cluster/eks-prometheus/terragrunt.hcl index 80e24e8..1cb7f81 100644 --- a/enviornment/region/vpc/cluster/eks-prometheus/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-prometheus/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -16,6 +27,7 @@ dependencies { paths = [ "../eks", "../eks-config", + "../eks-karpenter", "../eks-metrics-server", ] } @@ -40,6 +52,7 @@ dependency "eks_config" { inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/enviornment/region/vpc/cluster/eks-tempo/terragrunt.hcl b/environment/region/vpc/cluster/eks-tempo/terragrunt.hcl similarity index 86% rename from enviornment/region/vpc/cluster/eks-tempo/terragrunt.hcl rename to environment/region/vpc/cluster/eks-tempo/terragrunt.hcl index e94ad7f..71dd0a1 100644 --- a/enviornment/region/vpc/cluster/eks-tempo/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks-tempo/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" extra_arguments "retry_lock" { @@ -44,6 +55,7 @@ dependencies { inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id + eecr_info = include.root.inputs.eecr_info profile = include.root.inputs.aws_profile region = include.root.inputs.aws_region diff --git a/environment/region/vpc/cluster/eks/.terragrunt-cache/U9IVToEiQ56jF8u2dsZ0YEJ23Wg/TQmwvwQP957rezNU3fQlOzzB9Uc b/environment/region/vpc/cluster/eks/.terragrunt-cache/U9IVToEiQ56jF8u2dsZ0YEJ23Wg/TQmwvwQP957rezNU3fQlOzzB9Uc new file mode 160000 index 0000000..01bd7bc --- /dev/null +++ b/environment/region/vpc/cluster/eks/.terragrunt-cache/U9IVToEiQ56jF8u2dsZ0YEJ23Wg/TQmwvwQP957rezNU3fQlOzzB9Uc @@ -0,0 +1 @@ +Subproject commit 01bd7bc0f9bdcfc1623817cfe8830a535d0de581 diff --git a/environment/region/vpc/cluster/eks/terragrunt-debug.tfvars.json b/environment/region/vpc/cluster/eks/terragrunt-debug.tfvars.json new file mode 100644 index 0000000..8f1efa1 --- /dev/null +++ b/environment/region/vpc/cluster/eks/terragrunt-debug.tfvars.json @@ -0,0 +1,13 @@ +{ + "cluster_name": "csvd-platform-lab-mcm", + "cluster_version": "1.32", + "eks_instance_disk_size": 100, + "eks_ng_desired_size": 2, + "eks_ng_max_size": 10, + "eks_ng_min_size": 2, + "tags": { + "cluster:size": "min:2-max:10-desired:2", + "slim:schedule": "8:00-17:00" + }, + "vpc_name": "vpc3-lab-dev" +} \ No newline at end of file diff --git a/enviornment/region/vpc/cluster/eks/terragrunt.hcl b/environment/region/vpc/cluster/eks/terragrunt.hcl similarity index 70% rename from enviornment/region/vpc/cluster/eks/terragrunt.hcl rename to environment/region/vpc/cluster/eks/terragrunt.hcl index 9eca1de..13ed5d0 100644 --- a/enviornment/region/vpc/cluster/eks/terragrunt.hcl +++ b/environment/region/vpc/cluster/eks/terragrunt.hcl @@ -4,6 +4,17 @@ include "root" { expose = true } +locals { + # Skip this module if disabled + skip = !lookup(include.root.locals.is_module_enabled, basename(get_terragrunt_dir()), true) +} + +exclude { + if = local.skip + actions = ["all_except_output"] + exclude_dependencies = false +} + terraform { source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" @@ -13,6 +24,12 @@ terraform { } } +dependencies { + paths = [ + "../eks-pipeline", + ] +} + inputs = { # AWS Configuration account_id = include.root.inputs.aws_account_id diff --git a/enviornment/region/vpc/vpc.hcl b/environment/region/vpc/vpc.hcl similarity index 100% rename from enviornment/region/vpc/vpc.hcl rename to environment/region/vpc/vpc.hcl