From 6babd93a1b497733ced0723c42ab05188746fbd4 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 26 Jun 2025 12:38:32 -0400 Subject: [PATCH 1/5] Add functionality to generate and display directory structure in README.md --- ansible/generate_hcl_files.yml | 17 +++++++++++++++++ ansible/templates/README.md.j2 | 16 +--------------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/ansible/generate_hcl_files.yml b/ansible/generate_hcl_files.yml index 5164487..61bc154 100644 --- a/ansible/generate_hcl_files.yml +++ b/ansible/generate_hcl_files.yml @@ -177,6 +177,23 @@ mode: '0644' loop: "{{ additional_files.files }}" + - name: install tree command if not present + ansible.builtin.package: + name: tree + state: present + + - name: get tree of repo structure + ansible.builtin.command: "tree -L 3 {{ output_dir }}" + register: tree_output + + - name: Print tree structure of generated files + ansible.builtin.debug: + msg: "{{ tree_output.stdout }}" + + - name: set repo_tree + ansible.builtin.set_fact: + repo_tree: "{{ tree_output.stdout }}" + - name: Generate README.md with documentation ansible.builtin.template: src: "{{ template_dir }}/README.md.j2" diff --git a/ansible/templates/README.md.j2 b/ansible/templates/README.md.j2 index 906cdb1..9e19016 100644 --- a/ansible/templates/README.md.j2 +++ b/ansible/templates/README.md.j2 @@ -11,21 +11,7 @@ This EKS cluster configuration was generated on {{ generated_date }} using the t ## Directory Structure ``` -{{ environment }}/ -├── environment.hcl -└── {{ aws_region }}/ - ├── region.hcl - └── vpc/ - ├── vpc.hcl - └── cluster/ - ├── cluster.hcl - ├── eks/ - │ └── terragrunt.hcl - ├── eks-cert-manager/ - │ └── terragrunt.hcl - ├── eks-grafana/ - │ └── terragrunt.hcl - └── ... (other modules) +{{ repo_tree }} ``` ## Getting Started From 75246a212e16caf1349256e2c8443f7306bdf9d4 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 26 Jun 2025 12:39:50 -0400 Subject: [PATCH 2/5] Fix directory path in README.md for module deployment instructions --- ansible/templates/README.md.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/templates/README.md.j2 b/ansible/templates/README.md.j2 index 9e19016..631ed82 100644 --- a/ansible/templates/README.md.j2 +++ b/ansible/templates/README.md.j2 @@ -20,7 +20,7 @@ To apply this configuration: 1. Change to the directory of the module you want to deploy: ``` - cd {{ environment }}/{{ aws_region }}/vpc/cluster/eks + cd {{ environment }}/{{ aws_region }}/vpc/{{ cluster_name }}/eks ``` 2. Initialize and apply the Terragrunt configuration: From 203c79fcbd5328d495af09e9917eb24160055522 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 26 Jun 2025 12:54:00 -0400 Subject: [PATCH 3/5] Remove modules included section from README.md.j2 --- ansible/templates/README.md.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/ansible/templates/README.md.j2 b/ansible/templates/README.md.j2 index 631ed82..db4ae40 100644 --- a/ansible/templates/README.md.j2 +++ b/ansible/templates/README.md.j2 @@ -46,14 +46,4 @@ To customize this configuration further, modify the HCL files in the directory s ansible-playbook ansible/generate_hcl_files.yml -e "config_file=your-custom-config.json" ``` -## Modules Included - -This configuration includes the following modules: - -- EKS Cluster (eks) -- Cert Manager (eks-cert-manager) -- Monitoring (eks-prometheus, eks-grafana) -- Service Mesh (eks-istio) -- And more... - Each module can be deployed independently using Terragrunt. From 9bf20f72d9e0bd012410481cbc65e961ab575e7c Mon Sep 17 00:00:00 2001 From: Matthew Creal Morgan Date: Thu, 26 Jun 2025 12:03:05 -0700 Subject: [PATCH 4/5] update templates (#1) --- _envcommon/default-versions.hcl | 4 +- ansible/README.md | 4 +- ansible/templates/account.hcl.j2 | 4 +- ansible/templates/cluster.hcl.j2 | 34 +++++-------- ansible/templates/root.hcl.j2 | 84 +++++++++++++++++++------------- 5 files changed, 67 insertions(+), 63 deletions(-) diff --git a/_envcommon/default-versions.hcl b/_envcommon/default-versions.hcl index f2f9e2a..20c68b2 100644 --- a/_envcommon/default-versions.hcl +++ b/_envcommon/default-versions.hcl @@ -40,8 +40,8 @@ locals { submodule_versions = { "tfmod-istio-service-ingress" = "0.1.6" - "tfmod-config-job" = "0.1.8" - + "tfmod-config-job" = "0.1.8" + } ##################### diff --git a/ansible/README.md b/ansible/README.md index b1a98fd..b765cdb 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -138,7 +138,7 @@ The tool generates the following directory structure: ``` / -├── environment.hcl +├── root.hcl └── / ├── region.hcl └── vpc/ @@ -204,4 +204,4 @@ Contributions are welcome! Please feel free to submit a Pull Request. ## License -See the LICENSE file for details. \ No newline at end of file +See the LICENSE file for details. diff --git a/ansible/templates/account.hcl.j2 b/ansible/templates/account.hcl.j2 index a5178d2..b99b3c9 100644 --- a/ansible/templates/account.hcl.j2 +++ b/ansible/templates/account.hcl.j2 @@ -5,7 +5,7 @@ locals { account_name = "{{ account_name }}" aws_account_id = "{{ aws_account_id }}" - aws_profile = "{{ aws_profile }}" + aws_profile = format("%v-%v", local.aws_account_id, replace(local.account_name, "-ew", "-gov")) environment = "{{ environment }}" environment_abbr = "{{ environment_abbr }}" -} \ No newline at end of file +} diff --git a/ansible/templates/cluster.hcl.j2 b/ansible/templates/cluster.hcl.j2 index 9e692f2..3bcdbf9 100644 --- a/ansible/templates/cluster.hcl.j2 +++ b/ansible/templates/cluster.hcl.j2 @@ -1,29 +1,19 @@ locals { # Cluster specific configuration - cluster_endpoint_public_access = {{ cluster_endpoint_public_access | lower }} - cluster_name = "{{ cluster_name }}" - cluster_mailing_list = "{{ cluster_mailing_list }}" - eks_instance_disk_size = {{ eks_instance_disk_size }} - eks_ng_desired_size = {{ eks_ng_desired_size }} - eks_ng_max_size = {{ eks_ng_max_size }} - eks_ng_min_size = {{ eks_ng_min_size }} - enable_cluster_creator_admin_permissions = {{ enable_cluster_creator_admin_permissions | lower }} + cluster_name = {{ cluster_name }} + cluster_mailing_list = {{ cluster_mailing_list }} + eks_instance_disk_size = {{ eks_instance_disk_size }} + eks_ng_desired_size = {{ eks_ng_desired_size }} + eks_ng_max_size = {{ eks_ng_max_size }} + eks_ng_min_size = {{ eks_ng_min_size }} + organization = {{ organization }} + finops_project_name = {{ finops_project_name }} + finops_project_number = {{ finops_project_number }} + finops_project_role = {{ finops_project_role }} tags = { {% for key, value in tags.items() %} "{{ key }}" = "{{ value }}" {% endfor %} } - - # Common configuration - common_retry_args = { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } - - common_dependencies = ["../eks", "../eks-config"] - - common_mock_eks = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} \ No newline at end of file + module_enablement_overrides = {{ module_enablement_overrides }} +} diff --git a/ansible/templates/root.hcl.j2 b/ansible/templates/root.hcl.j2 index 45bb83e..9cd698f 100644 --- a/ansible/templates/root.hcl.j2 +++ b/ansible/templates/root.hcl.j2 @@ -1,13 +1,12 @@ -# root.hcl - +# {{environment}}/root.hcl # --------------------------------------------------------------------------------------------------------------------- # TERRAGRUNT CONFIGURATION # Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules, # remote state, and locking: https://github.com/gruntwork-io/terragrunt # --------------------------------------------------------------------------------------------------------------------- locals { - # Automatically load account-level variables - account_vars = read_terragrunt_config(find_in_parent_folders("environment.hcl")) + # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) # Automatically load cluster-level variables cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl")) @@ -15,6 +14,9 @@ locals { # Automatically load _envcommon, cross account and environment common variables common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) + # Automatically load naming prefixes + prefix_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/prefixes.hcl")) + # Automatically load region-level variables region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) @@ -24,21 +26,36 @@ locals { # Automatically load vpc-level variables vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) + # Add any other locals you want to expose + # only expose things not already included via local.xxx_vars.locals.* + root_locals_for_inputs = { + is_module_enabled = local.is_module_enabled + module_name = local.module_name + } + # Extract the variables we need for easy access - account_id = local.account_vars.locals.aws_account_id - aws_profile = local.account_vars.locals.aws_profile - aws_region = local.region_vars.locals.aws_region - cluster_name = local.cluster_vars.locals.cluster_name - environment_abbr = local.account_vars.locals.environment_abbr - organization = local.common_vars.locals.organization - project_name = local.common_vars.locals.project_name - project_number = local.common_vars.locals.project_number - project_role = local.common_vars.locals.project_role + account_id = local.account_vars.locals.aws_account_id + account_name = local.account_vars.locals.account_name + aws_profile = local.account_vars.locals.aws_profile + aws_region = local.region_vars.locals.aws_region + cluster_name = local.cluster_vars.locals.cluster_name + eecr_info = local.common_vars.locals.eecr_info + environment_abbr = local.account_vars.locals.environment_abbr + finops_project_name = local.cluster_vars.locals.finops_project_name + finops_project_number = local.cluster_vars.locals.finops_project_number + finops_project_role = local.cluster_vars.locals.finops_project_role + is_eks_module = local.module_name == "eks" + prefixes = local.prefix_vars.locals.prefixes + is_module_enabled = merge( + { for module in local.versions.locals.core_modules : module => true }, + local.versions.locals.enabled_modules, + local.module_overrides + ) + module_name = basename(get_original_terragrunt_dir()) + module_overrides = local.cluster_vars.locals.module_enablement_overrides + organization = local.cluster_vars.locals.organization state_bucket_prefix = local.common_vars.locals.state_bucket_prefix state_table_name = local.common_vars.locals.state_table_name - # Check if current module is the EKS module - module_name = basename(get_original_terragrunt_dir()) - is_eks_module = local.module_name == "eks" } # Only generate providers for non-EKS modules @@ -82,7 +99,7 @@ generate "helm_provider" { if_exists = "overwrite_terragrunt" contents = local.is_eks_module ? "" : <<-EOF provider "helm" { - kubernetes { + kubernetes = { host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" @@ -93,24 +110,19 @@ generate "helm_provider" { # Configure Terragrunt to automatically store tfstate files in an S3 bucket remote_state { - backend = "s3" + disable_init = tobool(get_env("TG_DISABLE_INIT", "false")) + backend = "s3" generate = { path = "remote_state.backend.tf" if_exists = "overwrite_terragrunt" } config = { - bucket = "${local.state_bucket_prefix}-${local.account_id}" - dynamodb_table = "${local.state_table_name}" - key = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate" - profile = "${local.aws_profile}" - region = "${local.aws_region}" - disable_bucket_update = true - skip_bucket_enforced_tls = true - skip_bucket_public_access_blocking = true - skip_bucket_root_access = true - skip_bucket_ssencryption = true - skip_bucket_versioning = false - enable_lock_table_ssencryption = false + bucket = "${local.state_bucket_prefix}-${local.account_id}" + use_lockfile = true + key = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate" + profile = "${local.aws_profile}" + region = "${local.aws_region}" + disable_bucket_update = true } } @@ -127,9 +139,9 @@ generate "aws-provider" { cluster_name = "${local.cluster_name}" "boc:module_name" = "${local.module_name}" environment = "${local.environment_abbr}" - finops_project_name = "${local.project_name}" - finops_project_number = "${local.project_number}" - finops_project_role = "${local.project_role}" + finops_project_name = "${local.finops_project_name}" + finops_project_number = "${local.finops_project_number}" + finops_project_role = "${local.finops_project_role}" organization = "${local.organization}" } } @@ -151,7 +163,9 @@ inputs = merge( local.account_vars.locals, local.cluster_vars.locals, local.common_vars.locals, + local.prefix_vars.locals, local.region_vars.locals, local.versions.locals, - local.vpc_vars.locals -) \ No newline at end of file + local.vpc_vars.locals, + local.root_locals_for_inputs +) From fb9c940673e3ba72467a4d3904b173ee77af0048 Mon Sep 17 00:00:00 2001 From: Matthew Creal Morgan Date: Thu, 26 Jun 2025 12:23:21 -0700 Subject: [PATCH 5/5] Template updates (#2) * update templates * fix actions path --- .github/{ => workflows}/initialize.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{ => workflows}/initialize.yml (100%) diff --git a/.github/initialize.yml b/.github/workflows/initialize.yml similarity index 100% rename from .github/initialize.yml rename to .github/workflows/initialize.yml