updating more hcl files

_envcommon/common-variables.hcl

@@ -6,10 +6,6 @@
 # that are common across all environments/accounts.
 # ---------------------------------------------------------------------------------------------------------------------
 locals {
-  organization        = "census:ocio:csvd"
-  project_name        = "csvd_platformbaseline"
-  project_number      = "fs0000000078"
-  project_role        = "csvd_platformbaseline_app"
   state_bucket_prefix = "inf-tfstate"
   state_table_name    = "tf_remote_state"
   route53_endpoints = {
@@ -20,4 +16,24 @@ locals {
       "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
     }
   }
+  enterprise_ecr_account = {
+    lab = {
+      "account_id" = "269222635945"
+      "alias"      = "lab-gov-shared-nonprod"
+      "profile"    = "269222635945-lab-gov-shared-nonprod"
+      "region"     = "us-gov-east-1"
+    }
+    prod = {
+      "account_id" = "067074201825"
+      "alias"      = "ent-gov-shared-prod"
+      "profile"    = "067074201825-ent-gov-shared-prod"
+      "region"     = "us-gov-east-1"
+    }
+  }
+  eecr_info = {
+    account_id = local.enterprise_ecr_account.lab["account_id"]
+    alias      = local.enterprise_ecr_account.lab["alias"]
+    profile    = local.enterprise_ecr_account.lab["profile"]
+    region     = local.enterprise_ecr_account.lab["region"]
+  }
 }

_envcommon/default-versions.hcl

@@ -1,14 +1,80 @@
 # lab/_envcommon/default-versions.hcl
 
 locals {
+  module_name     = basename(get_original_terragrunt_dir())
+  release_version = local.module_versions["2025.20.04"][local.module_name]
+
   #####################
   # Module Versions
   #####################
-  cluster_version            = "1.31"
-  custom_service_eks_account = "${local.release_version}"
-  eks_module_version         = "20.33.1"
-  istio_ingress_version      = "${local.release_version}"
-  release_version            = "main" # "main" # change to main when testing updated modules
+  cluster_version            = "1.32"
+  custom_service_eks_account = "1.0.0"
+  eks_module_version         = "20.36.0"
+  istio_ingress_version      = "0.1.3"
+
+  module_versions = {
+    "2025.20.04" = {
+      "eks-arcgis"                  = false
+      "eks-cert-manager"            = "0.1.9"
+      "eks-config"                  = "1.0.5"
+      "eks-cribl"                   = "initial"
+      "eks-dns"                     = "0.1.3"
+      "eks-gatekeeper"              = "0.0.3"
+      "eks-grafana"                 = "0.1.5"
+      "eks-istio"                   = "1.0.9"
+      "tfmod-istio-service-ingress" = "0.1.6"
+      "eks-k8s-dashboard"           = "0.1.4"
+      "eks-karpenter"               = "0.1.6"
+      "eks-keycloak"                = "0.0.8"
+      "eks-kiali"                   = "0.1.4"
+      "eks-loki"                    = "0.1.4"
+      "eks-metrics-server"          = "0.1.4"
+      "eks-otel"                    = "0.0.4"
+      "eks-pipeline"                = "initial"
+      "eks-postgresql"              = false
+      "eks-prometheus"              = "0.1.4"
+      "eks-tempo"                   = "0.1.4"
+      "eks"                         = "1.0.9"
+    }
+  }
+
+  submodule_versions = {
+    "tfmod-istio-service-ingress" = "0.1.6"
+    "tfmod-config-job" = "0.1.8"
+
+  }
+
+  #####################
+  # Module Enablement
+  #####################
+
+  # Core modules that should always be enabled (cannot be disabled)
+  core_modules = [
+    "eks",
+    "eks-metrics-server",
+    "eks-karpenter",
+    "eks-config",
+    "eks-cert-manager",
+    "eks-istio",
+    "eks-dns",
+  ]
+
+  # Optional modules with their default enablement state
+  enabled_modules = {
+    "eks-arcgis"        = false
+    "eks-cribl"         = false
+    "eks-gatekeeper"    = true
+    "eks-grafana"       = true
+    "eks-k8s-dashboard" = true
+    "eks-keycloak"      = true
+    "eks-kiali"         = true
+    "eks-loki"          = true
+    "eks-otel"          = true
+    "eks-pipeline"      = false
+    "eks-postgresql"    = true
+    "eks-prometheus"    = true
+    "eks-tempo"         = true
+  }
 
   #####################
   # TF Providers
@@ -24,21 +90,23 @@ locals {
   #####################
   # Namespaces Config
   #####################
-  operator_namespace  = "aoperator"
-  telemetry_namespace = "atelemetry"
+  operator_namespace  = "operator"
+  telemetry_namespace = "telemetry"
   namespaces = {
+    arcgis         = "arcgis"
     cert-manager   = "kube-system"
+    cribl          = "cribl"
+    gatekeeper     = "keycloak"
+    grafana        = local.telemetry_namespace
+    istio          = "istio-system"
+    k8s-dashboard  = local.telemetry_namespace
     karpenter      = "karpenter"
-    metrics-server = "kube-system"
-    postgresql     = "kube-system"
     keycloak       = "keycloak"
-    gogatekeeper   = "kube-system"
-    istio          = "istio-system"
     kiali          = "istio-system"
-    grafana        = local.telemetry_namespace
-    k8s-dashboard  = local.telemetry_namespace
     loki           = local.telemetry_namespace
+    metrics-server = "kube-system"
     otel           = local.telemetry_namespace
+    postgresql     = "keycloak"
     prometheus     = local.telemetry_namespace
     tempo          = local.telemetry_namespace
   }
@@ -58,11 +126,19 @@ locals {
   cert_manager_version             = "1.17.1"
   cert_manager_webhook_tag         = "v${local.cert_manager_version}"
 
+  #####################
+  # Cribl
+  #####################
+  cribl_chart_version = "4.11.1"
+  cribl_app_version   = "4.11.1"
+
+
   ################
   # GoGatekeeper
   ################
-  gogatekeeper_tag           = "3.2.1"
-  gogatekeeper_chart_version = "0.1.53"
+  gatekeeper_tag           = "3.3.0"
+  gatekeeper_chart_version = "0.1.54"
+  gatekeeper_service_name  = "gatekeeper"
 
   ################
   # Grafana
@@ -71,7 +147,7 @@ locals {
   grafana_operator_chart_version = "4.9.8"
   grafana_operator_tag           = "5.16.0"
   grafana_tag                    = "11.5.2"
-  os_shell_image_tag             = "12"
+  os_shell_image_tag             = local.utilities_tag
 
   ################
   # Istio
@@ -83,25 +159,28 @@ locals {
   # k8s-dashboard
   ################
   dashboard_hostname            = "dashboard"
-  k8s_dashboard_metrics_scraper = "1.0.8"
-  k8s_dashboard_version         = "6.0.6"
+  k8s_dashboard_version         = "v2.7.0"
+  k8s_dashboard_metrics_scraper = "v1.0.9"
+  # dashboard_api_tag     = "1.11.1"
+  # dashboard_auth_tag    = "1.2.4"
+  # dashboard_metrics_tag = "1.2.2"
+  # dashboard_web_tag     = "1.6.2"
+  # dashboard_kong_tag    = "3.8"
 
   ################
   # Karpenter
   ################
-  karpenter_helm_chart = "1.3.1"
-  karpenter_tag        = "1.3.1"
+  karpenter_helm_chart = "1.4.0"
+  karpenter_tag        = "1.4.0"
 
   ################
   # Keycloak
   ################
-  keycloak_chart_version = "24.4.11"
-  keycloak_tag           = "26.1.3"
-  keycloak_hostname      = "keycloak"
-  keycloak_database      = "keycloak"
-  keycloak_username      = "keycloak"
-  keycloak_password      = "this is my very secure and totally random password horse battery staple now"
-  postgresql_tag         = "17.4.0-debian-12-r2"
+  keycloak_chart_version = "7.0.1"
+  keycloak_tag           = "26.0.7"
+  postgresql_tag         = "17.4.0-debian-12-r4"
+  postgres_exporter_tag  = "0.17.1-debian-12-r0"
+  utilities_tag          = "1.0.3"
 
   ################
   # Kiali
@@ -114,8 +193,8 @@ locals {
   ################
   loki_chart_version              = "6.27.0"
   loki_tag                        = "3.4.2"
-  enterprise_logs_provisioner_tag = "v1.7.0"
-  gateway_tag                     = "1.27-alpine"
+  enterprise_logs_provisioner_tag = "3.4.2"
+  gateway_tag                     = "1.26.3"
   memcached_tag                   = "1.6.37"
   exporter_tag                    = "v0.15.0"
   sidecar_tag                     = "1.27.4"
@@ -124,7 +203,27 @@ locals {
   # Metrics Server
   ################
   metrics_server_helm_chart = "3.12.2"
-  metrics_server_tag        = "0.7.2"
+  metrics_server_tag        = "v0.7.2"
+
+  ################
+  # Open Telemetry
+  ################
+  auto_instrumentation_java_version = "2.9.0"
+  collector_contrib_version         = "0.113.0-amd64"
+  collector_version                 = "0.111.0-amd64"
+  otel_helm_version                 = "0.71.2"
+  otel_version                      = "0.110.0"
+  rbac_proxy_version                = "v0.19.0"
+
+  ################
+  # PostgreSQL
+  ################
+
+  # os_shell_tag             = local.utilities_tag
+  # # postgres_exporter_tag    = local.postgres_exporter_tag
+  # postgresql_repmgr_tag    = "17.4.0-alpine"
+  # pgpool_tag               = "4.5.5"
+  postgresql_chart_version = "16.5.0"
 
   ################
   # Prometheus
@@ -141,5 +240,5 @@ locals {
   # Tempo
   ################
   tempo_chart_version = "1.18.2"
-  tempo_tag           = "2.7.1"
+  tempo_tag           = "2.7.0"
 }

_envcommon/prefixes.hcl

@@ -0,0 +1,37 @@
+locals {
+  prefixes = {
+    "ebs"            = "v-ebs-"
+    "efs"            = "v-efs-"
+    "group"          = "g-"
+    "kms"            = "k-kms-"
+    "policy"         = "p-"
+    "role"           = "r-"
+    "s3"             = "v-s3-"
+    "security-group" = "" # "sg-"
+    # VPC
+    "customer-gateway" = "cgw-"
+    "dhcp-options"     = ""
+    "elastic-ip"       = "eip-"
+    "internet-gateway" = "igw-"
+    "log-group"        = "lg-"
+    "log-stream"       = "lgs-"
+    "nat-gateway"      = "nat-"
+    "network-acl"      = "nacl-"
+    "route-table"      = "route-"
+    "subnet"           = ""
+    "vpc-endpoint"     = "vpce-"
+    "vpc-peer"         = "vpcp-"
+    "vpc"              = ""
+    "vpn-connection"   = "vpn_"
+    "vpn-gateway"      = "vpcg-"
+    # EKS
+    "eks-policy"         = "p-eks-"
+    "eks-queue"          = "eks-q-"
+    "eks-role"           = "r-eks-"
+    "eks-s3"             = "v-s3-eks-"
+    "eks-security-group" = "eks-sg-" # "sg-eks-"
+    "eks-user"           = "s-eks-"
+    "eks"                = "eks-"
+    "eks-event"          = "eks-ev-"
+  }
+}