diff --git a/.github/initialize.yml b/.github/initialize.yml new file mode 100644 index 0000000..6a6253b --- /dev/null +++ b/.github/initialize.yml @@ -0,0 +1,110 @@ +name: Initialize Repository + +on: + # Run on pull requests that involve the repo-init branch + pull_request: + types: [opened, synchronize, reopened] + branches: + - main + - master + + # Keep the manual trigger option as well for flexibility + workflow_dispatch: + inputs: + config_path: + description: 'Path to config.json file' + required: false + default: 'config.json' + type: string + +jobs: + initialize: + name: Initialize Repository from Template + # Only run if the head branch is repo-init + if: github.head_ref == 'repo-init' || github.event_name == 'workflow_dispatch' + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Fetch all history and tags + ref: ${{ github.head_ref || 'repo-init' }} # Explicitly checkout repo-init branch + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Setup locale environment + run: | + echo "Setting up locale environment..." + sudo apt-get update + sudo apt-get install -y locales + sudo locale-gen en_US.UTF-8 + echo "LC_ALL=en_US.UTF-8" >> $GITHUB_ENV + echo "LANG=en_US.UTF-8" >> $GITHUB_ENV + echo "LANGUAGE=en_US.UTF-8" >> $GITHUB_ENV + + - name: Configure pip + uses: CSVD/pip-config@main + + - name: Install Ansible + run: | + python -m pip install --upgrade pip + pip install ansible + + - name: Install dependencies + run: | + if [ -f requirements.txt ]; then + pip install -r requirements.txt + fi + + - name: Determine config path + id: config + run: | + if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then + CONFIG_PATH="${{ github.event.inputs.config_path }}" + else + CONFIG_PATH="config.json" + fi + + # Create absolute path to config file if needed + if [[ "$CONFIG_PATH" != /* ]]; then + CONFIG_PATH="${{ github.workspace }}/${CONFIG_PATH}" + fi + + echo "CONFIG_PATH=${CONFIG_PATH}" >> $GITHUB_ENV + echo "Using config file: ${CONFIG_PATH}" + + - name: Verify config.json exists + run: | + if [ ! -f "${{ env.CONFIG_PATH }}" ]; then + echo "Error: Config file '${{ env.CONFIG_PATH }}' not found!" + exit 1 + fi + cat "${{ env.CONFIG_PATH }}" + + - name: Run Ansible Playbook + env: + LC_ALL: en_US.UTF-8 + LANG: en_US.UTF-8 + LANGUAGE: en_US.UTF-8 + run: | + ansible-playbook ansible/generate_hcl_files.yml -e "config_file=${{ env.CONFIG_PATH }}" + + - name: Commit Changes + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add -A + + # Only commit if there are changes + if git diff --staged --quiet; then + echo "No changes to commit" + else + git commit -m "Initialize repository structure from template" + + # Explicitly push to repo-init branch + git push origin HEAD:repo-init + fi diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..b1a98fd --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,207 @@ +# HCL Generator for EKS Cluster + +This tool provides a flexible way to generate Terragrunt HCL files from templates for EKS cluster deployments. It analyzes your existing HCL files and allows you to customize your deployment through a single JSON configuration file. + +## Features + +- Generates all required HCL files from templates +- Configures environment, region, and cluster names through a single JSON file +- Supports enabling/disabling specific EKS modules +- Provides sensible defaults while allowing customization +- Integrates with GitHub Actions for CI/CD support +- Supports renaming development, region, and cluster directories + +## Prerequisites + +- Ansible 2.9+ +- Python 3.8+ +- (Optional) GitHub Actions for CI/CD + +## Getting Started + +### Local Usage + +1. Clone this repository +2. Create your configuration file (or use the example file as a template) +3. Run the Ansible playbook: + +```bash +ansible-playbook ansible/generate_hcl_files.yml -e "config_file=path/to/your/config.json" +``` + +### GitHub Actions Usage + +The repository includes GitHub Actions workflows to automate the generation of HCL files: + +1. Create your configuration file and commit it to the repository +2. Go to the "Actions" tab in your repository +3. Select the "Generate EKS Cluster HCL Files" workflow +4. Click "Run workflow" and provide the required parameters: + - Config file path + - Output directory + - Environment + - Whether to commit and push changes + +## Configuration Options + +The JSON configuration file provides a flexible way to customize your EKS cluster deployment. Here's a sample configuration: + +```json +{ + "environment": "production", + "region": "us-gov-west-1", + "cluster_dir": "platform-cluster", + "enable_all_modules": true, + + "account": { + "account_name": "prod-ew", + "aws_account_id": "123456789012", + "aws_profile": "123456789012-prod-gov", + "environment_abbr": "prod" + }, + + "vpc": { + "vpc_name": "vpc-prod", + "vpc_domain_name": "prod.csp2.census.gov" + }, + + "cluster": { + "cluster_name": "prod-eks-platform", + "cluster_mailing_list": "platform-team@census.gov", + "eks_instance_disk_size": 200, + "eks_ng_desired_size": 3, + "eks_ng_max_size": 10, + "eks_ng_min_size": 3, + "enable_cluster_creator_admin_permissions": true, + "tags": { + "slim:schedule": "always-on", + "environment": "production", + "owner": "platform-team" + } + }, + + "modules": { + "gogatekeeper": true, + "cert_manager": true, + "prometheus": true, + "grafana": true, + "istio": true + } +} +``` + +### Configuration Fields + +| Field | Description | Default | +|-------|-------------|---------| +| `environment` | Environment name (e.g., development, production) | development | +| `region` | AWS region for deployment | us-gov-east-1 | +| `cluster_dir` | Name of the cluster directory | cluster | +| `enable_all_modules` | Whether to enable all modules | false | +| `account.*` | Account-specific configuration | See below | +| `vpc.*` | VPC-specific configuration | See below | +| `cluster.*` | Cluster-specific configuration | See below | +| `modules.*` | Module-specific enablement flags | false | + +#### Account Configuration + +| Field | Description | Default | +|-------|-------------|---------| +| `account_name` | Name of the AWS account | lab-dev-ew | +| `aws_account_id` | AWS account ID | 224384469011 | +| `aws_profile` | AWS profile to use | 224384469011-lab-dev-gov | +| `environment_abbr` | Environment abbreviation | dev | + +#### VPC Configuration + +| Field | Description | Default | +|-------|-------------|---------| +| `vpc_name` | Name of the VPC | vpc3-lab-dev | +| `vpc_domain_name` | Domain name for the VPC | dev.lab.csp2.census.gov | + +#### Cluster Configuration + +| Field | Description | Default | +|-------|-------------|---------| +| `cluster_name` | Name of the EKS cluster | platform-eng-eks-mcm | +| `cluster_mailing_list` | Email for cluster notifications | matthew.c.morgan@census.gov | +| `eks_instance_disk_size` | Disk size for EKS instances | 100 | +| `eks_ng_desired_size` | Desired size of node group | 2 | +| `eks_ng_max_size` | Maximum size of node group | 10 | +| `eks_ng_min_size` | Minimum size of node group | 2 | +| `enable_cluster_creator_admin_permissions` | Whether to enable admin permissions | true | +| `tags` | Tags to apply to resources | See example | + +## Generated Directory Structure + +The tool generates the following directory structure: + +``` +/ +├── environment.hcl +└── / + ├── region.hcl + └── vpc/ + ├── vpc.hcl + └── / + ├── cluster.hcl + ├── eks/ + │ └── terragrunt.hcl + ├── eks-cert-manager/ + │ └── terragrunt.hcl + └── ... (other modules) +``` + +## Using the Generated Files + +After generating the HCL files: + +1. Navigate to the generated directory structure +2. Run Terragrunt commands to plan and apply: + +```bash +cd //vpc//eks +terragrunt init +terragrunt plan +terragrunt apply +``` + +## Advanced Usage + +### GitHub Actions CI/CD Pipeline + +The repository includes a reusable workflow for generating HCL files via GitHub Actions. You can customize this workflow by editing the `.github/workflows/generate-eks-cluster.yml` file. + +Example using the workflow from another repository: + +```yaml +jobs: + generate-hcl: + uses: org/template-eks-cluster/.github/workflows/generate-hcl-files.yml@main + with: + config_file: 'config/production.json' + output_directory: 'infrastructure/eks' + push_changes: true + secrets: + ssh_key: ${{ secrets.DEPLOY_KEY }} +``` + +### Customizing Templates + +You can customize the Jinja2 templates in the `ansible/templates` directory to meet your specific needs. + +## Troubleshooting + +### Common Issues + +1. **Missing Required Variables**: Ensure your JSON configuration file includes all required variables. +2. **File Permissions**: Make sure Ansible has permission to read the configuration file and write to the output directory. +3. **GitHub Actions Secrets**: For CI/CD, ensure the `REPO_SSH_KEY` secret is properly configured if you're using the `push_changes` option. + +## Contributing + +Contributions are welcome! Please feel free to submit a Pull Request. + +## License + +See the LICENSE file for details. \ No newline at end of file diff --git a/ansible/generate_hcl_files.yml b/ansible/generate_hcl_files.yml new file mode 100644 index 0000000..5164487 --- /dev/null +++ b/ansible/generate_hcl_files.yml @@ -0,0 +1,199 @@ +--- +# generate_hcl_files.yml - Ansible playbook to analyze and generate HCL files from templates +# Usage: ansible-playbook generate_hcl_files.yml -e "config_file=/path/to/config.json" +# +# Override options: +# - env_override: Override the environment name from the config file +# - region_override: Override the region name from the config file +# - cluster_dir_override: Override the cluster directory name from the config file + +- name: Analyze and generate Terragrunt HCL files from templates + hosts: localhost + connection: local + gather_facts: yes + + vars: + # Default to config.json in repository root + config_file: "{{ config_file | default(base_dir + '/config.json') }}" + base_dir: "{{ playbook_dir }}/.." + template_dir: "{{ playbook_dir }}/templates" + output_dir: "{{ base_dir }}" + + # Extract current structure + current: + environment_dir: "environment" + region_dir: "region" + cluster_dir: "cluster" + + tasks: + - name: Check if config file exists + ansible.builtin.stat: + path: "{{ config_file }}" + register: config_stat + + - name: Fail if config file doesn't exist + ansible.builtin.fail: + msg: "Config file {{ config_file }} does not exist. Please create it or specify a different file with -e 'config_file=/path/to/file.json'" + when: not config_stat.stat.exists + + - name: Load configuration from JSON file + ansible.builtin.set_fact: + config: "{{ lookup('file', config_file) | from_json }}" + + - name: debug config + ansible.builtin.debug: + var: config + + - name: Set directory names from configuration with overrides + ansible.builtin.set_fact: + env_name: "{{ env_override | default(config.environment) | default(current.environment_dir) }}" + region_name: "{{ region_override | default(config.region) | default(current.region_dir) }}" + cluster_dir: "{{ cluster_dir_override | default(config.cluster_dir) | default(current.cluster_dir) }}" + + # Consolidate all template variables in one place + - name: Set all template variables + ansible.builtin.set_fact: + # Root template variables + config_values: "{{ config }}" + + # Account template variables + account_name: "{{ config.account.account_name | default('') }}" + aws_account_id: "{{ config.account.aws_account_id | default('') }}" + aws_profile: "{{ config.account.aws_profile | default('') }}" + environment: "{{ env_name }}" + environment_abbr: "{{ config.account.environment_abbr | default('') }}" + + # Region template variables + aws_region: "{{ region_name }}" + + # VPC template variables + vpc_name: "{{ config.vpc.vpc_name | default('') }}" + vpc_domain_name: "{{ config.vpc.vpc_domain_name | default('') }}" + + # Cluster template variables + cluster_endpoint_public_access: "{{ config.cluster.cluster_endpoint_public_access | default(false) }}" + cluster_name: "{{ config.cluster.cluster_name | default('') }}" + cluster_mailing_list: "{{ config.cluster.cluster_mailing_list | default('') }}" + eks_instance_disk_size: "{{ config.cluster.eks_instance_disk_size | default(0) }}" + eks_ng_desired_size: "{{ config.cluster.eks_ng_desired_size | default(0) }}" + eks_ng_max_size: "{{ config.cluster.eks_ng_max_size | default(0) }}" + eks_ng_min_size: "{{ config.cluster.eks_ng_min_size | default(0) }}" + enable_cluster_creator_admin_permissions: "{{ config.cluster.enable_cluster_creator_admin_permissions | default(false) }}" + tags: "{{ config.cluster.tags | default({}) }}" + + # README template variables + generated_date: "{{ ansible_date_time.iso8601 }}" + + - name: Print directory configuration + ansible.builtin.debug: + msg: | + Using the following directory structure: + Environment directory: {{ env_name }} + Region directory: {{ region_name }} + Cluster directory: {{ cluster_dir }} + + - name: Find all non-terragrunt HCL files in the template + ansible.builtin.find: + paths: "{{ base_dir }}" + patterns: "*.hcl" + recurse: yes + excludes: "*terragrunt.hcl*" + register: all_hcl_files + + - name: Analyze HCL file structure and content + ansible.builtin.debug: + msg: "Analyzing {{ item.path }}" + loop: "{{ all_hcl_files.files }}" + + - name: Create target directory structure + ansible.builtin.file: + path: "{{ output_dir }}/{{ env_name }}/{{ item }}" + state: directory + mode: '0755' + loop: + - "" + - "{{ region_name }}" + - "{{ region_name }}/vpc" + - "{{ region_name }}/vpc/{{ cluster_dir }}" + + - name: Generate root.hcl from template + ansible.builtin.template: + src: "{{ template_dir }}/root.hcl.j2" + dest: "{{ output_dir }}/root.hcl" + mode: '0644' + + - name: Generate account.hcl from template + ansible.builtin.template: + src: "{{ template_dir }}/account.hcl.j2" + dest: "{{ output_dir }}/{{ env_name }}/account.hcl" + mode: '0644' + + - name: Generate region.hcl from template + ansible.builtin.template: + src: "{{ template_dir }}/region.hcl.j2" + dest: "{{ output_dir }}/{{ env_name }}/{{ region_name }}/region.hcl" + mode: '0644' + + - name: Generate vpc.hcl from template + ansible.builtin.template: + src: "{{ template_dir }}/vpc.hcl.j2" + dest: "{{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/vpc.hcl" + mode: '0644' + + - name: Generate cluster.hcl from template + ansible.builtin.template: + src: "{{ template_dir }}/cluster.hcl.j2" + dest: "{{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/{{ cluster_dir }}/cluster.hcl" + mode: '0644' + + # Extract info from current structure + - name: Find all modules in current cluster directory + ansible.builtin.find: + paths: "{{ base_dir }}/{{ current.environment_dir }}/{{ current.region_dir }}/vpc/{{ current.cluster_dir }}" + file_type: directory + register: cluster_modules + + - name: Create directories for each module in the target structure + ansible.builtin.file: + path: "{{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/{{ cluster_dir }}/{{ item.path | basename }}" + state: directory + mode: '0755' + loop: "{{ cluster_modules.files }}" + + # Copy any additional files in module directories (like README.md) + - name: Find all additional files in module directories + ansible.builtin.find: + paths: "{{ base_dir }}/{{ current.environment_dir }}/{{ current.region_dir }}/vpc/{{ current.cluster_dir }}" + excludes: + - "*/terragrunt.hcl" + - "*/terragrunt.hcl.off" + recurse: yes + register: additional_files + + - name: Copy additional files to target structure + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/{{ cluster_dir }}/{{ item.path | regex_replace('.*' + current.cluster_dir + '/(.*)', '\\1') }}" + mode: '0644' + loop: "{{ additional_files.files }}" + + - name: Generate README.md with documentation + ansible.builtin.template: + src: "{{ template_dir }}/README.md.j2" + dest: "{{ output_dir }}/README.md" + mode: '0644' + + - name: Summary of generated files + ansible.builtin.debug: + msg: | + Successfully generated HCL files for: + Environment: {{ env_name }} + Region: {{ region_name }} + Cluster: {{ cluster_dir }} + Generated Files: + - {{ output_dir }}/root.hcl + - {{ output_dir }}/{{ env_name }}/account.hcl + - {{ output_dir }}/{{ env_name }}/{{ region_name }}/region.hcl + - {{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/vpc.hcl + - {{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/{{ cluster_dir }}/cluster.hcl + Module files are preserved in: {{ output_dir }}/{{ env_name }}/{{ region_name }}/vpc/{{ cluster_dir }}/ diff --git a/ansible/requirements.txt b/ansible/requirements.txt new file mode 100644 index 0000000..3d48f7c --- /dev/null +++ b/ansible/requirements.txt @@ -0,0 +1,5 @@ +ansible==7.6.0 +jinja2==3.1.2 +jmespath==1.0.1 +PyYAML==6.0.1 +requests==2.31.0 \ No newline at end of file diff --git a/ansible/templates/README.md.j2 b/ansible/templates/README.md.j2 new file mode 100644 index 0000000..906cdb1 --- /dev/null +++ b/ansible/templates/README.md.j2 @@ -0,0 +1,73 @@ +# EKS Cluster Configuration - {{ environment | capitalize }} + +This EKS cluster configuration was generated on {{ generated_date }} using the template-eks-cluster Ansible automation. + +## Environment Details + +- **Environment**: {{ environment }} +- **Region**: {{ aws_region }} +- **Cluster Name**: {{ cluster_name }} + +## Directory Structure + +``` +{{ environment }}/ +├── environment.hcl +└── {{ aws_region }}/ + ├── region.hcl + └── vpc/ + ├── vpc.hcl + └── cluster/ + ├── cluster.hcl + ├── eks/ + │ └── terragrunt.hcl + ├── eks-cert-manager/ + │ └── terragrunt.hcl + ├── eks-grafana/ + │ └── terragrunt.hcl + └── ... (other modules) +``` + +## Getting Started + +To apply this configuration: + +1. Change to the directory of the module you want to deploy: + ``` + cd {{ environment }}/{{ aws_region }}/vpc/cluster/eks + ``` + +2. Initialize and apply the Terragrunt configuration: + ``` + terragrunt init + terragrunt plan + terragrunt apply + ``` + +3. Deploy additional modules as needed: + ``` + cd ../eks-cert-manager + terragrunt init + terragrunt plan + terragrunt apply + ``` + +## Customization + +To customize this configuration further, modify the HCL files in the directory structure or regenerate the configuration using the Ansible playbook with a new configuration file: + +``` +ansible-playbook ansible/generate_hcl_files.yml -e "config_file=your-custom-config.json" +``` + +## Modules Included + +This configuration includes the following modules: + +- EKS Cluster (eks) +- Cert Manager (eks-cert-manager) +- Monitoring (eks-prometheus, eks-grafana) +- Service Mesh (eks-istio) +- And more... + +Each module can be deployed independently using Terragrunt. diff --git a/ansible/templates/account.hcl.j2 b/ansible/templates/account.hcl.j2 new file mode 100644 index 0000000..a5178d2 --- /dev/null +++ b/ansible/templates/account.hcl.j2 @@ -0,0 +1,11 @@ +# {{ environment }}/environment.hcl + +# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + account_name = "{{ account_name }}" + aws_account_id = "{{ aws_account_id }}" + aws_profile = "{{ aws_profile }}" + environment = "{{ environment }}" + environment_abbr = "{{ environment_abbr }}" +} \ No newline at end of file diff --git a/ansible/templates/cluster.hcl.j2 b/ansible/templates/cluster.hcl.j2 new file mode 100644 index 0000000..9e692f2 --- /dev/null +++ b/ansible/templates/cluster.hcl.j2 @@ -0,0 +1,29 @@ +locals { + # Cluster specific configuration + cluster_endpoint_public_access = {{ cluster_endpoint_public_access | lower }} + cluster_name = "{{ cluster_name }}" + cluster_mailing_list = "{{ cluster_mailing_list }}" + eks_instance_disk_size = {{ eks_instance_disk_size }} + eks_ng_desired_size = {{ eks_ng_desired_size }} + eks_ng_max_size = {{ eks_ng_max_size }} + eks_ng_min_size = {{ eks_ng_min_size }} + enable_cluster_creator_admin_permissions = {{ enable_cluster_creator_admin_permissions | lower }} + tags = { +{% for key, value in tags.items() %} + "{{ key }}" = "{{ value }}" +{% endfor %} + } + + # Common configuration + common_retry_args = { + commands = get_terraform_commands_that_need_locking() + arguments = ["-lock-timeout=20m"] + } + + common_dependencies = ["../eks", "../eks-config"] + + common_mock_eks = { + cluster_name = "mock-cluster" + oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" + } +} \ No newline at end of file diff --git a/ansible/templates/region.hcl.j2 b/ansible/templates/region.hcl.j2 new file mode 100644 index 0000000..400c7f3 --- /dev/null +++ b/ansible/templates/region.hcl.j2 @@ -0,0 +1,7 @@ +# {{ environment }}/{{ aws_region }}/region.hcl + +# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to +# configure the remote state bucket and pass forward to the child modules as inputs. +locals { + aws_region = "{{ aws_region }}" +} \ No newline at end of file diff --git a/ansible/templates/root.hcl.j2 b/ansible/templates/root.hcl.j2 new file mode 100644 index 0000000..45bb83e --- /dev/null +++ b/ansible/templates/root.hcl.j2 @@ -0,0 +1,157 @@ +# root.hcl + +# --------------------------------------------------------------------------------------------------------------------- +# TERRAGRUNT CONFIGURATION +# Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules, +# remote state, and locking: https://github.com/gruntwork-io/terragrunt +# --------------------------------------------------------------------------------------------------------------------- +locals { + # Automatically load account-level variables + account_vars = read_terragrunt_config(find_in_parent_folders("environment.hcl")) + + # Automatically load cluster-level variables + cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl")) + + # Automatically load _envcommon, cross account and environment common variables + common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) + + # Automatically load region-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + + # Automatically load versions + versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl")) + + # Automatically load vpc-level variables + vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) + + # Extract the variables we need for easy access + account_id = local.account_vars.locals.aws_account_id + aws_profile = local.account_vars.locals.aws_profile + aws_region = local.region_vars.locals.aws_region + cluster_name = local.cluster_vars.locals.cluster_name + environment_abbr = local.account_vars.locals.environment_abbr + organization = local.common_vars.locals.organization + project_name = local.common_vars.locals.project_name + project_number = local.common_vars.locals.project_number + project_role = local.common_vars.locals.project_role + state_bucket_prefix = local.common_vars.locals.state_bucket_prefix + state_table_name = local.common_vars.locals.state_table_name + # Check if current module is the EKS module + module_name = basename(get_original_terragrunt_dir()) + is_eks_module = local.module_name == "eks" +} + +# Only generate providers for non-EKS modules +generate "cluster_data" { + path = "cluster-data.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + data "aws_eks_clusters" "available" {} + + locals { + cluster_exists = contains(data.aws_eks_clusters.available.names, "${local.cluster_name}") + } + + data "aws_eks_cluster" "this" { + count = local.cluster_exists ? 1 : 0 + name = "${local.cluster_name}" + } + + data "aws_eks_cluster_auth" "this" { + count = local.cluster_exists ? 1 : 0 + name = "${local.cluster_name}" + } + EOF +} + +# Generate provider blocks only for non-EKS modules +generate "kube_provider" { + path = "kube-provider.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + provider "kubernetes" { + host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" + cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null + token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" + } + EOF +} + +generate "helm_provider" { + path = "helm-provider.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + provider "helm" { + kubernetes { + host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" + cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null + token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" + } + } + EOF +} + +# Configure Terragrunt to automatically store tfstate files in an S3 bucket +remote_state { + backend = "s3" + generate = { + path = "remote_state.backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "${local.state_bucket_prefix}-${local.account_id}" + dynamodb_table = "${local.state_table_name}" + key = "${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate" + profile = "${local.aws_profile}" + region = "${local.aws_region}" + disable_bucket_update = true + skip_bucket_enforced_tls = true + skip_bucket_public_access_blocking = true + skip_bucket_root_access = true + skip_bucket_ssencryption = true + skip_bucket_versioning = false + enable_lock_table_ssencryption = false + } +} + +# Generate an AWS provider block +generate "aws-provider" { + path = "aws-provider.tf" + if_exists = "overwrite" + contents = <<-EOF + provider "aws" { + region = "${local.aws_region}" + profile = "${local.aws_profile}" + default_tags { + tags = { + cluster_name = "${local.cluster_name}" + "boc:module_name" = "${local.module_name}" + environment = "${local.environment_abbr}" + finops_project_name = "${local.project_name}" + finops_project_number = "${local.project_number}" + finops_project_role = "${local.project_role}" + organization = "${local.organization}" + } + } + # Only these AWS Account IDs may be operated on by this template + allowed_account_ids = ["${local.account_id}"] + } +EOF +} + +# --------------------------------------------------------------------------------------------------------------------- +# GLOBAL PARAMETERS +# These variables apply to all configurations in this subfolder. These are automatically merged into the child +# `terragrunt.hcl` config via the include block. +# --------------------------------------------------------------------------------------------------------------------- + +# Configure root level variables that all resources can inherit. This is especially helpful with multi-account configs +# where terraform_remote_state data sources are placed directly into the modules. +inputs = merge( + local.account_vars.locals, + local.cluster_vars.locals, + local.common_vars.locals, + local.region_vars.locals, + local.versions.locals, + local.vpc_vars.locals +) \ No newline at end of file diff --git a/ansible/templates/vpc.hcl.j2 b/ansible/templates/vpc.hcl.j2 new file mode 100644 index 0000000..e2006d9 --- /dev/null +++ b/ansible/templates/vpc.hcl.j2 @@ -0,0 +1,8 @@ +# {{ environment }}/{{ aws_region }}/vpc/vpc.hcl + +# Set VPC specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + vpc_name = "{{ vpc_name }}" + vpc_domain_name = "{{ vpc_domain_name }}" +} \ No newline at end of file diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl deleted file mode 100644 index 656de00..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/cluster.hcl +++ /dev/null @@ -1,28 +0,0 @@ -locals { - # Cluster specific configuration - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-srn" - cluster_mailing_list = "srinivasa.nangunuri@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 2 - enable_cluster_creator_admin_permissions = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } - - # Common configuration - common_retry_args = { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } - - common_dependencies = ["../eks", "../eks-config"] - - common_mock_eks = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index d1e69d0..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,57 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-karpenter" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_version = include.root.inputs.cluster_version - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = include.root.inputs.cluster_mailing_list - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Cert Manager Configuration - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cluster_issuer_name = include.root.inputs.cluster_issuer_name - namespace = include.root.inputs.namespaces["cert-manager"] - - # Version Tags - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl deleted file mode 100644 index c1328ee..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-config/terragrunt.hcl +++ /dev/null @@ -1,54 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-karpenter" - ] -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_certificate_authority_data = [{ data = "mock-cert-data" }] - eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"] - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - security_group_all_worker_mgmt_id = "sg-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - vpc_id = "vpc-mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - subnets = dependency.eks.outputs.subnets - vpc_id = dependency.eks.outputs.vpc_id - operators_ns = include.root.inputs.operator_namespace - telemetry_ns = include.root.inputs.telemetry_namespace -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl deleted file mode 100644 index 2bf9b72..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,60 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - subnets = ["subnet-mock1", "subnet-mock2", "subnet-mock3"] - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - istio_ingress_lb = { - dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com" - zone_id = "MOCKZONEID" - } - } -} - -dependencies { - paths = [ - "../eks-config", - "../eks-istio", - "../eks-karpenter" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = include.root.inputs.cluster_name - - # Network Configuration - istio_ingress_lb = dependency.eks-istio.outputs.istio_ingress_lb - route53_endpoints = include.root.inputs.route53_endpoints - vpc_domain_name = include.root.inputs.vpc_domain_name - vpc_name = include.root.inputs.vpc_name - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl deleted file mode 100644 index 2bc7484..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,63 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_loki" { - config_path = "../eks-loki" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mocked" - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-karpenter", - "../eks-loki" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = include.root.inputs.vpc_domain_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Storage Configuration - rwo_storage_class = dependency.eks_loki.outputs.rwo_storage_class - - # Grafana Configuration - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag - namespace = include.root.inputs.namespaces["grafana"] - service_name = "grafana" -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl deleted file mode 100644 index 1c31216..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Istio Configuration - namespace = include.root.inputs.namespaces["istio"] - istio_version = include.root.inputs.istio_version -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index c32546c..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,55 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=mcmCluster" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - - # Dashboard Configuration - service_name = include.root.inputs.dashboard_hostname - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - namespace = include.root.inputs.namespaces["k8s-dashboard"] -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 7c2ff2d..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,50 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = ["../eks"] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - node_group_name = "mock-node-group" - vpc_id = "vpc-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Karpenter Configuration - karpenter_tag = include.root.inputs.karpenter_tag - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_node_group_name = dependency.eks.outputs.node_group_name - namespace = include.root.inputs.namespaces["karpenter"] -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl deleted file mode 100644 index 248432d..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-keycloak/terragrunt.hcl +++ /dev/null @@ -1,87 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-keycloak.git?ref=standards" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_postgresql" { - config_path = "../eks-postgresql" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - internal_endpoint = { - url = "mock-internal-endpoint-url" - } - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-karpenter", - "../eks-postgresql", - "../eks-prometheus", - ] -} - -inputs = { - admin_email = include.root.inputs.cluster_mailing_list - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - namespace = include.root.inputs.namespaces["keycloak"] - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # keycloak config - default_storage_class = dependency.eks_config.outputs.rwo_storage_class - keycloak_chart_version = include.root.inputs.keycloak_chart_version - keycloak_hostname = include.root.inputs.keycloak_hostname - keycloak_tag = include.root.inputs.keycloak_tag - service_name = "keycloak" - telemetry_namespace = include.root.inputs.telemetry_namespace - - # Database configuration - db_host = dependency.eks_postgresql.outputs.internal_endpoint.url - db_name = include.root.inputs.postgresql_database - db_password = include.root.inputs.postgresql_password - db_user = include.root.inputs.postgresql_username - - # Project information - project_name = include.root.inputs.project_name - tags = include.root.inputs.tags -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl deleted file mode 100644 index c36c773..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl +++ /dev/null @@ -1,113 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-grafana", - "../eks-istio", - "../eks-prometheus" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - operators_namespace = "mock-namespace" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_grafana" { - config_path = "../eks-grafana" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - internal_endpoint = { - hostname = "grafana.mock.svc.cluster.local" - port_number = "80" - url = "https://grafana.mock.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.mock.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.mock.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -dependency "eks_istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - namespace = "mock-namespace-istio" - } -} - -dependency "eks_prometheus" { - config_path = "../eks-prometheus" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus.mock.svc.cluster.local" - port_number = "80" - url = "https://prometheus.mock.svc.cluster.local:80/" - } - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - - # Kiali Configuration - service_name = "kiali" - namespace = include.root.inputs.namespaces["kiali"] - grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks_grafana.outputs.namespace - grafana_secret_name = dependency.eks_grafana.outputs.secret_name - grafana_public_url = dependency.eks_grafana.outputs.public_endpoint - - kiali_operator_version = include.root.inputs.kiali_operator_version - - prometheus_internal_url = dependency.eks_prometheus.outputs.prometheus_server_internal_endpoint.url - # jager_internal_url = dependency.eks_prometheus.outputs.jager_internal_url -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled deleted file mode 100644 index a06c6e6..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-kiali/terragrunt.hcl.disabled +++ /dev/null @@ -1,108 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-grafana", - "../eks-istio", - "../eks-prometheus" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - operators_namespace = "mock-namespace" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_grafana" { - config_path = "../eks-grafana" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - internal_endpoint = { - hostname = "grafana.mock.svc.cluster.local" - port_number = "80" - url = "https://grafana.mock.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.mock.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.mock.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -dependency "eks_istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - namespace = "mock-namespace-istio" - } -} - -dependency "eks_prometheus" { - config_path = "../eks-prometheus" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - prometheus_internal_url = "mock-internal-url" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - - # Kiali Configuration - grafana_internal_url = dependency.eks_grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks_grafana.outputs.namespace - grafana_secret_name = dependency.eks_grafana.outputs.secret_name - grafana_public_url = dependency.eks_grafana.outputs.public_endpoint.url - - kiali_operator_version = include.root.inputs.kiali_operator_version - operators_namespace = dependency.eks-config.outputs.operators_namespace - - prometheus_internal_url = dependency.eks_prometheus.outputs.internal_endpoint - jager_internal_url = dependency.eks_prometheus.outputs.jager_internal_url -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl deleted file mode 100644 index 55d3830..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,56 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-metrics-server", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mock" - } -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Loki Configuration - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - namespace = include.root.inputs.namespaces["loki"] - rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 5e520aa..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,43 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - } -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - - # Metrics Server Configuration - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag - namespace = include.root.inputs.namespaces["metrics-server"] -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl deleted file mode 100644 index 4429d04..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-postgresql/terragrunt.hcl +++ /dev/null @@ -1,76 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-postgresql.git?ref=main" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns", - "../eks-prometheus", - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-mock" - } -} - -dependency "eks_dns" { - config_path = "../eks-dns" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_domain = "mock.example.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = dependency.eks_dns.outputs.cluster_domain - cluster_name = dependency.eks.outputs.cluster_name - rwo_storage_class = dependency.eks_config.outputs.rwo_storage_class - - # PostgreSQL Configuration - namespace = include.root.inputs.namespaces["postgresql"] - os_shell_tag = include.root.inputs.os_shell_tag - pgpool_tag = include.root.inputs.pgpool_tag - postgres_exporter_tag = include.root.inputs.postgres_exporter_tag - postgresql_repmgr_tag = include.root.inputs.postgresql_repmgr_tag - postgresql_tag = include.root.inputs.postgresql_tag - service_name = "postgresql" - telemetry_namespace = include.root.inputs.telemetry_namespace - - # Database Consumer Configuration - postgresql_database = include.root.inputs.postgresql_database - postgresql_username = include.root.inputs.postgresql_username - postgresql_password = include.root.inputs.postgresql_password - -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 76650e5..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=mcmCluster" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-metrics-server", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - rwo_storage_class = "gp3-encyrpted" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Prometheus Configuration - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - namespace = include.root.inputs.namespaces["prometheus"] - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag - rwo_storage_class = dependency.eks-config.outputs.rwo_storage_class -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl deleted file mode 100644 index e1b17d6..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,66 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=keycloak" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - prometheus_svc = "prometheus-server" - prometheus_namespace = "prometheus" - prometheus_port = 80 - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} - -dependencies { - paths = [ - "../eks", - "../eks-dns", - "../eks-prometheus" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Prometheus Configuration - prometheus_svc = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.hostname - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - - # Tempo Configuration - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - namespace = include.root.inputs.namespaces["tempo"] -} diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl deleted file mode 100644 index 9eca1de..0000000 --- a/development/us-gov-east-1/vpc/platform-eng-eks-srn/eks/terragrunt.hcl +++ /dev/null @@ -1,28 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20s"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl deleted file mode 100644 index 8d2831c..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index 35e355a..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = dependency.eks.inputs.creator - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag - cluster_issuer_name = include.root.inputs.cluster_issuer_name -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl deleted file mode 100644 index d4a60db..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-config/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl - -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_certificate_authority_data = [{ data = "THISISAVERYLONGCERTSTRINGTHATGOESHEREFORSURENODYEP" }] - cluster_endpoint = "https://12345ABCDEE42BF9C24D4C362D1DC.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - eks_managed_node_groups_autoscaling_group_names = ["eks-eks-a-cluster-name-node_group-0000000000000000000000000-5ac8a5e3-14dd-c043-2cc9-f4b6ffb36d32"] - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - security_group_all_worker_mgmt_id = "sg-00b0000000000000" - subnets = ["subnet-00000000000000001", "subnet-00000000000000002", "subnet-00000000000000003"] - token = [{ token = "THISISTHETOKENTHATDOESNTEXISTTHEREAREMANYLIKEITBUTHISONEISFORACLUSTER" }] - vpc_id = "a-vpc-id" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - vpc_id = dependency.eks.outputs.vpc_id - cluster_name = dependency.eks.outputs.cluster_name - subnets = dependency.eks.outputs.subnets - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - kubectl_image_tag = include.root.inputs.kubectl_image_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl deleted file mode 100644 index 6e28781..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,42 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - subnets = ["subnet-abcdefgh", "subnet-12345678", "subnet-ab12cd34"] - } -} - -dependency "istio" { - config_path = "../eks-istio" - mock_outputs = { - istio_ingress_lb = { - dns_name = "a1111111111111111111111111111111-2bbbbbbbbbbbbbbb.elb.us-gov-east-1.amazonaws.com" - zone_id = "ZABC123456DEF" - } - } -} - -inputs = { - cluster_name = dependency.eks.inputs.cluster_name - istio_ingress_lb = dependency.istio.outputs.istio_ingress_lb - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - subnets = dependency.eks.outputs.subnets - tags = dependency.eks.inputs.tags - vpc_domain_name = dependency.eks.inputs.vpc_domain_name - vpc_name = dependency.eks.inputs.vpc_name - route53_endpoints = include.root.inputs.route53_endpoints -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl deleted file mode 100644 index 65ab33f..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.grafana_hostname - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl deleted file mode 100644 index c7c22c8..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,32 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-karpenter" { - config_path = "../eks-karpenter" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - istio_chart_version = include.root.inputs.istio_version - istio_version = include.root.inputs.istio_version -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index cd1961b..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,36 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - vpc_domain_name = "example.com" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - cluster_domain = dependency.eks.inputs.vpc_domain_name - public_hostname = include.root.inputs.dashboard_hostname - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - # datasources = dependency.eks-loki.outputs.gateway_internal_endpoint -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl deleted file mode 100644 index 6b1a862..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,43 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_endpoint = "https://0000000000000000AAAAAAAAAAAAAAAA.sk1.us-gov-east-1.eks.amazonaws.com" - cluster_name = "a-cluster-name" - node_group_name = "node_group_a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - vpc_id = "a-vpc-name" - } -} - -dependency "eks-config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - karpenter_node_group_name = dependency.eks.outputs.node_group_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - vpc_id = dependency.eks.outputs.vpc_id - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_tag = include.root.inputs.karpenter_tag - kubectl_tag = include.root.inputs.kubectl_image_tag - -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable b/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable deleted file mode 100644 index 1e04fe0..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-kiali/terragrunt.hcl.disable +++ /dev/null @@ -1,81 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=${include.root.inputs.release_version}" - # source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = { - hostname = "grafana.dev.lab.csp2.census.gov" - port_number = "80" - url = "https://grafana.dev.lab.csp2.census.gov:80/" - } - secret_name = "grafana" - } -} - -inputs = { - kiali_operator_version = include.root.inputs.kiali_operator_version - kiali_application_version = include.root.inputs.kiali_application_version - - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - operators_namespace = "operators" - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint.url - grafana_secret_name = "grafana" - # grafana_secret_name = dependency.eks-grafana.outputs.secret_name - jaeger_internal_url = "" - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl deleted file mode 100644 index 2c6b6be..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - canary_tag = include.root.inputs.canary_tag - enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag - gateway_tag = include.root.inputs.gateway_tag - memcached_tag = include.root.inputs.memcached_tag - exporter_tag = include.root.inputs.exporter_tag - sidecar_tag = include.root.inputs.sidecar_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 387653b..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,33 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks_config" { - config_path = "../eks-config" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl deleted file mode 100644 index e6c54b1..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,38 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl deleted file mode 100644 index e9ebd48..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,46 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - -} diff --git a/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl deleted file mode 100644 index cc7c893..0000000 --- a/development/us-gov-east-1/vpc/platform-test-cicd/eks/terragrunt.hcl +++ /dev/null @@ -1,56 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -locals { - # Set cluster/platform specific variables, or extract from the hierarchy. - account_id = include.root.inputs.aws_account_id - cluster_endpoint_public_access = include.root.inputs.cluster_endpoint_public_access - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - creator = include.root.inputs.creator - eks_instance_disk_size = include.root.inputs.eks_instance_disk_size - eks_ng_desired_size = include.root.inputs.eks_ng_desired_size - eks_ng_max_size = include.root.inputs.eks_ng_max_size - eks_ng_min_size = include.root.inputs.eks_ng_min_size - eks_vpc_name = include.root.inputs.vpc_name - enable_cluster_creator_admin_permissions = include.root.inputs.enable_cluster_creator_admin_permissions - environment_abbr = include.root.inputs.environment_abbr - organization = include.root.inputs.organization - profile = include.root.inputs.aws_profile - project_name = include.root.inputs.project_name - project_number = include.root.inputs.project_number - project_role = include.root.inputs.project_role - region = include.root.inputs.aws_region - tags = include.root.inputs.tags - terraform = include.root.inputs.terraform - terragrunt = include.root.inputs.terragrunt - vpc_domain_name = include.root.inputs.vpc_domain_name -} - -terraform { - source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - aws_account_id = local.account_id - cluster_endpoint_public_access = local.cluster_endpoint_public_access - cluster_name = local.cluster_name - cluster_version = local.cluster_version - creator = local.creator - eks_instance_disk_size = local.eks_instance_disk_size - eks_ng_desired_size = local.eks_ng_desired_size - eks_ng_max_size = local.eks_ng_max_size - eks_ng_min_size = local.eks_ng_min_size - eks_vpc_name = local.eks_vpc_name - enable_cluster_creator_admin_permissions = local.enable_cluster_creator_admin_permissions - os_username = local.creator - shared_vpc_label = local.environment_abbr - tags = local.tags -} diff --git a/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl b/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl deleted file mode 100644 index 8d2831c..0000000 --- a/development/us-gov-east-1/vpc/platform-test-x/cluster.hcl +++ /dev/null @@ -1,20 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-eng-eks-mcm" - creator = "matthew.c.morgan@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 2 - eks_ng_max_size = 10 - eks_ng_min_size = 0 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl b/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl deleted file mode 100644 index 740c1ad..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/cluster.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# lab/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl - -# Set cluster specific variables. These are automatically pulled in to configure the remote state bucket in the root -# terragrunt.hcl configuration. -locals { - cluster_endpoint_public_access = true - cluster_name = "platform-test-z" - created_reason = "Terragrunt Development for CICD Delivered EKS Platform" - creator = "luther.coleman.mcginty@census.gov" - eks_instance_disk_size = 100 - eks_ng_desired_size = 3 - eks_ng_max_size = 10 - eks_ng_min_size = 1 - enable_cluster_creator_admin_permissions = true - terraform = true - terragrunt = true - tags = { - "slim:schedule" = "8:00-17:00" - "cluster:size" = "min:${local.eks_ng_min_size}-max:${local.eks_ng_max_size}-desired:${local.eks_ng_desired_size}" - } -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable b/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable deleted file mode 100644 index 97aa66f..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-alloy-disable/terragrunt.hcl.disable +++ /dev/null @@ -1,27 +0,0 @@ -include "root" { - path = find_in_parent_folders() - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-alloy.git?ref=main" - source = "../../../../../../../tfmod-alloy" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - cluster_domain = dependency.eks.inputs.vpc_domain_name -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl deleted file mode 100644 index 2522e07..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-cert-manager/terragrunt.hcl +++ /dev/null @@ -1,57 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-cert-mgr.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-cert-mgr" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-karpenter" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_version = include.root.inputs.cluster_version - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - cluster_mailing_list = include.root.inputs.cluster_mailing_list - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Cert Manager Configuration - cert_manager_helm_chart = include.root.inputs.cert_manager_helm_chart - cluster_issuer_name = include.root.inputs.cluster_issuer_name - - # Version Tags - cert_manager_cainjector_tag = include.root.inputs.cert_manager_cainjector_tag - cert_manager_controller_tag = include.root.inputs.cert_manager_controller_tag - cert_manager_startupapicheck_tag = include.root.inputs.cert_manager_startupapicheck_tag - cert_manager_webhook_tag = include.root.inputs.cert_manager_webhook_tag - namespace = include.root.inputs.namespaces["cert-manager"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl deleted file mode 100644 index eefbf27..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-config/terragrunt.hcl +++ /dev/null @@ -1,54 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - # "../eks-karpenter" - ] -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-configuration.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-eks-configuration" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - cluster_certificate_authority_data = [{ data = "mock-cert-data" }] - eks_managed_node_groups_autoscaling_group_names = ["mock-asg-name"] - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - security_group_all_worker_mgmt_id = "sg-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - vpc_id = "vpc-mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - eks_managed_node_groups_autoscaling_group_names = dependency.eks.outputs.eks_managed_node_groups_autoscaling_group_names - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - security_group_all_worker_mgmt_id = dependency.eks.outputs.security_group_all_worker_mgmt_id - subnets = dependency.eks.outputs.subnets - vpc_id = dependency.eks.outputs.vpc_id - operators_ns = include.root.inputs.operator_namespace - telemetry_ns = include.root.inputs.telemetry_namespace -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl deleted file mode 100644 index 83eb25f..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-dns/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks-dns.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-eks-dns" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - subnets = ["subnet-mock1", "subnet-mock2", "subnet-mock3"] - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - istio_ingress_lb = { - dns_name = "mock-${include.root.inputs.cluster_name}.elb.amazonaws.com" - zone_id = "MOCKZONEID" - } - } -} - -dependencies { - paths = [ - "../eks-config", - "../eks-istio", - "../eks-karpenter" - ] -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = include.root.inputs.cluster_name - - # Network Configuration - istio_ingress_lb = dependency.eks-istio.outputs.istio_ingress_lb - route53_endpoints = include.root.inputs.route53_endpoints - vpc_domain_name = include.root.inputs.vpc_domain_name - vpc_name = include.root.inputs.vpc_name - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl deleted file mode 100644 index dda8453..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-grafana/terragrunt.hcl +++ /dev/null @@ -1,81 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-grafana.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-grafana" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-loki", - "../eks-prometheus", - "../eks-tempo" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - rwo_storage_class = "gp3-encrypted" - gateway_internal_endpoint = { - hostname = "loki-gateway.telemetry.svc.cluster.local" - portNumber = "80" - url = "http://loki-gateway.telemetry.svc.cluster.local:80/" - } - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} - -dependency "eks-tempo" { - config_path = "../eks-tempo" - mock_outputs = { - tempo_internal_endpoint = { - hostname = "tempo.telemetry.svc.cluster.local" - port_number = 4317 - url = "http://tempo.telemetry.svc.cluster.local:4317/" - } - } -} - -inputs = { - cluster_domain = dependency.eks.inputs.vpc_domain_name - cluster_name = dependency.eks.outputs.cluster_name - download_dashboards_image_tag = include.root.inputs.download_dashboards_image_tag - grafana_chart_version = include.root.inputs.grafana_chart_version - grafana_tag = include.root.inputs.grafana_tag - init_chown_data_image_tag = include.root.inputs.init_chown_data_image_tag - profile = include.root.inputs.aws_profile - public_hostname = include.root.inputs.grafana_hostname - region = include.root.inputs.aws_region - rwo_storage_class = dependency.eks-loki.outputs.rwo_storage_class - loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url - prometheus_endpoint = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - tempo_endpoint = dependency.eks-tempo.outputs.tempo_internal_endpoint.url - namespace = include.root.inputs.namespaces["grafana"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl deleted file mode 100644 index dff8a76..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-istio/terragrunt.hcl +++ /dev/null @@ -1,45 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-istio" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Istio Configuration - namespace = include.root.inputs.namespaces["istio"] - istio_version = include.root.inputs.istio_version -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl deleted file mode 100644 index 7bccdc3..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-k8s-dashboard/terragrunt.hcl +++ /dev/null @@ -1,46 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-k8s-dashboard.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-k8s-dashboard" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-config", - "../eks-dns" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = include.root.inputs.cluster_name - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_domain = include.root.inputs.vpc_domain_name - cluster_name = dependency.eks.outputs.cluster_name - - # Dashboard Configuration - k8s_dashboard_version = include.root.inputs.k8s_dashboard_version - namespace = include.root.inputs.namespaces["k8s-dashboard"] -} \ No newline at end of file diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl deleted file mode 100644 index a713f4d..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-karpenter/terragrunt.hcl +++ /dev/null @@ -1,49 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-karpenter.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-karpenter" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} -dependencies { - paths = ["../eks"] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - - mock_outputs = { - cluster_name = "mock-cluster" - cluster_endpoint = "https://mock-endpoint.eks.amazonaws.com" - oidc_provider_arn = "arn:aws-us-gov:iam::123456789012:oidc-provider/mock" - node_group_name = "mock-node-group" - vpc_id = "vpc-mock" - subnets = ["subnet-mock1", "subnet-mock2"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_endpoint = dependency.eks.outputs.cluster_endpoint - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - - # Karpenter Configuration - karpenter_tag = include.root.inputs.karpenter_tag - karpenter_helm_chart = include.root.inputs.karpenter_helm_chart - karpenter_node_group_name = dependency.eks.outputs.node_group_name - namespace = include.root.inputs.namespaces["karpenter"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl deleted file mode 100644 index d0494ec..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-kiali/terragrunt.hcl +++ /dev/null @@ -1,91 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-kiali.git?ref=mcmCluster" - source = "../../../../../../../tfmod-kiali" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} -dependency "eks-cert-manager" { - config_path = "../eks-cert-manager" - mock_outputs = { - cluster_issuer_name = "acmpca-clusterissuer" - } -} -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - } -} -dependency "eks-tempo" { - config_path = "../eks-tempo" - mock_outputs = { - tempo_internal_endpoint = { - hostname = "tempo.tempo.svc.cluster.local" - port_number = 3100 - url = "http://tempo.tempo.svc.cluster.local:3100/" - } - } -} -dependency "eks-grafana" { - config_path = "../eks-grafana" - mock_outputs = { - internal_endpoint = { - hostname = "grafana.grafana.svc.cluster.local" - port_number = "80" - url = "https://grafana.grafana.svc.cluster.local:80/" - } - namespace = "grafana" - public_endpoint = "https://grafana.dev.lab.csp2.census.gov:80/" - secret_name = "grafana" - tempo_datasource_id = "tempo" - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_domain = dependency.eks.inputs.vpc_domain_name - cluster_name = dependency.eks.outputs.cluster_name - certificate_issuer = dependency.eks-cert-manager.outputs.cluster_issuer_name - - kiali_application_version = include.root.inputs.kiali_application_version - - namespace = include.root.inputs.namespaces["kiali"] - istio_namespace = include.root.inputs.namespaces["istio"] - - prometheus_internal_url = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.url - grafana_namespace = dependency.eks-grafana.outputs.namespace - grafana_secret_name = dependency.eks-grafana.outputs.secret_name - grafana_internal_url = dependency.eks-grafana.outputs.internal_endpoint.url - grafana_public_url = dependency.eks-grafana.outputs.public_endpoint - tempo_datasource_id = dependency.eks-grafana.outputs.tempo_datasource_id - tempo_internal_url = dependency.eks-tempo.outputs.tempo_internal_endpoint.url - - - - # client_id = var.sso_client_id - # client_secret = var.sso_client_secret - # keycloak_public_url = var.keycloak_public_url - # gogatekeeper_chart_version = var.gogatekeeper_chart_version - # gogatekeeper_registry = var.gogatekeeper_registry - # gogatekeeper_repository = var.gogatekeeper_repository - # gogatekeeper_tag = var.gogatekeeper_tag -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl deleted file mode 100644 index 4c4de2f..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-loki/terragrunt.hcl +++ /dev/null @@ -1,48 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-loki.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-loki-x" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-istio" { - config_path = "../eks-istio" - skip_outputs = true -} - -# dependency "eks-prometheus" { -# config_path = "../eks-prometheus" -# skip_outputs = true -# } - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - loki_chart_version = include.root.inputs.loki_chart_version - loki_tag = include.root.inputs.loki_tag - canary_tag = include.root.inputs.canary_tag - enterprise_logs_provisioner_tag = include.root.inputs.enterprise_logs_provisioner_tag - gateway_tag = include.root.inputs.gateway_tag - memcached_tag = include.root.inputs.memcached_tag - exporter_tag = include.root.inputs.exporter_tag - sidecar_tag = include.root.inputs.sidecar_tag - namespace = include.root.inputs.namespaces["loki"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl deleted file mode 100644 index 06817cc..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-metrics-server/terragrunt.hcl +++ /dev/null @@ -1,44 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -dependencies { - paths = [ - "../eks", - "../eks-config" - ] -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-metrics-server.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-metrics-server" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs_allowed_terraform_commands = ["init", "plan", "validate", "destroy"] - mock_outputs = { - cluster_name = "mock-cluster" - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Cluster Configuration - cluster_name = dependency.eks.outputs.cluster_name - - # Metrics Server Configuration - metrics_server_helm_chart = include.root.inputs.metrics_server_helm_chart - metrics_server_tag = include.root.inputs.metrics_server_tag - namespace = include.root.inputs.namespaces["metrics-server"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl deleted file mode 100644 index 2b4ce33..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-open-telemetry/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-open-telemetry.git?ref=main" - source = "../../../../../../../tfmod-open-telemetry" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependencies { - paths = [ - "../eks", - "../eks-loki", - "../eks-prometheus", - "../eks-tempo" - ] -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-loki" { - config_path = "../eks-loki" - mock_outputs = { - gateway_internal_endpoint = { - hostname = "loki-gateway.telemetry.svc.cluster.local" - portNumber = "80" - url = "http://loki-gateway.telemetry.svc.cluster.local:80/" - } - } -} - -dependency "eks-tempo" { - config_path = "../eks-tempo" - mock_outputs = { - tempo_otlp_endpoint = { - hostname = "tempo.telemetry.svc.cluster.local" - portNumber = 4317 - url = "http://tempo.telemetry.svc.cluster.local:4317/" - } - } -} - -inputs = { - profile = include.root.inputs.aws_profile - cluster_name = dependency.eks.outputs.cluster_name - region = include.root.inputs.aws_region - namespace = include.root.inputs.namespaces["otel"] - loki_endpoint = dependency.eks-loki.outputs.gateway_internal_endpoint.url - tempo_endpoint = dependency.eks-tempo.outputs.tempo_otlp_endpoint.url -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md b/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md deleted file mode 100644 index bbbffb2..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/README.md +++ /dev/null @@ -1,198 +0,0 @@ -## eks-prometheus -This module deploys EKS kubeenetes prometheus inside existing EKS cluster. Prometheus is an open-source systems monitoring and alerting tool. -This module consisits of 4 components. It creates prometheus namespace and copies image repositories for the following components from quay.io into local account ECR repository. It deploys these components using helm charts using the configured ECR repositories. - 1. prometheus-alert-manager - 2. prometheus-node-exporter - 3. prometheus-pushgateway - 4. prometheus-server - -### Dependencies -This module is dependent on EKS module (eks). The cluster should exist already for this module to work. - -### Inputs - cluster_name - profile - prometheus_chart_version - prometheus_server_tag - prometheus_config_reloader_tag - alertmanager_tag - kube_state_metrics_tag - node_exporter_tag - pushgateway_tag - rwo_storage_class - -### Outputs - alertmanager_internal_endpoint - alertmanager_headless_internal_endpoint - pushgateway_internal_endpoint - prometheus_server_internal_endpoint - -### Issues observed/fixed -1. The rwo_storage_class value had to be updated from "gp3" to "gp3-encrypted" -2. The node_exporter_tag value had to be updated from "1.6.1" to "v1.8.1" -3. The kube_state_metrics_tag value had to be updated from "2.10.0" to "v2.6.0" -4. The alertmanager_tag value had to be updated from -5. The helm chart set config for the ecr image had to be split into 2 components, one for registry and other for repository as an example mentioned below: - - ``` - set { - name = "kube-state-metrics.image.registry" - value = module.images.images[local.ksm_key].dest_registry - } - set { - name = "kube-state-metrics.image.repository" - value = module.images.images[local.ksm_key].dest_repository - } - ``` - -6. In some other cases the image ecr repository had to be split by the colon separatory (:) - - ``` - set { - name = "alertmanager.configmapReload.image.repository" - value = split(":", module.images.images[local.prom_config_reload_key].dest_full_path)[0] - } - ``` - -### Chart Notes - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-pushgateway,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 9091 - echo "Visit http://127.0.0.1:9091 to use your application" - ``` - - The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: - prometheus-server.prometheus.svc.cluster.local - - - Get the Prometheus server URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9090 - ``` - - The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster: - `prometheus-alertmanager.prometheus.svc.cluster.local` - - - Get the Alertmanager URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9093 - ``` - - ################################################################################# - ###### WARNING: Pod Security Policy has been disabled by default since ##### - ###### it deprecated after k8s 1.25+. use ##### - ###### (index .Values "prometheus-node-exporter" "rbac" ##### - ###### "pspEnabled") with (index .Values ##### - ###### "prometheus-node-exporter" "rbac" "pspAnnotations") ##### - ###### in case you still need it. ##### - ################################################################################# - - - The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: - `prometheus-prometheus-pushgateway.prometheus.svc.cluster.local` - - - Get the PushGateway URL by running these commands in the same shell: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace prometheus port-forward $POD_NAME 9091 - ``` - - For more information on running Prometheus, visit: - https://prometheus.io/ - - kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - The exposed metrics can be found here: - https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - - The metrics are exported on the HTTP endpoint /metrics on the listening port. - In your case, `prometheus-kube-state-metrics.prometheus.svc.cluster.local:8080/metrics` - - They are served either as plaintext or protobuf depending on the Accept header. - They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9093 to use your application" - kubectl --namespace prometheus port-forward $POD_NAME 9093:80 - ``` - - 1. Get the application URL by running these commands: - - ```bash - export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/instance=prometheus" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:9100 to use your application" - kubectl port-forward --namespace prometheus $POD_NAME 9100 - ``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 5.14.0 | -| [helm](#requirement\_helm) | >= 2.11.0 | -| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | -| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `bool` | `true` | no | -| [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | -| [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | -| [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | -| [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | -| [prometheus\_chart\_version](#input\_prometheus\_chart\_version) | The version of prometheus to install into the cluster. | `string` | `"25.24.1"` | no | -| [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.1"` | no | -| [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.53.1"` | no | -| [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | -| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [alertmanager\_headless\_internal\_endpoint](#output\_alertmanager\_headless\_internal\_endpoint) | n/a | -| [alertmanager\_internal\_endpoint](#output\_alertmanager\_internal\_endpoint) | n/a | -| [module\_name](#output\_module\_name) | The name of this module. | -| [module\_version](#output\_module\_version) | The version of this module. | -| [prometheus\_namespace](#output\_prometheus\_namespace) | n/a | -| [prometheus\_server\_internal\_endpoint](#output\_prometheus\_server\_internal\_endpoint) | n/a | -| [pushgateway\_internal\_endpoint](#output\_pushgateway\_internal\_endpoint) | n/a | - diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl deleted file mode 100644 index 030dd33..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-prometheus/terragrunt.hcl +++ /dev/null @@ -1,40 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-prometheus.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-prometheus" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - } -} - -dependency "eks-dns" { - config_path = "../eks-dns" - skip_outputs = true -} - -inputs = { - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - cluster_name = dependency.eks.outputs.cluster_name - prometheus_chart_version = include.root.inputs.prometheus_chart_version - prometheus_server_tag = include.root.inputs.prometheus_server_tag - prometheus_config_reloader_tag = include.root.inputs.prometheus_config_reloader_tag - alertmanager_tag = include.root.inputs.alertmanager_tag - kube_state_metrics_tag = include.root.inputs.kube_state_metrics_tag - node_exporter_tag = include.root.inputs.node_exporter_tag - pushgateway_tag = include.root.inputs.pushgateway_tag - namespace = include.root.inputs.namespaces["prometheus"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl deleted file mode 100644 index d14c8a1..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks-tempo/terragrunt.hcl +++ /dev/null @@ -1,47 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-tempo.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-tempo" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -dependency "eks" { - config_path = "../eks" - mock_outputs = { - cluster_name = "a-cluster-name" - oidc_provider_arn = "arn:aws-us-gov:iam::111111111111:oidc-provider/oidc.eks.us-gov-east-1.amazonaws.com/id/0000000000000000AAAAAAAAAAAAAAAA" - } -} - -dependency "eks-prometheus" { - config_path = "../eks-prometheus" - mock_outputs = { - prometheus_server_internal_endpoint = { - hostname = "prometheus-server.prometheus.svc.cluster.local" - port_number = 9090 - url = "http://prometheus-server.prometheus.svc.cluster.local:9090/" - } - prometheus_namespace = "prometheus" - } -} - -inputs = { - account_id = include.root.locals.account_id - profile = include.root.locals.aws_profile - region = include.root.locals.aws_region - cluster_name = dependency.eks.outputs.cluster_name - oidc_provider_arn = dependency.eks.outputs.oidc_provider_arn - prometheus_port = dependency.eks-prometheus.outputs.prometheus_server_internal_endpoint.port_number - prometheus_namespace = dependency.eks-prometheus.outputs.prometheus_namespace - tempo_chart_version = include.root.inputs.tempo_chart_version - tempo_tag = include.root.inputs.tempo_tag - namespace = include.root.inputs.namespaces["tempo"] -} diff --git a/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl b/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl deleted file mode 100644 index c77be43..0000000 --- a/development/us-gov-east-1/vpc/platform-test-z/eks/terragrunt.hcl +++ /dev/null @@ -1,28 +0,0 @@ -include "root" { - path = find_in_parent_folders("root.hcl") - merge_strategy = "deep" - expose = true -} - -terraform { - # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-eks.git?ref=${include.root.inputs.release_version}" - source = "../../../../../../../tfmod-eks" - extra_arguments "retry_lock" { - commands = get_terraform_commands_that_need_locking() - arguments = ["-lock-timeout=20m"] - } -} - -inputs = { - # AWS Configuration - account_id = include.root.inputs.aws_account_id - profile = include.root.inputs.aws_profile - region = include.root.inputs.aws_region - - # Core Cluster Configuration - cluster_name = include.root.inputs.cluster_name - cluster_version = include.root.inputs.cluster_version - - # Additional Configuration - tags = include.root.inputs.tags -} diff --git a/development/account.hcl b/enviornment/account.hcl similarity index 100% rename from development/account.hcl rename to enviornment/account.hcl diff --git a/development/us-gov-east-1/region.hcl b/enviornment/region/region.hcl similarity index 100% rename from development/us-gov-east-1/region.hcl rename to enviornment/region/region.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl b/enviornment/region/vpc/cluster/cluster.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/cluster.hcl rename to enviornment/region/vpc/cluster/cluster.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-cert-manager/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-cert-manager/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-config/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-config/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-config/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-dns/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-dns/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-dns/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off b/enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-gogatekeeper/terragrunt.hcl.off rename to enviornment/region/vpc/cluster/eks-gogatekeeper/terragrunt.hcl.off diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-grafana/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-grafana/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-grafana/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-istio/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-istio/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-istio/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-k8s-dashboard/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-k8s-dashboard/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-karpenter/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-karpenter/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-karpenter/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-keycloak/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-keycloak/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-keycloak/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-kiali/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-kiali/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-kiali/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-loki/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-loki/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-loki/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-metrics-server/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-metrics-server/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-otel/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-otel/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-otel/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md b/enviornment/region/vpc/cluster/eks-prometheus/README.md similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/README.md rename to enviornment/region/vpc/cluster/eks-prometheus/README.md diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-prometheus/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-prometheus/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-prometheus/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl b/enviornment/region/vpc/cluster/eks-tempo/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks-tempo/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks-tempo/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl b/enviornment/region/vpc/cluster/eks/terragrunt.hcl similarity index 100% rename from development/us-gov-east-1/vpc/platform-eng-eks-mcm/eks/terragrunt.hcl rename to enviornment/region/vpc/cluster/eks/terragrunt.hcl diff --git a/development/us-gov-east-1/vpc/vpc.hcl b/enviornment/region/vpc/vpc.hcl similarity index 100% rename from development/us-gov-east-1/vpc/vpc.hcl rename to enviornment/region/vpc/vpc.hcl