Skip to content

Commit

Permalink
Init (#8)
Browse files Browse the repository at this point in the history 
* Add comprehensive EKS Cluster Template roadmap and configuration files

* Refactor namespace definitions and add GitHub Actions workflows variable

* Implement GitHub Actions workflow triggers and enhance Terraform configurations for automated cluster setup

* Enhance README and add Terraform module for EKS cluster deployment with automated GitHub Actions workflows; include tests for workflow triggers and validation.

* Update versions.tf to include required provider versions for Terraform configuration

* Remove outdated test files and add new validation and workflow trigger tests for EKS cluster deployment

* Update GitHub server URL and refactor related configurations for EKS deployment

* Refactor module configurations to enable dynamic management of extra files and update enable_all_modules variable for improved flexibility

* updating gitignore

* Remove obsolete Terraform module and provider cache files to clean up the repository

* removing test workflow

* Remove GitHub token variable and references to streamline configuration

* Update terraform-validate.yaml

* Remove mock GitHub token from workflow trigger configuration

* updating

* removing varfiles

* Remove unused GitHub module and provider references

* removign data dirs

* removing TEMPLATE_SHA

* reemoving varfiles

* initi

* adding docs

* Add README template for EKS cluster configuration

* Enhance README and examples for EKS cluster management

- Updated README to clarify module functionality and features.
- Added centralized management examples for EKS cluster repositories.
- Improved variable definitions for better clarity and usability.

* Fix formatting of runs-on value in GitHub Actions workflow

* Refactor README and ROADMAP for clarity; update Terraform configurations and remove deprecated variables

* Update EKS cluster configuration with new account details

* Update main.tf

* Update EKS deployment configuration: change region to us-gov-east-1 and update VPC name to vpc3-csvd-dev

* Refactor repository and cluster configuration: unify naming and update descriptions in main.tf and variables.tf

* Update cluster name assignment in locals.tf and add default.json file

---------

Co-authored-by: Your Name <user@example.com>
  • Loading branch information
@arnol377
arnol377 and Your Name committed Sep 11, 2025
1 parent 7e45423 commit 2e69a84
Show file tree
Hide file tree
Showing 20 changed files with 944 additions and 398 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/terraform-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
- main
jobs:
terraform-ci-cd:
runs-on: 229685449397
runs-on: "229685449397"
permissions:
contents: write

Expand Down
223 changes: 101 additions & 122 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,165 +1,144 @@
# terraform-eks-deployment

Terraform module for EKS cluster deployment and configuration
Terraform module for EKS cluster repository bootstrapping and configuration

## Overview

This module creates a new GitHub repository for your EKS cluster based on the template-eks-cluster repository. It sets up all necessary configuration files and triggers automated workflows for cluster deployment.
This module creates and configures a new GitHub repository for your EKS cluster based on the template-eks-cluster repository. It automatically generates all necessary Terragrunt HCL files (`root.hcl`, `account.hcl`, `region.hcl`, etc.) directly from your input variables, eliminating the need for manual configuration or separate Ansible playbooks.

## Features

- **Fully Terraform-Native**: No Lambda functions, Ansible playbooks, or manual steps required
- **Complete HCL Generation**: Automatically creates all necessary Terragrunt HCL files
- **Team Management**: Configures repository permissions for your teams
- **Customizable**: Extensive configuration options for cluster, account, and VPC settings

## Prerequisites

- GitHub token with repository and workflow permissions
- Python 3.x installed on the machine running Terraform
- Terraform 1.0.0 or newer
- Access to GitHub Enterprise (if using enterprise version)

## Usage

### Basic Example

```hcl
module "eks_deployment" {
source = "path/to/terraform-eks-deployment"
name = "my-eks-cluster"
organization = "my-org"
environment = "production"
region = "us-east-1"
source = "github.com/HappyPathway/terraform-eks-deployment"
# Repository configuration
repository_name = "eks-prod-cluster"
repository_template_owner = "HappyPathway"
repository_template = "template-eks-cluster"
repository_teams = {
"platform-team" = "admin",
"devops-team" = "maintain",
"developers" = "push"
}
cluster_config = {
cluster_name = "prod-eks-01"
account_name = "prod-account"
aws_account_id = "123456789012"
aws_profile = "prod-profile"
# Basic settings
organization = "my-org"
environment = "production"
region = "us-gov-west-1"
github_server_url = "https://github.e.it.census.gov" # For GitHub Enterprise
# Account configuration
account_config = {
account_name = "prod-account"
aws_account_id = "123456789012"
environment_abbr = "prod"
}
# VPC configuration
vpc_config = {
vpc_name = "prod-vpc"
vpc_domain_name = "prod.example.com"
}
github_token = "your-github-token"
github_server_url = "https://github.e.it.census.gov" # Optional, for GitHub Enterprise
# Cluster configuration
cluster_config = {
cluster_name = "prod-eks-01"
cluster_mailing_list = "team@example.com"
eks_instance_disk_size = 200
eks_ng_desired_size = 5
eks_ng_max_size = 10
eks_ng_min_size = 3
organization = "census:ocio:csvd"
finops_project_name = "csvd_platformbaseline"
finops_project_number = "fs0000000078"
finops_project_role = "csvd_platformbaseline_app"
tags = {
Owner = "Platform Team",
Environment = "Production",
CostCenter = "123-456"
}
module_enablement_overrides = {
cert_manager = true,
prometheus = true,
grafana = true,
istio = true
}
}
}
```

## Workflow Automation

### Overview

The module automatically triggers GitHub Actions workflows in your newly created repository to:
1. Install Python requirements
2. Execute Terragrunt operations for cluster management

### Workflow Sequence

1. **Repository Creation**: The module creates a new repository from the template-eks-cluster template
2. **Initial Configuration**: Configuration files are generated based on your inputs
3. **Requirements Installation**: A workflow is triggered to install Python dependencies
4. **Cluster Planning**: A terragrunt plan workflow is automatically triggered
### Available Workflows

Your new repository will have these workflows available:

1. **Install Requirements** (`install-requirements.yml`)
- Triggered automatically on repository creation
- Installs all Python dependencies from requirements.txt

2. **Terragrunt Cluster Operations** (`terragrunt-cluster-build.yml`)
- Supports plan, apply, and destroy operations
- Can be triggered manually or via API
- Includes safety checks and approvals

### Triggering Workflows

The workflows can be triggered in two ways:

1. **Automatic Triggering**
- On repository creation, the module automatically triggers:
1. Requirements installation
2. Initial cluster plan

2. **Manual Triggering**
- Via GitHub UI:
1. Go to Actions tab
2. Select desired workflow
3. Click "Run workflow"
4. Fill in parameters

3. **API Triggering**
- Use GitHub's API to trigger workflows:
```bash
curl -X POST \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/OWNER/REPO/dispatches" \
-d '{
"event_type": "cluster-plan",
"client_payload": {
"environment": "dev",
"region": "us-east-1",
"cluster_dir": "my-cluster",
"auto_approve": false
}
}'
```

### Supported Events

The following event types are supported for workflow triggers:
output "repository_url" {
value = module.eks_deployment.repository_url
}
```

- `install-requirements`: Install Python dependencies
- `cluster-plan`: Preview cluster changes
- `cluster-apply`: Apply cluster changes
- `cluster-destroy`: Destroy cluster
## Generated Files

### Required Secrets
The module automatically generates the following files in your new repository:

The following secrets must be configured in your repository:
- `root.hcl`: Global Terragrunt configuration
- `[environment]/account.hcl`: Account-specific variables
- `[environment]/[region]/region.hcl`: Region-specific variables
- `[environment]/[region]/vpc/vpc.hcl`: VPC-specific variables
- `[environment]/[region]/vpc/[cluster_name]/cluster.hcl`: Cluster-specific variables
- `README.md`: Usage instructions and documentation

- `AWS_ROLE_ARN`: ARN of the AWS role to assume
- `GITHUB_TOKEN`: GitHub token with workflow permissions
These files are committed directly to your new repository and are ready for use with Terragrunt to deploy your EKS cluster.

## Module Configuration

### Required Variables

- `name`: Repository name
- `organization`: GitHub organization name
- `environment`: Deployment environment
- `region`: AWS region
- `cluster_config`: Cluster configuration object
- `github_token`: GitHub token for workflow operations
| Name | Description |
|------|-------------|
| `repository_name` | Name of the GitHub repository to create |
| `organization` | GitHub organization name |
| `environment` | Deployment environment (e.g., production, development) |
| `region` | AWS region for the EKS cluster |
| `account_config` | Map of account configuration values |
| `vpc_config` | Map of VPC configuration values |
| `cluster_config` | Map of cluster configuration values |

### Optional Variables

- `github_server_url`: GitHub Enterprise server URL
- `template_repo_org`: Organization containing the template repository
- `enable_modules`: Map of modules to enable in the cluster
| Name | Description | Default |
|------|-------------|---------|
| `repository_template_owner` | Owner of the template repository | `"HappyPathway"` |
| `repository_template` | Template repository name | `"template-eks-cluster"` |
| `repository_teams` | Map of team names and permission levels | `{}` |
| `github_server_url` | GitHub Enterprise server URL | `"https://api.github.com"` |

For more configuration options, see the variables.tf file.
For complete configuration options, see the variables.tf file.

## Outputs

- `repository_url`: URL of the created repository
- `ssh_clone_url`: SSH clone URL of the repository

## Security Considerations

1. **GitHub Token**: Use a token with minimal required permissions
2. **AWS Role**: Use role-based access with least privilege
3. **Auto-approve**: Use with caution in production environments
4. **Environment Protection**: Configure branch protection rules

## Troubleshooting
| Name | Description |
|------|-------------|
| `repository_url` | URL of the created repository |
| `ssh_clone_url` | SSH clone URL of the repository |

Common issues and solutions:
## How It Works

1. **Workflow Trigger Failures**
- Check GitHub token permissions
- Verify GitHub Enterprise URL (if applicable)
- Check network connectivity
1. The module calls the `terraform-github-repo` module to create a new repository based on your template.
2. It uses Terraform's `templatefile()` function to render Terragrunt HCL files from templates.
3. These rendered files are committed directly to the repository using the `github_repository_file` resource.
4. Team permissions are configured using the `github_team_repository` resource.

2. **Python Requirements**
- Ensure requirements.txt exists in template repository
- Check Python version compatibility
## Migrating from Previous Workflow

3. **AWS Authentication**
- Verify AWS role ARN
- Check AWS credentials configuration
This module replaces the previous Lambda/Ansible-based workflow with a purely Terraform-native approach. If you were previously using the template-automation-lambda to create repositories and then running an Ansible playbook to generate HCL files, you can now accomplish the entire process with just this module.
91 changes: 38 additions & 53 deletions ROADMAP.md
View file
Original file line number Diff line number Diff line change
@@ -1,62 +1,47 @@
# EKS Cluster Template Roadmap
# EKS Cluster Deployment Roadmap

## Current Architecture
- Template repository (`template-eks-cluster`) serves as the base for creating new EKS cluster configurations
- Uses Terraform GitHub repo module to create new repositories from the template
- Implements managed and non-managed extra files functionality
- Supports configuration through `config.json`
- **Terraform-Native Workflow**: The module provides a fully Terraform-native workflow for bootstrapping a single GitHub repository for an EKS cluster.
- **Declarative Configuration**: It uses a set of input variables (`account_config`, `vpc_config`, `cluster_config`) to define a cluster's configuration.
- **Dynamic HCL Generation**: The module automatically generates all necessary Terragrunt HCL files (`root.hcl`, `account.hcl`, `region.hcl`, etc.) from internal templates.
- **Wrapper Module**: This module acts as a sophisticated wrapper around the `terraform-github-repo` module, orchestrating repository creation, file generation, and team permission management.

## Planned Enhancements

### 1. Automated Cluster Setup (High Priority)
- [x] Add GitHub Actions workflows with workflow_dispatch triggers
- [x] Implement automated terragrunt command execution for cluster building
- [x] Support for plan/apply/destroy commands
- [x] Environment-specific execution
- [x] Automated testing framework
- [ ] Configure workflows to run on specific runners for credential management
- [ ] Create templatized GitHub Actions workflow files
- [ ] Enable direct cluster creation without manual repository cloning

### 2. File Management System (Medium Priority)
- [ ] Implement wrapper module for repo module
- [ ] Add support for crafting and injecting various configuration files
- [ ] Define file lifecycle management strategy
- [ ] Managed files (controlled by workspace)
- [ ] Non-managed files (user-modifiable)

### 3. Version Management (Medium Priority)
- [ ] Implement version control strategy for `default-versions.hcl`
- [ ] Create system for managing platform release versions
- [ ] Set up version override mechanism
- [ ] Default versions in template repo
- [ ] Override capability in workspace creating repos

### 4. Configuration Management (Low Priority)
- [ ] Enhance Makefile and Ansible playbook integration
- [ ] Improve configuration file templating
- [ ] Add validation for configuration files
### 1. Version and Configuration Management (High Priority)
- [x] Implement version control strategy for `default-versions.hcl`
- [x] Create system for managing platform release versions
- [x] Set up version override mechanism
- [ ] Add validation for configuration files to fail early on invalid inputs.
- [ ] Integrate a robust versioning strategy for the module itself, using tags.

### 2. Automated Cluster Deployment (Medium Priority)
- [ ] Create templatized GitHub Actions workflow files that can be injected into the created repository.
- [ ] Configure workflows to run on specific runners for secure credential management.
- [ ] Implement automated `terragrunt plan/apply` execution within the generated workflows.

### 3. Module and Documentation Refinements (Low Priority)
- [ ] Enhance documentation with more detailed examples, including edge cases.
- [ ] Add contribution guidelines and a developer guide.
- [ ] Refactor and clean up any legacy code or unused variables.

## Completed Milestones

- **Terraform-Native Migration**: Successfully replaced the legacy Lambda/Ansible workflow with a unified, Terraform-native solution for repository bootstrapping.
- **File Management System**: Implemented a robust system for crafting and injecting configuration files directly via Terraform, fulfilling the core requirement of the "File Management System" epic.

## Technical Considerations
1. File Lifecycle Management:
- Managed files: Controlled by workspace
- Non-managed files: User-modifiable post-creation
- Version-specific files: Platform release coordination

2. Automation Requirements:
- GitHub Actions runner configuration
- Credential management
- Workflow templating
- Terragrunt integration

3. Version Control Strategy:
- Module version collections
- Platform release versions
- Override mechanisms
1. **Automation Requirements**:
- GitHub Actions runner configuration for secure AWS authentication.
- Workflow templating to dynamically generate CI/CD pipelines.
- Seamless Terragrunt integration within the automated workflows.

2. **Version Control Strategy**:
- Centralized management of component versions (EKS, Istio, etc.).
- Clear override mechanisms for environment-specific versioning.

## Success Criteria
- Fully automated cluster creation process
- Minimal manual intervention required
- Proper version management system
- Clear file lifecycle management
- Secure credential handling
- Fully automated repository and cluster configuration process.
- A clear, maintainable, and scalable version management system.
- Secure and automated CI/CD pipelines for deploying EKS clusters.
- Comprehensive documentation that empowers users and contributors.

0 comments on commit 2e69a84

Please sign in to comment.