From 469988303052ba8df0debfb1141230d33c56fd46 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 16 Mar 2026 18:41:25 -0400 Subject: [PATCH] update default-versions and common-variables gen --- locals.tf | 45 +++++---- main.tf | 7 +- templates/common-variables.hcl | 70 +++++++++++++- templates/default-versions.hcl | 172 ++++++++++++++++++++++++++++----- variables.tf | 22 ++++- 5 files changed, 262 insertions(+), 54 deletions(-) diff --git a/locals.tf b/locals.tf index 4b76f30..3d789da 100644 --- a/locals.tf +++ b/locals.tf @@ -7,6 +7,7 @@ locals { state_bucket_prefix = "inf-tfstate" state_table_name = "tf_remote_state" route53_endpoints = {} + environment_abbr = var.cluster_config.environment_abbr }, var.common_variables) # First define base namespaces without dependencies @@ -39,11 +40,9 @@ locals { } default_versions = { - cluster_version = var.versions.cluster_version - custom_service_eks_account = var.versions.release_version - eks_module_version = var.versions.eks_module_version - istio_ingress_version = var.versions.release_version - release_version = var.versions.release_version + environment = var.environment + cluster_version = var.versions.cluster_version + eks_module_version = var.versions.eks_module_version # Provider versions aws_version = var.versions.aws_version @@ -54,15 +53,21 @@ locals { template_version = var.versions.template_version tf_version = var.versions.tf_version + # Namespace configuration + operator_namespace = var.namespaces.operator_namespace + telemetry_namespace = var.namespaces.telemetry_namespace + # Component versions - gogatekeeper_tag = var.versions.gogatekeeper.tag - gogatekeeper_chart_version = var.versions.gogatekeeper.chart_version + cribl_chart_version = var.versions.cribl.chart_version + cribl_app_version = var.versions.cribl.app_version + + gatekeeper_tag = var.versions.gogatekeeper.tag + gatekeeper_chart_version = var.versions.gogatekeeper.chart_version grafana_hostname = var.versions.grafana.hostname grafana_operator_chart_version = var.versions.grafana.operator_chart_version grafana_operator_tag = var.versions.grafana.operator_tag grafana_tag = var.versions.grafana.tag - os_shell_image_tag = var.versions.grafana.os_shell_image_tag istio_version = var.versions.istio.version @@ -71,14 +76,11 @@ locals { keycloak_chart_version = var.versions.keycloak.chart_version keycloak_tag = var.versions.keycloak.tag - keycloak_hostname = var.versions.keycloak.hostname - keycloak_database = var.versions.keycloak.database - keycloak_username = var.versions.keycloak.username - keycloak_password = var.versions.keycloak.password postgresql_tag = var.versions.keycloak.postgresql_tag + postgres_exporter_tag = var.versions.postgres_exporter_tag + utilities_tag = var.versions.utilities_tag - kiali_operator_version = var.versions.kiali.operator_version - kiali_application_version = "v${var.versions.kiali.operator_version}" + kiali_operator_version = var.versions.kiali.operator_version loki_chart_version = var.versions.loki.chart_version loki_tag = var.versions.loki.tag @@ -88,6 +90,15 @@ locals { exporter_tag = var.versions.loki.exporter_tag sidecar_tag = var.versions.loki.sidecar_tag + auto_instrumentation_java_version = var.versions.otel.auto_instrumentation_java_version + collector_contrib_version = var.versions.otel.collector_contrib_version + collector_version = var.versions.otel.collector_version + otel_helm_version = var.versions.otel.helm_version + otel_version = var.versions.otel.version + rbac_proxy_version = var.versions.otel.rbac_proxy_version + + postgresql_chart_version = var.versions.postgresql.chart_version + prometheus_chart_version = var.versions.prometheus.chart_version prometheus_server_tag = var.versions.prometheus.server_tag prometheus_config_reloader_tag = var.versions.prometheus.config_reloader_tag @@ -96,13 +107,7 @@ locals { tempo_chart_version = var.versions.tempo.chart_version tempo_tag = var.versions.tempo.tag - - # Add namespace configurations - operator_namespace = var.namespaces.operator_namespace - telemetry_namespace = var.namespaces.telemetry_namespace - namespaces = local.all_namespaces } - managed_extra_files = concat([ { path = "_envcommon/default-versions.hcl" diff --git a/main.tf b/main.tf index 6235792..09368c7 100644 --- a/main.tf +++ b/main.tf @@ -106,12 +106,13 @@ module "github_repo" { github_has_wiki = true github_has_projects = true - managed_extra_files = [ + managed_extra_files = concat([ for path, content in local.rendered_files : { path = path content = content - } - ] + }], + local.managed_extra_files) + archive_on_destroy = false github_org_teams = [ for team, permission in var.repository_teams : { diff --git a/templates/common-variables.hcl b/templates/common-variables.hcl index e228659..1fdf031 100644 --- a/templates/common-variables.hcl +++ b/templates/common-variables.hcl @@ -1,10 +1,70 @@ +# ${environment_abbr}/_envcommon/common-variables.hcl + +# --------------------------------------------------------------------------------------------------------------------- +# GLOBAL PARAMETERS +# These are the variables we pass to use across modules regardless of environment, i.e. these are the parameters +# that are common across all environments/accounts. +# --------------------------------------------------------------------------------------------------------------------- locals { - organization = "${organization}" - project_name = "${project_name}" - project_number = "${project_number}" - project_role = "${project_role}" state_bucket_prefix = "${state_bucket_prefix}" state_table_name = "${state_table_name}" + environment_abbr = "${environment_abbr}" + + route53_endpoints = { + route53_main = { + "account_id" = local.route53_info[local.environment_abbr]["account_id"] + "alias" = local.route53_info[local.environment_abbr]["alias"] + "us-gov-east-1" = local.route53_info[local.environment_abbr]["us-gov-east-1"] + "us-gov-west-1" = local.route53_info[local.environment_abbr]["us-gov-west-1"] + } + route53_main_legacy = { + "account_id" = local.route53_info["legacy"]["account_id"] + "alias" = local.route53_info["legacy"]["alias"] + "us-gov-east-1" = local.route53_info["legacy"]["us-gov-east-1"] + "us-gov-west-1" = local.route53_info["legacy"]["us-gov-west-1"] + } + } + + route53_info = { + lab = { + "account_id" = "269244441389" + "alias" = "lab-gov-network-nonprod" + "us-gov-east-1" = "vpc-070595c5b133243dd" + "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1" + } + prod = { + "account_id" = "057405694017" + "alias" = "ent-ew-network-prod" + "us-gov-east-1" = "vpc-061325b37d748d17a" + "us-gov-west-1" = "vpc-0b22b68b90e47cb5f" + } + legacy = { + "account_id" = "107742151971" + "alias" = "do2-govcloud" + "us-gov-east-1" = "vpc-099a991da7c4eb8a5" + "us-gov-west-1" = "vpc-77877a12" + } + } + + enterprise_ecr_account = { + lab = { + "account_id" = "269222635945" + "alias" = "lab-gov-shared-nonprod" + "profile" = "269222635945-lab-gov-shared-nonprod" + "region" = "us-gov-east-1" + } + prod = { + "account_id" = "067074201825" + "alias" = "ent-gov-shared-prod" + "profile" = "067074201825-ent-gov-shared-prod" + "region" = "us-gov-east-1" + } + } - route53_endpoints = ${jsonencode(route53_endpoints)} + eecr_info = { + account_id = local.enterprise_ecr_account[local.environment_abbr]["account_id"] + alias = local.enterprise_ecr_account[local.environment_abbr]["alias"] + profile = local.enterprise_ecr_account[local.environment_abbr]["profile"] + region = local.enterprise_ecr_account[local.environment_abbr]["region"] + } } \ No newline at end of file diff --git a/templates/default-versions.hcl b/templates/default-versions.hcl index 5cf6612..e2a222c 100644 --- a/templates/default-versions.hcl +++ b/templates/default-versions.hcl @@ -1,12 +1,92 @@ +# ${environment}/_envcommon/default-versions.hcl locals { + module_name = basename(get_original_terragrunt_dir()) + release_version = local.module_versions["2026.03.15"][local.module_name] + ##################### # Module Versions ##################### - cluster_version = "${cluster_version}" - custom_service_eks_account = "${custom_service_eks_account}" - eks_module_version = "${eks_module_version}" - istio_ingress_version = "${istio_ingress_version}" - release_version = "${release_version}" + cluster_version = "${cluster_version}" + eks_module_version = "${eks_module_version}" + + module_versions = { + "2025.20.04" = { + "eks-arcgis" = false + "eks-cert-manager" = "0.1.9" + "eks-config" = "1.0.5" + "eks-cribl" = "0.0.1" + "eks-dns" = "0.1.4" + "eks-gatekeeper" = "0.0.3" + "eks-grafana" = "0.1.5" + "eks-istio" = "1.0.9" + "eks-k8s-dashboard" = "0.1.4" + "eks-karpenter" = "0.1.7" + "eks-keycloak" = "0.0.8" + "eks-kiali" = "0.1.4" + "eks-loki" = "0.1.4" + "eks-metrics-server" = "0.1.4" + "eks-otel" = "0.0.4" + "eks-pipeline" = "initial" + "eks-postgresql" = false + "eks-prometheus" = "0.1.4" + "eks-tempo" = "0.1.4" + "eks" = "1.0.10" + } + "2026.03.15" = { + "eks-arcgis" = false + "eks-config" = "1.0.6" + "eks-cribl" = "mcm_v2" + "eks-dns" = "0.1.6" + "eks-gatekeeper" = "0.0.4" + "eks-grafana" = "0.1.5" + "eks-istio" = "1.0.9" + "eks-karpenter" = "0.1.9" + "eks-keycloak" = "0.0.8" + "eks-kiali" = "0.1.5" + "eks-loki" = "0.1.6" + "eks-otel" = "0.0.4" + "eks-pipeline" = "initial" + "eks-postgresql" = false + "eks-prometheus" = "0.1.5" + "eks-tempo" = "0.1.5" + "eks" = "1.0.12" + } + } + + submodule_versions = { + "tfmod-istio-service-ingress" = "0.1.7" + "tfmod-config-job" = "0.1.8" + "tfmod-custom-iam-role-for-service-account-eks" = "1.0.1" + } + + ##################### + # Module Enablement + ##################### + + # Core modules that should always be enabled (cannot be disabled) + core_modules = [ + "eks", + "eks-karpenter", + "eks-config", + "eks-istio", + "eks-dns", + ] + + # Optional modules with their default enablement state + enabled_modules = { + "eks-arcgis" = false + "eks-cribl" = false + "eks-gatekeeper" = true + "eks-grafana" = true + "eks-keycloak" = true + "eks-kiali" = true + "eks-loki" = true + "eks-otel" = true + "eks-pipeline" = false + "eks-postgresql" = false + "eks-prometheus" = true + "eks-tempo" = true + } ##################### # TF Providers @@ -20,14 +100,50 @@ locals { tf_version = "${tf_version}" ##################### - # Component Versions + # Namespaces Config + ##################### + operator_namespace = "${operator_namespace}" + telemetry_namespace = "${telemetry_namespace}" + system_namespace = "kube-system" + istio_namespace = "istio-system" + namespaces = { + arcgis = "arcgis" + cribl = "cribl" + gatekeeper = "keycloak" + grafana = local.telemetry_namespace + istio = local.istio_namespace + karpenter = local.system_namespace + keycloak = "keycloak" + kiali = local.istio_namespace + loki = local.telemetry_namespace + misp = "misp" + otel = local.telemetry_namespace + postgresql = "keycloak" + prometheus = local.telemetry_namespace + tempo = local.telemetry_namespace + } + + ##################### + # EKS Config + ##################### + + ################ + # Cert-Manager + ################ + cluster_issuer_name = "cert-manager" + + ##################### + # Cribl ##################### + cribl_chart_version = "${cribl_chart_version}" + cribl_app_version = "${cribl_app_version}" ################ # GoGatekeeper ################ - gogatekeeper_tag = "${gogatekeeper_tag}" - gogatekeeper_chart_version = "${gogatekeeper_chart_version}" + gatekeeper_tag = "${gatekeeper_tag}" + gatekeeper_chart_version = "${gatekeeper_chart_version}" + gatekeeper_service_name = "gatekeeper" ################ # Grafana @@ -36,12 +152,12 @@ locals { grafana_operator_chart_version = "${grafana_operator_chart_version}" grafana_operator_tag = "${grafana_operator_tag}" grafana_tag = "${grafana_tag}" - os_shell_image_tag = "${os_shell_image_tag}" + os_shell_image_tag = local.utilities_tag ################ # Istio ################ - istio_version = "${istio_version}" + istio_version = "${istio_version}" ################ # Karpenter @@ -54,17 +170,15 @@ locals { ################ keycloak_chart_version = "${keycloak_chart_version}" keycloak_tag = "${keycloak_tag}" - keycloak_hostname = "${keycloak_hostname}" - keycloak_database = "${keycloak_database}" - keycloak_username = "${keycloak_username}" - keycloak_password = "${keycloak_password}" postgresql_tag = "${postgresql_tag}" + postgres_exporter_tag = "${postgres_exporter_tag}" + utilities_tag = "${utilities_tag}" ################ # Kiali ################ kiali_operator_version = "${kiali_operator_version}" - kiali_application_version = "${kiali_application_version}" + kiali_application_version = "$${local.kiali_operator_version}" ################ # Loki @@ -73,9 +187,24 @@ locals { loki_tag = "${loki_tag}" enterprise_logs_provisioner_tag = "${enterprise_logs_provisioner_tag}" gateway_tag = "${gateway_tag}" - memcached_tag = "${memcached_tag}" - exporter_tag = "${exporter_tag}" - sidecar_tag = "${sidecar_tag}" + memcached_tag = "${memcached_tag}" + exporter_tag = "${exporter_tag}" + sidecar_tag = "${sidecar_tag}" + + ################ + # Open Telemetry + ################ + auto_instrumentation_java_version = "${auto_instrumentation_java_version}" + collector_contrib_version = "${collector_contrib_version}" + collector_version = "${collector_version}" + otel_helm_version = "${otel_helm_version}" + otel_version = "${otel_version}" + rbac_proxy_version = "${rbac_proxy_version}" + + ################ + # PostgreSQL + ################ + postgresql_chart_version = "${postgresql_chart_version}" ################ # Prometheus @@ -91,11 +220,4 @@ locals { ################ tempo_chart_version = "${tempo_chart_version}" tempo_tag = "${tempo_tag}" - - ##################### - # Namespaces Config - ##################### - operator_namespace = "${operator_namespace}" - telemetry_namespace = "${telemetry_namespace}" - namespaces = ${jsonencode(namespaces)} } \ No newline at end of file diff --git a/variables.tf b/variables.tf index 2a5555b..59d81d7 100644 --- a/variables.tf +++ b/variables.tf @@ -164,6 +164,27 @@ variable "versions" { chart_version = optional(string, "1.24.3") tag = optional(string, "2.9.1") }), {}) + + cribl = optional(object({ + chart_version = optional(string, "4.15.1") + app_version = optional(string, "4.15.1") + }), {}) + + otel = optional(object({ + auto_instrumentation_java_version = optional(string, "2.9.0") + collector_contrib_version = optional(string, "0.113.0-amd64") + collector_version = optional(string, "0.144.0") + helm_version = optional(string, "0.71.2") + version = optional(string, "0.110.0") + rbac_proxy_version = optional(string, "0.20.2") + }), {}) + + postgresql = optional(object({ + chart_version = optional(string, "16.5.0") + }), {}) + + utilities_tag = optional(string, "1.0.3") + postgres_exporter_tag = optional(string, "0.17.1-debian-12-r0") }) default = {} } @@ -228,7 +249,6 @@ variable "tags" { type = map(string) default = {} } - variable "create_repository" { description = "If true, a GitHub repository will be created and configured (internal use)" type = bool