diff --git a/examples/basic/main.tf b/examples/basic/main.tf index fcc16ea..860a3c3 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -16,13 +16,13 @@ module "eks_deployment" { github_server_url = "https://github.e.it.census.gov" cluster_config = { - cluster_name = "dev-eks-01" - account_name = "dev-account" - aws_account_id = "123456789012" - aws_profile = "dev-profile" + cluster_name = "dev-eks-01" + account_name = "dev-account" + aws_account_id = "123456789012" + aws_profile = "dev-profile" environment_abbr = "dev" - vpc_name = "dev-vpc" - vpc_domain_name = "dev.example.com" + vpc_name = "dev-vpc" + vpc_domain_name = "dev.example.com" } enable_modules = { @@ -32,7 +32,7 @@ module "eks_deployment" { } versions = { - cluster_version = "1.27" + cluster_version = "1.27" eks_module_version = "20.33.1" } } \ No newline at end of file diff --git a/locals.tf b/locals.tf index bc33459..aaa3ee4 100644 --- a/locals.tf +++ b/locals.tf @@ -1,166 +1,166 @@ locals { common_vars = merge({ - organization = "census:ocio:csvd" - project_name = "csvd_platformbaseline" - project_number = "fs0000000078" - project_role = "csvd_platformbaseline_app" + organization = "census:ocio:csvd" + project_name = "csvd_platformbaseline" + project_number = "fs0000000078" + project_role = "csvd_platformbaseline_app" state_bucket_prefix = "inf-tfstate" - state_table_name = "tf_remote_state" - route53_endpoints = {} + state_table_name = "tf_remote_state" + route53_endpoints = {} }, var.common_variables) # First define base namespaces without dependencies base_namespaces = { - cert-manager = "kube-system" - karpenter = "karpenter" + cert-manager = "kube-system" + karpenter = "karpenter" metrics-server = "kube-system" - postgresql = "kube-system" - keycloak = "keycloak" - gogatekeeper = "kube-system" - istio = "istio-system" - kiali = "istio-system" + postgresql = "kube-system" + keycloak = "keycloak" + gogatekeeper = "kube-system" + istio = "istio-system" + kiali = "istio-system" } # Then merge with telemetry namespaces all_namespaces = merge( local.base_namespaces, { - grafana = var.namespaces.telemetry_namespace + grafana = var.namespaces.telemetry_namespace k8s-dashboard = var.namespaces.telemetry_namespace - loki = var.namespaces.telemetry_namespace - otel = var.namespaces.telemetry_namespace - prometheus = var.namespaces.telemetry_namespace - tempo = var.namespaces.telemetry_namespace + loki = var.namespaces.telemetry_namespace + otel = var.namespaces.telemetry_namespace + prometheus = var.namespaces.telemetry_namespace + tempo = var.namespaces.telemetry_namespace }, var.namespaces.custom_namespaces ) namespaces = { - operator_namespace = var.namespaces.operator_namespace + operator_namespace = var.namespaces.operator_namespace telemetry_namespace = var.namespaces.telemetry_namespace - namespaces = local.all_namespaces + namespaces = local.all_namespaces } default_versions = { - cluster_version = var.versions.cluster_version + cluster_version = var.versions.cluster_version custom_service_eks_account = var.versions.release_version - eks_module_version = var.versions.eks_module_version - istio_ingress_version = var.versions.release_version - release_version = var.versions.release_version + eks_module_version = var.versions.eks_module_version + istio_ingress_version = var.versions.release_version + release_version = var.versions.release_version # Provider versions - aws_version = var.versions.aws_version - helm_version = var.versions.helm_version + aws_version = var.versions.aws_version + helm_version = var.versions.helm_version kubernetes_version = var.versions.kubernetes_version - null_version = var.versions.null_version - random_version = var.versions.random_version - template_version = var.versions.template_version - tf_version = var.versions.tf_version + null_version = var.versions.null_version + random_version = var.versions.random_version + template_version = var.versions.template_version + tf_version = var.versions.tf_version # Component versions - cert_manager_version = var.versions.cert_manager.version + cert_manager_version = var.versions.cert_manager.version cert_manager_helm_chart = var.versions.cert_manager.chart_version - cluster_issuer_name = var.versions.cert_manager.cluster_issuer_name + cluster_issuer_name = var.versions.cert_manager.cluster_issuer_name - gogatekeeper_tag = var.versions.gogatekeeper.tag + gogatekeeper_tag = var.versions.gogatekeeper.tag gogatekeeper_chart_version = var.versions.gogatekeeper.chart_version - grafana_hostname = var.versions.grafana.hostname + grafana_hostname = var.versions.grafana.hostname grafana_operator_chart_version = var.versions.grafana.operator_chart_version - grafana_operator_tag = var.versions.grafana.operator_tag - grafana_tag = var.versions.grafana.tag - os_shell_image_tag = var.versions.grafana.os_shell_image_tag + grafana_operator_tag = var.versions.grafana.operator_tag + grafana_tag = var.versions.grafana.tag + os_shell_image_tag = var.versions.grafana.os_shell_image_tag - istio_version = var.versions.istio.version + istio_version = var.versions.istio.version istio_namespace = var.versions.istio.namespace - dashboard_hostname = var.versions.k8s_dashboard.hostname + dashboard_hostname = var.versions.k8s_dashboard.hostname k8s_dashboard_metrics_scraper = var.versions.k8s_dashboard.metrics_scraper - k8s_dashboard_version = var.versions.k8s_dashboard.version + k8s_dashboard_version = var.versions.k8s_dashboard.version karpenter_helm_chart = var.versions.karpenter.helm_chart - karpenter_tag = var.versions.karpenter.tag + karpenter_tag = var.versions.karpenter.tag keycloak_chart_version = var.versions.keycloak.chart_version - keycloak_tag = var.versions.keycloak.tag - keycloak_hostname = var.versions.keycloak.hostname - keycloak_database = var.versions.keycloak.database - keycloak_username = var.versions.keycloak.username - keycloak_password = var.versions.keycloak.password - postgresql_tag = var.versions.keycloak.postgresql_tag - - kiali_operator_version = var.versions.kiali.operator_version + keycloak_tag = var.versions.keycloak.tag + keycloak_hostname = var.versions.keycloak.hostname + keycloak_database = var.versions.keycloak.database + keycloak_username = var.versions.keycloak.username + keycloak_password = var.versions.keycloak.password + postgresql_tag = var.versions.keycloak.postgresql_tag + + kiali_operator_version = var.versions.kiali.operator_version kiali_application_version = "v${var.versions.kiali.operator_version}" - loki_chart_version = var.versions.loki.chart_version - loki_tag = var.versions.loki.tag + loki_chart_version = var.versions.loki.chart_version + loki_tag = var.versions.loki.tag enterprise_logs_provisioner_tag = var.versions.loki.enterprise_logs_provisioner_tag - gateway_tag = var.versions.loki.gateway_tag - memcached_tag = var.versions.loki.memcached_tag - exporter_tag = var.versions.loki.exporter_tag - sidecar_tag = var.versions.loki.sidecar_tag + gateway_tag = var.versions.loki.gateway_tag + memcached_tag = var.versions.loki.memcached_tag + exporter_tag = var.versions.loki.exporter_tag + sidecar_tag = var.versions.loki.sidecar_tag metrics_server_helm_chart = var.versions.metrics_server.helm_chart - metrics_server_tag = var.versions.metrics_server.tag + metrics_server_tag = var.versions.metrics_server.tag - prometheus_chart_version = var.versions.prometheus.chart_version - prometheus_server_tag = var.versions.prometheus.server_tag + prometheus_chart_version = var.versions.prometheus.chart_version + prometheus_server_tag = var.versions.prometheus.server_tag prometheus_config_reloader_tag = var.versions.prometheus.config_reloader_tag - alertmanager_tag = var.versions.prometheus.alertmanager_tag - kube_state_metrics_tag = var.versions.prometheus.kube_state_metrics_tag - node_exporter_tag = var.versions.prometheus.node_exporter_tag - pushgateway_tag = var.versions.prometheus.pushgateway_tag + alertmanager_tag = var.versions.prometheus.alertmanager_tag + kube_state_metrics_tag = var.versions.prometheus.kube_state_metrics_tag + node_exporter_tag = var.versions.prometheus.node_exporter_tag + pushgateway_tag = var.versions.prometheus.pushgateway_tag tempo_chart_version = var.versions.tempo.chart_version - tempo_tag = var.versions.tempo.tag + tempo_tag = var.versions.tempo.tag # Add namespace configurations - operator_namespace = var.namespaces.operator_namespace + operator_namespace = var.namespaces.operator_namespace telemetry_namespace = var.namespaces.telemetry_namespace - namespaces = local.all_namespaces + namespaces = local.all_namespaces } config_json = jsonencode({ - environment = var.environment - region = var.region - cluster_dir = "platform-cluster" + environment = var.environment + region = var.region + cluster_dir = "platform-cluster" enable_all_modules = var.enable_all_modules account = { - account_name = var.cluster_config.account_name - aws_account_id = var.cluster_config.aws_account_id - aws_profile = var.cluster_config.aws_profile + account_name = var.cluster_config.account_name + aws_account_id = var.cluster_config.aws_account_id + aws_profile = var.cluster_config.aws_profile environment_abbr = var.cluster_config.environment_abbr } vpc = { - vpc_name = var.cluster_config.vpc_name + vpc_name = var.cluster_config.vpc_name vpc_domain_name = var.cluster_config.vpc_domain_name } cluster = { - cluster_name = var.cluster_config.cluster_name - cluster_mailing_list = var.cluster_config.cluster_mailing_list - eks_instance_disk_size = var.cluster_config.eks_instance_disk_size - eks_ng_desired_size = var.cluster_config.eks_ng_desired_size - eks_ng_max_size = var.cluster_config.eks_ng_max_size - eks_ng_min_size = var.cluster_config.eks_ng_min_size + cluster_name = var.cluster_config.cluster_name + cluster_mailing_list = var.cluster_config.cluster_mailing_list + eks_instance_disk_size = var.cluster_config.eks_instance_disk_size + eks_ng_desired_size = var.cluster_config.eks_ng_desired_size + eks_ng_max_size = var.cluster_config.eks_ng_max_size + eks_ng_min_size = var.cluster_config.eks_ng_min_size enable_cluster_creator_admin_permissions = var.cluster_config.enable_cluster_creator_admin_permissions - tags = var.cluster_config.tags + tags = var.cluster_config.tags } modules = var.enable_modules }) managed_extra_files = concat([ { - path = "config.json" + path = "config.json" content = local.config_json }, { - path = "_envcommon/default-versions.hcl" + path = "_envcommon/default-versions.hcl" content = templatefile("${path.module}/templates/default-versions.hcl", local.default_versions) }, { - path = "_envcommon/common-variables.hcl" + path = "_envcommon/common-variables.hcl" content = templatefile("${path.module}/templates/common-variables.hcl", local.common_vars) } - ], + ], var.github_actions_workflows) } \ No newline at end of file diff --git a/main.tf b/main.tf index a3f9395..7c416a6 100644 --- a/main.tf +++ b/main.tf @@ -1,44 +1,79 @@ +locals { + # Render the HCL files from templates + rendered_files = { + "root.hcl" : templatefile("${path.module}/templates/root.hcl.tf.tpl", { + environment = var.environment + }), + "${var.environment}/account.hcl" : templatefile("${path.module}/templates/account.hcl.tf.tpl", { + account_name = var.account_config.account_name, + aws_account_id = var.account_config.aws_account_id, + environment = var.environment, + environment_abbr = var.account_config.environment_abbr + }), + "${var.environment}/${var.region}/region.hcl" : templatefile("${path.module}/templates/region.hcl.tf.tpl", { + environment = var.environment, + aws_region = var.region + }), + "${var.environment}/${var.region}/vpc/vpc.hcl" : templatefile("${path.module}/templates/vpc.hcl.tf.tpl", { + environment = var.environment, + aws_region = var.region, + vpc_name = var.vpc_config.vpc_name, + vpc_domain_name = var.vpc_config.vpc_domain_name + }), + "${var.environment}/${var.region}/vpc/${var.cluster_config.cluster_name}/cluster.hcl" : templatefile("${path.module}/templates/cluster.hcl.tf.tpl", { + cluster_name = var.cluster_config.cluster_name, + cluster_mailing_list = var.cluster_config.cluster_mailing_list, + eks_instance_disk_size = var.cluster_config.eks_instance_disk_size, + eks_ng_desired_size = var.cluster_config.eks_ng_desired_size, + eks_ng_max_size = var.cluster_config.eks_ng_max_size, + eks_ng_min_size = var.cluster_config.eks_ng_min_size, + organization = var.cluster_config.organization, + finops_project_name = var.cluster_config.finops_project_name, + finops_project_number = var.cluster_config.finops_project_number, + finops_project_role = var.cluster_config.finops_project_role, + tags = var.cluster_config.tags, + module_enablement_overrides = var.cluster_config.module_enablement_overrides + }) + } +} + module "github_repo" { - source = "HappyPathway/repo/github" + source = "github.com/HappyPathway/terraform-github-repo" - name = var.name - repo_org = var.organization + name = var.repository_name + repo_org = var.organization github_repo_description = "EKS Cluster Configuration for ${var.cluster_config.cluster_name}" - github_repo_topics = ["eks", "kubernetes", "terraform", "infrastructure"] - - template_repo = "template-eks-cluster" - template_repo_org = var.template_repo_org - - github_is_private = true - github_has_issues = true - github_has_wiki = true - github_has_projects = true - - managed_extra_files = concat( - local.managed_extra_files, - var.managed_extra_files - ) - extra_files = var.extra_files -} + github_repo_topics = ["eks", "kubernetes", "terraform", "infrastructure"] -resource "null_resource" "trigger_workflow" { - triggers = { - github_repo_name = module.github_repo.full_name + template = { + owner = var.repository_template_owner + repository = var.repository_template } - provisioner "local-exec" { - command = "python3 scripts/trigger_workflow.py ${module.github_repo.full_name} cluster-plan '{\"environment\":\"${var.environment}\",\"region\":\"${var.region}\",\"cluster_dir\":\"${var.cluster_config.cluster_name}\",\"auto_approve\":true}'" - } + github_is_private = true + github_has_issues = true + github_has_wiki = true + github_has_projects = true - depends_on = [module.github_repo] + files = [ + for path, content in local.rendered_files : { + path = path + content = content + } + ] + + teams = var.repository_teams } +# The EKS deployment logic will go here, and will be skipped if create_repository is true. +# For now, we are just implementing the repository creation part. + output "repository_url" { description = "URL of the created repository" - value = module.github_repo.html_url + value = module.github_repo.html_url } output "ssh_clone_url" { description = "SSH clone URL of the repository" - value = module.github_repo.ssh_clone_url + value = module.github_repo.ssh_clone_url } \ No newline at end of file diff --git a/templates/account.hcl.tf.tpl b/templates/account.hcl.tf.tpl new file mode 100644 index 0000000..83d3336 --- /dev/null +++ b/templates/account.hcl.tf.tpl @@ -0,0 +1,11 @@ +# ${environment}/environment.hcl + +# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + account_name = "${account_name}" + aws_account_id = "${aws_account_id}" + aws_profile = format("%v-%v", local.aws_account_id, replace(local.account_name, "-ew", "-gov")) + environment = "${environment}" + environment_abbr = "${environment_abbr}" +} diff --git a/templates/cluster.hcl.tf.tpl b/templates/cluster.hcl.tf.tpl new file mode 100644 index 0000000..0a30d6c --- /dev/null +++ b/templates/cluster.hcl.tf.tpl @@ -0,0 +1,15 @@ +locals { + # Cluster specific configuration + cluster_name = "${cluster_name}" + cluster_mailing_list = "${cluster_mailing_list}" + eks_instance_disk_size = ${eks_instance_disk_size} + eks_ng_desired_size = ${eks_ng_desired_size} + eks_ng_max_size = ${eks_ng_max_size} + eks_ng_min_size = ${eks_ng_min_size} + organization = "${organization}" + finops_project_name = "${finops_project_name}" + finops_project_number = "${finops_project_number}" + finops_project_role = "${finops_project_role}" + tags = ${jsonencode(tags)} + module_enablement_overrides = ${jsonencode(module_enablement_overrides)} +} diff --git a/templates/region.hcl.tf.tpl b/templates/region.hcl.tf.tpl new file mode 100644 index 0000000..dc6c306 --- /dev/null +++ b/templates/region.hcl.tf.tpl @@ -0,0 +1,7 @@ +# ${environment}/${aws_region}/region.hcl + +# Set common variables for the region. This is automatically pulled in in the root terragrunt.hcl configuration to +# configure the remote state bucket and pass forward to the child modules as inputs. +locals { + aws_region = "${aws_region}" +} diff --git a/templates/root.hcl.tf.tpl b/templates/root.hcl.tf.tpl new file mode 100644 index 0000000..2946d47 --- /dev/null +++ b/templates/root.hcl.tf.tpl @@ -0,0 +1,171 @@ +# $${environment}/root.hcl +# --------------------------------------------------------------------------------------------------------------------- +# TERRAGRUNT CONFIGURATION +# Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules, +# remote state, and locking: https://github.com/gruntwork-io/terragrunt +# --------------------------------------------------------------------------------------------------------------------- +locals { + # Automatically load account-level variables (NOTE: In our environment account = environment so there is not separate environment layer) + account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl")) + + # Automatically load cluster-level variables + cluster_vars = read_terragrunt_config(find_in_parent_folders("cluster.hcl")) + + # Automatically load _envcommon, cross account and environment common variables + common_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/common-variables.hcl")) + + # Automatically load naming prefixes + prefix_vars = read_terragrunt_config(find_in_parent_folders("./_envcommon/prefixes.hcl")) + + # Automatically load region-level variables + region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl")) + + # Automatically load versions + versions = read_terragrunt_config(find_in_parent_folders("./_envcommon/default-versions.hcl")) + + # Automatically load vpc-level variables + vpc_vars = read_terragrunt_config(find_in_parent_folders("vpc.hcl")) + + # Add any other locals you want to expose + # only expose things not already included via local.xxx_vars.locals.* + root_locals_for_inputs = { + is_module_enabled = local.is_module_enabled + module_name = local.module_name + } + + # Extract the variables we need for easy access + account_id = local.account_vars.locals.aws_account_id + account_name = local.account_vars.locals.account_name + aws_profile = local.account_vars.locals.aws_profile + aws_region = local.region_vars.locals.aws_region + cluster_name = local.cluster_vars.locals.cluster_name + eecr_info = local.common_vars.locals.eecr_info + environment_abbr = local.account_vars.locals.environment_abbr + finops_project_name = local.cluster_vars.locals.finops_project_name + finops_project_number = local.cluster_vars.locals.finops_project_number + finops_project_role = local.cluster_vars.locals.finops_project_role + is_eks_module = local.module_name == "eks" + prefixes = local.prefix_vars.locals.prefixes + is_module_enabled = merge( + { for module in local.versions.locals.core_modules : module => true }, + local.versions.locals.enabled_modules, + local.module_overrides + ) + module_name = basename(get_original_terragrunt_dir()) + module_overrides = local.cluster_vars.locals.module_enablement_overrides + organization = local.cluster_vars.locals.organization + state_bucket_prefix = local.common_vars.locals.state_bucket_prefix + state_table_name = local.common_vars.locals.state_table_name +} + +# Only generate providers for non-EKS modules +generate "cluster_data" { + path = "cluster-data.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + data "aws_eks_clusters" "available" {} + + locals { + cluster_exists = contains(data.aws_eks_clusters.available.names, "$${local.cluster_name}") + } + + data "aws_eks_cluster" "this" { + count = local.cluster_exists ? 1 : 0 + name = "$${local.cluster_name}" + } + + data "aws_eks_cluster_auth" "this" { + count = local.cluster_exists ? 1 : 0 + name = "$${local.cluster_name}" + } + EOF +} + +# Generate provider blocks only for non-EKS modules +generate "kube_provider" { + path = "kube-provider.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + provider "kubernetes" { + host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" + cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null + token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" + } + EOF +} + +generate "helm_provider" { + path = "helm-provider.tf" + if_exists = "overwrite_terragrunt" + contents = local.is_eks_module ? "" : <<-EOF + provider "helm" { + kubernetes = { + host = local.cluster_exists ? data.aws_eks_cluster.this[0].endpoint : "https://dummy" + cluster_ca_certificate = local.cluster_exists ? base64decode(data.aws_eks_cluster.this[0].certificate_authority[0].data) : null + token = local.cluster_exists ? data.aws_eks_cluster_auth.this[0].token : "dummy" + } + } + EOF +} + +# Configure Terragrunt to automatically store tfstate files in an S3 bucket +remote_state { + disable_init = tobool(get_env("TG_DISABLE_INIT", "false")) + backend = "s3" + generate = { + path = "remote_state.backend.tf" + if_exists = "overwrite_terragrunt" + } + config = { + bucket = "$${local.state_bucket_prefix}-$${local.account_id}" + use_lockfile = true + key = "$${trimprefix(replace(run_cmd("realpath", get_original_terragrunt_dir()), dirname(get_repo_root()), ""), "/")}/terraform.tfstate" + profile = "$${local.aws_profile}" + region = "$${local.aws_region}" + disable_bucket_update = true + } +} + +# Generate an AWS provider block +generate "aws-provider" { + path = "aws-provider.tf" + if_exists = "overwrite" + contents = <<-EOF + provider "aws" { + region = "$${local.aws_region}" + profile = "$${local.aws_profile}" + default_tags { + tags = { + cluster_name = "$${local.cluster_name}" + "boc:module_name" = "$${local.module_name}" + environment = "$${local.environment_abbr}" + finops_project_name = "$${local.finops_project_name}" + finops_project_number = "$${local.finops_project_number}" + finops_project_role = "$${local.finops_project_role}" + organization = "$${local.organization}" + } + } + # Only these AWS Account IDs may be operated on by this template + allowed_account_ids = ["$${local.account_id}"] + } +EOF +} + +# --------------------------------------------------------------------------------------------------------------------- +# GLOBAL PARAMETERS +# These variables apply to all configurations in this subfolder. These are automatically merged into the child +# `terragrunt.hcl` config via the include block. +# --------------------------------------------------------------------------------------------------------------------- + +# Configure root level variables that all resources can inherit. This is especially helpful with multi-account configs +# where terraform_remote_state data sources are placed directly into the modules. +inputs = merge( + local.account_vars.locals, + local.cluster_vars.locals, + local.common_vars.locals, + local.prefix_vars.locals, + local.region_vars.locals, + local.versions.locals, + local.vpc_vars.locals, + local.root_locals_for_inputs +) diff --git a/templates/vpc.hcl.tf.tpl b/templates/vpc.hcl.tf.tpl new file mode 100644 index 0000000..9e95ad9 --- /dev/null +++ b/templates/vpc.hcl.tf.tpl @@ -0,0 +1,8 @@ +# ${environment}/${aws_region}/vpc/vpc.hcl + +# Set VPC specific variables. These are automatically pulled in to configure the remote state bucket in the root +# terragrunt.hcl configuration. +locals { + vpc_name = "${vpc_name}" + vpc_domain_name = "${vpc_domain_name}" +} diff --git a/variables.tf b/variables.tf index 23992cc..e43ad69 100644 --- a/variables.tf +++ b/variables.tf @@ -26,15 +26,15 @@ variable "region" { variable "common_variables" { description = "Common variables across all environments" type = object({ - organization = optional(string, "census:ocio:csvd") - project_name = optional(string, "csvd_platformbaseline") - project_number = optional(string, "fs0000000078") - project_role = optional(string, "csvd_platformbaseline_app") + organization = optional(string, "census:ocio:csvd") + project_name = optional(string, "csvd_platformbaseline") + project_number = optional(string, "fs0000000078") + project_role = optional(string, "csvd_platformbaseline_app") state_bucket_prefix = optional(string, "inf-tfstate") - state_table_name = optional(string, "tf_remote_state") + state_table_name = optional(string, "tf_remote_state") route53_endpoints = optional(map(object({ - account_id = string - alias = string + account_id = string + alias = string us-gov-east-1 = string us-gov-west-1 = string })), {}) @@ -46,62 +46,62 @@ variable "versions" { description = "Version configurations for various components" type = object({ # Module Versions - cluster_version = optional(string, "1.31") + cluster_version = optional(string, "1.31") eks_module_version = optional(string, "20.33.1") - release_version = optional(string, "main") + release_version = optional(string, "main") # TF Providers - aws_version = optional(string, "5.84.0") - helm_version = optional(string, "2.11.0") + aws_version = optional(string, "5.84.0") + helm_version = optional(string, "2.11.0") kubernetes_version = optional(string, "2.33.0") - null_version = optional(string, "3.2.1") - random_version = optional(string, "3.5.1") - template_version = optional(string, "2.2.0") - tf_version = optional(string, "1.5.5") + null_version = optional(string, "3.2.1") + random_version = optional(string, "3.5.1") + template_version = optional(string, "2.2.0") + tf_version = optional(string, "1.5.5") # Component Versions cert_manager = optional(object({ - version = optional(string, "1.17.1") - chart_version = optional(string, "1.17.1") + version = optional(string, "1.17.1") + chart_version = optional(string, "1.17.1") cluster_issuer_name = optional(string, "cert-manager") }), {}) gogatekeeper = optional(object({ - tag = optional(string, "3.2.1") + tag = optional(string, "3.2.1") chart_version = optional(string, "0.1.53") }), {}) grafana = optional(object({ - hostname = optional(string, "grafana") + hostname = optional(string, "grafana") operator_chart_version = optional(string, "4.9.8") - operator_tag = optional(string, "5.16.0") - tag = optional(string, "11.5.2") - os_shell_image_tag = optional(string, "12") + operator_tag = optional(string, "5.16.0") + tag = optional(string, "11.5.2") + os_shell_image_tag = optional(string, "12") }), {}) istio = optional(object({ - version = optional(string, "1.25.0") + version = optional(string, "1.25.0") namespace = optional(string, "istio-system") }), {}) k8s_dashboard = optional(object({ - hostname = optional(string, "dashboard") + hostname = optional(string, "dashboard") metrics_scraper = optional(string, "1.0.8") - version = optional(string, "6.0.6") + version = optional(string, "6.0.6") }), {}) karpenter = optional(object({ helm_chart = optional(string, "1.3.1") - tag = optional(string, "1.3.1") + tag = optional(string, "1.3.1") }), {}) keycloak = optional(object({ - chart_version = optional(string, "24.4.11") - tag = optional(string, "26.1.3") - hostname = optional(string, "keycloak") - database = optional(string, "keycloak") - username = optional(string, "keycloak") - password = optional(string, "this is my very secure and totally random password horse battery staple now") + chart_version = optional(string, "24.4.11") + tag = optional(string, "26.1.3") + hostname = optional(string, "keycloak") + database = optional(string, "keycloak") + username = optional(string, "keycloak") + password = optional(string, "this is my very secure and totally random password horse battery staple now") postgresql_tag = optional(string, "17.4.0-debian-12-r2") }), {}) @@ -110,33 +110,33 @@ variable "versions" { }), {}) loki = optional(object({ - chart_version = optional(string, "6.27.0") - tag = optional(string, "3.4.2") + chart_version = optional(string, "6.27.0") + tag = optional(string, "3.4.2") enterprise_logs_provisioner_tag = optional(string, "v1.7.0") - gateway_tag = optional(string, "1.27-alpine") - memcached_tag = optional(string, "1.6.37") - exporter_tag = optional(string, "v0.15.0") - sidecar_tag = optional(string, "1.27.4") + gateway_tag = optional(string, "1.27-alpine") + memcached_tag = optional(string, "1.6.37") + exporter_tag = optional(string, "v0.15.0") + sidecar_tag = optional(string, "1.27.4") }), {}) metrics_server = optional(object({ helm_chart = optional(string, "3.12.2") - tag = optional(string, "0.7.2") + tag = optional(string, "0.7.2") }), {}) prometheus = optional(object({ - chart_version = optional(string, "27.5.1") - server_tag = optional(string, "v3.2.1") - config_reloader_tag = optional(string, "v0.75.2") - alertmanager_tag = optional(string, "v0.28.0") + chart_version = optional(string, "27.5.1") + server_tag = optional(string, "v3.2.1") + config_reloader_tag = optional(string, "v0.75.2") + alertmanager_tag = optional(string, "v0.28.0") kube_state_metrics_tag = optional(string, "v2.15.0") - node_exporter_tag = optional(string, "v1.9.0") - pushgateway_tag = optional(string, "v1.11.0") + node_exporter_tag = optional(string, "v1.9.0") + pushgateway_tag = optional(string, "v1.11.0") }), {}) tempo = optional(object({ chart_version = optional(string, "1.18.2") - tag = optional(string, "2.7.1") + tag = optional(string, "2.7.1") }), {}) }) default = {} @@ -145,17 +145,17 @@ variable "versions" { variable "namespaces" { description = "Namespace configurations" type = object({ - operator_namespace = optional(string, "aoperator") + operator_namespace = optional(string, "aoperator") telemetry_namespace = optional(string, "atelemetry") custom_namespaces = optional(map(string), { - cert-manager = "kube-system" - karpenter = "karpenter" + cert-manager = "kube-system" + karpenter = "karpenter" metrics-server = "kube-system" - postgresql = "kube-system" - keycloak = "keycloak" - gogatekeeper = "kube-system" - istio = "istio-system" - kiali = "istio-system" + postgresql = "kube-system" + keycloak = "keycloak" + gogatekeeper = "kube-system" + istio = "istio-system" + kiali = "istio-system" }) }) default = {} @@ -164,20 +164,20 @@ variable "namespaces" { variable "cluster_config" { description = "Configuration for the EKS cluster" type = object({ - cluster_name = string - account_name = string - aws_account_id = string - aws_profile = string - environment_abbr = string - vpc_name = string - vpc_domain_name = string - cluster_mailing_list = optional(string) - eks_instance_disk_size = optional(number, 200) - eks_ng_desired_size = optional(number, 3) - eks_ng_max_size = optional(number, 10) - eks_ng_min_size = optional(number, 3) + cluster_name = string + account_name = string + aws_account_id = string + aws_profile = string + environment_abbr = string + vpc_name = string + vpc_domain_name = string + cluster_mailing_list = optional(string) + eks_instance_disk_size = optional(number, 200) + eks_ng_desired_size = optional(number, 3) + eks_ng_max_size = optional(number, 10) + eks_ng_min_size = optional(number, 3) enable_cluster_creator_admin_permissions = optional(bool, true) - tags = optional(map(string), {}) + tags = optional(map(string), {}) }) } @@ -186,9 +186,9 @@ variable "enable_modules" { type = object({ gogatekeeper = optional(bool, false) cert_manager = optional(bool, false) - prometheus = optional(bool, false) - grafana = optional(bool, false) - istio = optional(bool, false) + prometheus = optional(bool, false) + grafana = optional(bool, false) + istio = optional(bool, false) }) default = {} } @@ -196,7 +196,7 @@ variable "enable_modules" { variable "github_actions_workflows" { description = "List of GitHub Actions workflow files to add to the repository" type = list(object({ - path = string + path = string content = string })) default = [] @@ -230,4 +230,58 @@ variable "extra_files" { content = string })) default = [] +} + +variable "tags" { + description = "A map of tags to add to all resources." + type = map(string) + default = {} +} + +variable "create_repository" { + description = "If true, a GitHub repository will be created and configured." + type = bool + default = false +} + +variable "repository_name" { + description = "The name of the GitHub repository to create." + type = string + default = "" +} + +variable "repository_teams" { + description = "A map of teams and their permissions for the new repository." + type = map(string) + default = {} +} + +variable "repository_template" { + description = "The template repository to use when creating the new repository." + type = string + default = "template-eks-cluster" +} + +variable "repository_template_owner" { + description = "The owner of the template repository." + type = string + default = "HappyPathway" +} + +variable "cluster_config" { + description = "A map of configuration values for the cluster." + type = any + default = {} +} + +variable "account_config" { + description = "A map of configuration values for the account." + type = any + default = {} +} + +variable "vpc_config" { + description = "A map of configuration values for the vpc." + type = any + default = {} } \ No newline at end of file