diff --git a/README.md b/README.md index 5b36df3..0b51d07 100644 --- a/README.md +++ b/README.md @@ -87,42 +87,6 @@ output "repository_url" { } ``` -### Centralized Management Example - -You can use this module to manage multiple EKS cluster repositories from a central location: - -```hcl -# Production EKS Cluster Repository -module "prod_eks_cluster" { - source = "github.com/HappyPathway/terraform-eks-deployment" - - repository_name = "eks-prod-cluster" - repository_template_owner = "HappyPathway" - repository_template = "template-eks-cluster" - repository_teams = { - "platform-team" = "admin", - "prod-sre-team" = "maintain" - } - - # ...other configuration omitted for brevity -} - -# Development EKS Cluster Repository -module "dev_eks_cluster" { - source = "github.com/HappyPathway/terraform-eks-deployment" - - repository_name = "eks-dev-cluster" - repository_template_owner = "HappyPathway" - repository_template = "template-eks-cluster" - repository_teams = { - "platform-team" = "admin", - "dev-team" = "maintain" - } - - # ...other configuration omitted for brevity -} -``` - ## Generated Files The module automatically generates the following files in your new repository: diff --git a/ROADMAP.md b/ROADMAP.md index 12f698f..0667b5a 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,62 +1,47 @@ -# EKS Cluster Template Roadmap +# EKS Cluster Deployment Roadmap ## Current Architecture -- Template repository (`template-eks-cluster`) serves as the base for creating new EKS cluster configurations -- Uses Terraform GitHub repo module to create new repositories from the template -- Implements managed and non-managed extra files functionality -- Supports configuration through `config.json` +- **Terraform-Native Workflow**: The module provides a fully Terraform-native workflow for bootstrapping a single GitHub repository for an EKS cluster. +- **Declarative Configuration**: It uses a set of input variables (`account_config`, `vpc_config`, `cluster_config`) to define a cluster's configuration. +- **Dynamic HCL Generation**: The module automatically generates all necessary Terragrunt HCL files (`root.hcl`, `account.hcl`, `region.hcl`, etc.) from internal templates. +- **Wrapper Module**: This module acts as a sophisticated wrapper around the `terraform-github-repo` module, orchestrating repository creation, file generation, and team permission management. ## Planned Enhancements -### 1. Automated Cluster Setup (High Priority) -- [x] Add GitHub Actions workflows with workflow_dispatch triggers -- [x] Implement automated terragrunt command execution for cluster building - - [x] Support for plan/apply/destroy commands - - [x] Environment-specific execution - - [x] Automated testing framework -- [ ] Configure workflows to run on specific runners for credential management -- [ ] Create templatized GitHub Actions workflow files -- [ ] Enable direct cluster creation without manual repository cloning - -### 2. File Management System (Medium Priority) -- [ ] Implement wrapper module for repo module -- [ ] Add support for crafting and injecting various configuration files -- [ ] Define file lifecycle management strategy - - [ ] Managed files (controlled by workspace) - - [ ] Non-managed files (user-modifiable) - -### 3. Version Management (Medium Priority) -- [ ] Implement version control strategy for `default-versions.hcl` -- [ ] Create system for managing platform release versions -- [ ] Set up version override mechanism - - [ ] Default versions in template repo - - [ ] Override capability in workspace creating repos - -### 4. Configuration Management (Low Priority) -- [ ] Enhance Makefile and Ansible playbook integration -- [ ] Improve configuration file templating -- [ ] Add validation for configuration files +### 1. Version and Configuration Management (High Priority) +- [x] Implement version control strategy for `default-versions.hcl` +- [x] Create system for managing platform release versions +- [x] Set up version override mechanism +- [ ] Add validation for configuration files to fail early on invalid inputs. +- [ ] Integrate a robust versioning strategy for the module itself, using tags. + +### 2. Automated Cluster Deployment (Medium Priority) +- [ ] Create templatized GitHub Actions workflow files that can be injected into the created repository. +- [ ] Configure workflows to run on specific runners for secure credential management. +- [ ] Implement automated `terragrunt plan/apply` execution within the generated workflows. + +### 3. Module and Documentation Refinements (Low Priority) +- [ ] Enhance documentation with more detailed examples, including edge cases. +- [ ] Add contribution guidelines and a developer guide. +- [ ] Refactor and clean up any legacy code or unused variables. + +## Completed Milestones + +- **Terraform-Native Migration**: Successfully replaced the legacy Lambda/Ansible workflow with a unified, Terraform-native solution for repository bootstrapping. +- **File Management System**: Implemented a robust system for crafting and injecting configuration files directly via Terraform, fulfilling the core requirement of the "File Management System" epic. ## Technical Considerations -1. File Lifecycle Management: - - Managed files: Controlled by workspace - - Non-managed files: User-modifiable post-creation - - Version-specific files: Platform release coordination - -2. Automation Requirements: - - GitHub Actions runner configuration - - Credential management - - Workflow templating - - Terragrunt integration - -3. Version Control Strategy: - - Module version collections - - Platform release versions - - Override mechanisms +1. **Automation Requirements**: + - GitHub Actions runner configuration for secure AWS authentication. + - Workflow templating to dynamically generate CI/CD pipelines. + - Seamless Terragrunt integration within the automated workflows. + +2. **Version Control Strategy**: + - Centralized management of component versions (EKS, Istio, etc.). + - Clear override mechanisms for environment-specific versioning. ## Success Criteria -- Fully automated cluster creation process -- Minimal manual intervention required -- Proper version management system -- Clear file lifecycle management -- Secure credential handling \ No newline at end of file +- Fully automated repository and cluster configuration process. +- A clear, maintainable, and scalable version management system. +- Secure and automated CI/CD pipelines for deploying EKS clusters. +- Comprehensive documentation that empowers users and contributors. \ No newline at end of file diff --git a/examples/basic/.terraform_commits b/examples/basic/.terraform_commits new file mode 100644 index 0000000..722dfa1 --- /dev/null +++ b/examples/basic/.terraform_commits @@ -0,0 +1,26 @@ +[ + { + "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a", + "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow", + "author": "Your Name", + "timestamp": "2025-09-04T13:49:32.940158" + }, + { + "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a", + "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow", + "author": "Your Name", + "timestamp": "2025-09-04T13:52:48.384810" + }, + { + "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a", + "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow", + "author": "Your Name", + "timestamp": "2025-09-04T14:36:08.594715" + }, + { + "commit_hash": "2d1a9976c65f53b370b4a3ff0829394449127d5a", + "commit_message": "Fix formatting of runs-on value in GitHub Actions workflow", + "author": "Your Name", + "timestamp": "2025-09-04T15:59:08.094373" + } +] \ No newline at end of file diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 8a43420..0929f07 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,16 +1,22 @@ +provider "aws" { +} + +data "aws_secretsmanager_secret_version" "github_token" { + secret_id = "/eks-cluster-deployment/github_token" +} + provider "github" { - # Configuration expected from environment variables: - # GITHUB_TOKEN - # GITHUB_OWNER (optional) + token = data.aws_secretsmanager_secret_version.github_token.secret_string } module "eks_deployment" { source = "../../" # Repository configuration - repository_name = "eks-test-cluster" - repository_template_owner = "HappyPathway" - repository_template = "template-eks-cluster" + name = "eks-test-cluster" + template_repo_org = "SCT-Engineering" + repository_template = "template-eks-cluster" + is_private = false # Set to false to make the repository public repository_teams = { "platform-team" = "admin", "devops-team" = "maintain", @@ -18,26 +24,19 @@ module "eks_deployment" { } # Basic settings - organization = "my-org" + organization = "SCT-Engineering" environment = "dev" - region = "us-east-1" + region = "us-gov-west-1" github_server_url = "https://github.e.it.census.gov" - # Account configuration - account_config = { - account_name = "dev-account" - aws_account_id = "123456789012" - environment_abbr = "dev" - } - - # VPC configuration - vpc_config = { - vpc_name = "dev-vpc" - vpc_domain_name = "dev.example.com" - } - # Cluster configuration cluster_config = { + account_name = "dev-account" + aws_account_id = "123456789012" + environment_abbr = "dev" + aws_profile = "default" + vpc_name = "dev-vpc" + vpc_domain_name = "dev.example.com" cluster_name = "dev-eks-01" cluster_mailing_list = "team@example.com" eks_instance_disk_size = 100 diff --git a/examples/basic/varfiles/default.json b/examples/basic/varfiles/default.json new file mode 100644 index 0000000..9e26dfe --- /dev/null +++ b/examples/basic/varfiles/default.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf deleted file mode 100644 index 73092ff..0000000 --- a/examples/basic/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "github_token" { - description = "GitHub token for API operations" - type = string - sensitive = true -} \ No newline at end of file diff --git a/main.tf b/main.tf index 44543f7..60094d7 100644 --- a/main.tf +++ b/main.tf @@ -1,26 +1,25 @@ locals { - # Render the HCL files from templates rendered_files = { "root.hcl" : templatefile("${path.module}/templates/root.hcl.tf.tpl", { environment = var.environment }), - "${var.environment}/account.hcl" : templatefile("${path.module}/templates/account.hcl.tf.tpl", { - account_name = var.account_config.account_name, - aws_account_id = var.account_config.aws_account_id, + "environment/account.hcl" : templatefile("${path.module}/templates/account.hcl.tf.tpl", { + account_name = var.cluster_config.account_name, + aws_account_id = var.cluster_config.aws_account_id, environment = var.environment, - environment_abbr = var.account_config.environment_abbr + environment_abbr = var.cluster_config.environment_abbr }), - "${var.environment}/${var.region}/region.hcl" : templatefile("${path.module}/templates/region.hcl.tf.tpl", { - environment = var.environment, - aws_region = var.region + "environment/region/region.hcl" : templatefile("${path.module}/templates/region.hcl.tf.tpl", { + aws_region = var.region, + environment = var.environment }), - "${var.environment}/${var.region}/vpc/vpc.hcl" : templatefile("${path.module}/templates/vpc.hcl.tf.tpl", { + "environment/region/vpc/vpc.hcl" : templatefile("${path.module}/templates/vpc.hcl.tf.tpl", { + vpc_name = var.cluster_config.vpc_name, + vpc_domain_name = var.cluster_config.vpc_domain_name, environment = var.environment, - aws_region = var.region, - vpc_name = var.vpc_config.vpc_name, - vpc_domain_name = var.vpc_config.vpc_domain_name + aws_region = var.region }), - "${var.environment}/${var.region}/vpc/${var.cluster_config.cluster_name}/cluster.hcl" : templatefile("${path.module}/templates/cluster.hcl.tf.tpl", { + "environment/region/vpc/cluster/cluster.hcl" : templatefile("${path.module}/templates/cluster.hcl.tf.tpl", { cluster_name = var.cluster_config.cluster_name, cluster_mailing_list = var.cluster_config.cluster_mailing_list, eks_instance_disk_size = var.cluster_config.eks_instance_disk_size, @@ -36,26 +35,25 @@ locals { }), "README.md" : templatefile("${path.module}/templates/README.md.tf.tpl", { environment = var.environment, - aws_region = var.region, - cluster_name = var.cluster_config.cluster_name + cluster_name = var.cluster_config.cluster_name, + aws_region = var.region }) } } module "github_repo" { - source = "HappyPathway/repo/github" + source = "github.com/HappyPathway/terraform-github-repo" - name = var.repository_name + name = var.name repo_org = var.organization github_repo_description = "EKS Cluster Configuration for ${var.cluster_config.cluster_name}" github_repo_topics = ["eks", "kubernetes", "terraform", "infrastructure"] + force_name = var.force_name - template = { - owner = var.repository_template_owner - repository = var.repository_template - } + template_repo_org = var.repository_template_owner + template_repo = var.repository_template - github_is_private = true + github_is_private = var.is_private github_has_issues = true github_has_wiki = true github_has_projects = true @@ -66,12 +64,19 @@ module "github_repo" { content = content } ] - - teams = var.repository_teams + archive_on_destroy = false + github_org_teams = [ + for team, permission in var.repository_teams : { + team_name = team + permission = permission + slug = lower(replace(team, " ", "-")) + id = null # Changed from team_id to id as expected by the module + bypass_rules = false + } + ] } # The EKS deployment logic will go here, and will be skipped if create_repository is true. -# For now, we are just implementing the repository creation part. output "repository_url" { description = "URL of the created repository" diff --git a/providers.tf b/providers.tf index e01c942..c5ea7b3 100644 --- a/providers.tf +++ b/providers.tf @@ -4,11 +4,9 @@ terraform { source = "integrations/github" version = ">= 5.0" } + aws = { + source = "hashicorp/aws" + version = ">= 5.0" + } } -} - -provider "github" { - # Configuration is expected from environment variables: - # GITHUB_TOKEN - # GITHUB_OWNER (optional) } \ No newline at end of file diff --git a/templates/README.md.tf.tpl b/templates/README.md.tf.tpl index 6e0c463..75175a8 100644 --- a/templates/README.md.tf.tpl +++ b/templates/README.md.tf.tpl @@ -16,7 +16,7 @@ To apply this configuration: 1. Change to the directory of the module you want to deploy: ``` - cd ${environment}/${aws_region}/vpc/${cluster_name}/eks + cd environment/region/vpc/cluster/eks ``` 2. Initialize and apply the Terragrunt configuration: diff --git a/variables.tf b/variables.tf index e43ad69..6ef71b2 100644 --- a/variables.tf +++ b/variables.tf @@ -1,11 +1,12 @@ variable "name" { - description = "Name of the repository" + description = "The name of the repository." type = string } variable "organization" { - description = "GitHub organization name" + description = "The organization to create the repository in." type = string + default = "HappyPathway" } variable "template_repo_org" { @@ -178,6 +179,11 @@ variable "cluster_config" { eks_ng_min_size = optional(number, 3) enable_cluster_creator_admin_permissions = optional(bool, true) tags = optional(map(string), {}) + module_enablement_overrides = optional(map(bool), {}) + finops_project_name = optional(string) + finops_project_number = optional(string) + finops_project_role = optional(string) + organization = optional(string) }) } @@ -244,14 +250,8 @@ variable "create_repository" { default = false } -variable "repository_name" { - description = "The name of the GitHub repository to create." - type = string - default = "" -} - variable "repository_teams" { - description = "A map of teams and their permissions for the new repository." + description = "A map of teams and their permissions to grant on the repository." type = map(string) default = {} } @@ -265,23 +265,17 @@ variable "repository_template" { variable "repository_template_owner" { description = "The owner of the template repository." type = string - default = "HappyPathway" + default = "SCT-Engineering" } -variable "cluster_config" { - description = "A map of configuration values for the cluster." - type = any - default = {} -} - -variable "account_config" { - description = "A map of configuration values for the account." - type = any - default = {} +variable "is_private" { + description = "Whether the repository should be private." + type = bool + default = true } -variable "vpc_config" { - description = "A map of configuration values for the vpc." - type = any - default = {} +variable "force_name" { + description = "Keep exact repository name (no date suffix)" + type = bool + default = true } \ No newline at end of file