update cluster workflow

README.md

@@ -87,6 +87,37 @@ output "repository_url" {
 }
 ```
 
+### Update an Existing Repository on a PR Branch
+
+Use this mode when the cluster repository already exists and you only want to update managed files on a branch for a pull request.
+
+```hcl
+module "eks_deployment" {
+  source = "../../"
+
+  name             = "csvd-dev-mcm"
+  organization     = "SCT-Engineering"
+  create_repository = false
+  files_branch     = "update/csvd-dev-mcm"
+
+  environment = "dev"
+  region      = "us-gov-east-1"
+
+  cluster_config = {
+    account_name         = "csvd-dev-gov"
+    aws_account_id       = "229685449397"
+    environment_abbr     = "dev"
+    vpc_name             = "vpc2-csvd-dev"
+    vpc_domain_name      = "dev.csvd.csp1.census.gov"
+    cluster_mailing_list = "matthew.c.morgan@census.gov"
+  }
+}
+```
+
+If `files_branch` does not already exist, create it first from your default branch, then run `terraform apply`.
+
+By default, this module now attempts to create `files_branch` automatically when `create_repository = false`, using the repository default branch as the source. You can override the source with `files_branch_source_branch`.
+
 ## Generated Files
 
 The module automatically generates the following files in your new repository:

examples/adsd-tools-dev/main.tf

@@ -19,15 +19,15 @@ module "eks_deployment" {
 
   # Cluster configuration - simplified interface
   cluster_config = {
-    account_name         = "adsd-tools-nonprod-gov"
-    aws_account_id       = "533109815932"
-    cluster_mailing_list = "adsd.enterprise.tools.support.branch.list@census.gov"
-    environment_abbr     = "prod"
+    account_name          = "adsd-tools-nonprod-gov"
+    aws_account_id        = "533109815932"
+    cluster_mailing_list  = "adsd.enterprise.tools.support.branch.list@census.gov"
+    environment_abbr      = "prod"
     finops_project_name   = "adsd_etdsb_tools_migration"
-    finops_project_number  = "fs0000000069"
-    finops_project_role    = "adsd_tools_mgrn_eks"
-    vpc_domain_name      = "dev.adsd.csp1.census.gov"
-    vpc_name             = "vpc3-inf-dev"
+    finops_project_number = "fs0000000069"
+    finops_project_role   = "adsd_tools_mgrn_eks"
+    vpc_domain_name       = "dev.adsd.csp1.census.gov"
+    vpc_name              = "vpc3-inf-dev"
     tags = {
       Owner       = "adsd.enterprise.tools.support.branch.list@census.gov"
       Environment = "development"

examples/basic/main.tf

@@ -19,15 +19,15 @@ module "eks_deployment" {
 
   # Cluster configuration - simplified interface
   cluster_config = {
-    account_name         = "ma6-gov"
-    aws_account_id       = "252960665057"
-    cluster_mailing_list = "adep.mojo.development.list@census.gov"
-    environment_abbr     = "dev"
+    account_name          = "ma6-gov"
+    aws_account_id        = "252960665057"
+    cluster_mailing_list  = "adep.mojo.development.list@census.gov"
+    environment_abbr      = "dev"
     finops_project_name   = "PPSI_DICE"
-    finops_project_number  = "fs0000000015"
-    finops_project_role    = "dice:dev:mojo"
-    vpc_domain_name      = "dev.dice.census.gov"
-    vpc_name             = "vpc2-dice-dev"
+    finops_project_number = "fs0000000015"
+    finops_project_role   = "dice:dev:mojo"
+    vpc_domain_name       = "dev.dice.census.gov"
+    vpc_name              = "vpc2-dice-dev"
     tags = {
       Owner       = "PETeam"
       Environment = "Development"

examples/csvd-dev-mcm/main.tf

@@ -13,21 +13,24 @@ module "eks_deployment" {
   source = "../../"
 
   # Repository and cluster configuration - single name for both
-  name        = "csvd-dev-mcm"
-  environment = "dev"
-  region      = "us-gov-east-1"
+  name              = "csvd-dev-mcm"
+  organization      = "SCT-Engineering"
+  create_repository = false
+  files_branch      = "update/csvd-dev-mcm"
+  environment       = "dev"
+  region            = "us-gov-east-1"
 
   # Cluster configuration - simplified interface
   cluster_config = {
-    account_name         = "csvd-dev-gov"
-    aws_account_id       = "229685449397"
-    cluster_mailing_list = "matthew.c.morgan@census.gov"
-    environment_abbr     = "dev"
+    account_name          = "csvd-dev-gov"
+    aws_account_id        = "229685449397"
+    cluster_mailing_list  = "matthew.c.morgan@census.gov"
+    environment_abbr      = "dev"
     finops_project_name   = "csvd_platformbaseline"
-    finops_project_number  = "fs0000000078"
-    finops_project_role    = "csvd_platformbaseline_eks"
-    vpc_domain_name      = "dev.csvd.csp1.census.gov"
-    vpc_name             = "vpc2-csvd-dev"
+    finops_project_number = "fs0000000078"
+    finops_project_role   = "csvd_platformbaseline_eks"
+    vpc_domain_name       = "dev.csvd.csp1.census.gov"
+    vpc_name              = "vpc2-csvd-dev"
     tags = {
       Owner       = "matthew.c.morgan@census.gov"
       Environment = "development"

examples/csvd-lab-mcm/main.tf

@@ -19,15 +19,15 @@ module "eks_deployment" {
 
   # Cluster configuration - simplified interface
   cluster_config = {
-    account_name         = "lab-dev-gov"
-    aws_account_id       = "224384469011"
-    cluster_mailing_list = "matthew.c.morgan@census.gov"
-    environment_abbr     = "dev"
+    account_name          = "lab-dev-gov"
+    aws_account_id        = "224384469011"
+    cluster_mailing_list  = "matthew.c.morgan@census.gov"
+    environment_abbr      = "dev"
     finops_project_name   = "csvd_platformbaseline"
-    finops_project_number  = "fs0000000078"
-    finops_project_role    = "csvd_platformbaseline_eks"
-    vpc_domain_name      = "dev.lab.csp2.census.gov"
-    vpc_name             = "vpc3-lab-dev"
+    finops_project_number = "fs0000000078"
+    finops_project_role   = "csvd_platformbaseline_eks"
+    vpc_domain_name       = "dev.lab.csp2.census.gov"
+    vpc_name              = "vpc3-lab-dev"
     tags = {
       Owner       = "matthew.c.morgan@census.gov"
       Environment = "development"

locals.tf

@@ -11,9 +11,7 @@ locals {
 
   # First define base namespaces without dependencies
   base_namespaces = {
-    cert-manager   = "kube-system"
     karpenter      = "karpenter"
-    metrics-server = "kube-system"
     postgresql     = "kube-system"
     keycloak       = "keycloak"
     gogatekeeper   = "kube-system"
@@ -58,8 +56,6 @@ locals {
     tf_version         = var.versions.tf_version
 
     # Component versions
-    cert_manager_version    = var.versions.cert_manager.version
-    cert_manager_helm_chart = var.versions.cert_manager.chart_version
     cluster_issuer_name     = var.versions.cert_manager.cluster_issuer_name
 
     gogatekeeper_tag           = var.versions.gogatekeeper.tag
@@ -74,10 +70,6 @@ locals {
     istio_version   = var.versions.istio.version
     istio_namespace = var.versions.istio.namespace
 
-    dashboard_hostname            = var.versions.k8s_dashboard.hostname
-    k8s_dashboard_metrics_scraper = var.versions.k8s_dashboard.metrics_scraper
-    k8s_dashboard_version         = var.versions.k8s_dashboard.version
-
     karpenter_helm_chart = var.versions.karpenter.helm_chart
     karpenter_tag        = var.versions.karpenter.tag
 
@@ -100,9 +92,6 @@ locals {
     exporter_tag                    = var.versions.loki.exporter_tag
     sidecar_tag                     = var.versions.loki.sidecar_tag
 
-    metrics_server_helm_chart = var.versions.metrics_server.helm_chart
-    metrics_server_tag        = var.versions.metrics_server.tag
-
     prometheus_chart_version       = var.versions.prometheus.chart_version
     prometheus_server_tag          = var.versions.prometheus.server_tag
     prometheus_config_reloader_tag = var.versions.prometheus.config_reloader_tag

main.tf

@@ -73,17 +73,33 @@ locals {
   }
 }
 
+data "github_repository" "existing_repo" {
+  count     = !var.create_repository && var.files_branch != null ? 1 : 0
+  full_name = "${var.organization}/${var.name}"
+}
+
+resource "github_branch" "files_branch" {
+  count         = !var.create_repository && var.files_branch != null ? 1 : 0
+  repository    = data.github_repository.existing_repo[0].name
+  branch        = var.files_branch
+  source_branch = var.files_branch_source_branch != null ? var.files_branch_source_branch : data.github_repository.existing_repo[0].default_branch
+}
+
 module "github_repo" {
   source = "git::git@github.e.it.census.gov:CSVD/terraform-github-repo.git"
 
   name                    = var.name
   repo_org                = var.organization
+  create_repo             = var.create_repository
+  create_codeowners       = var.create_repository
+  enforce_prs             = var.create_repository
+  files_branch            = var.files_branch
   github_repo_description = "EKS Cluster Configuration for ${var.name}"
   github_repo_topics      = ["eks", "kubernetes", "terraform", "infrastructure"]
   force_name              = var.force_name
 
-  template_repo_org = local.repository_defaults.template_owner
-  template_repo     = local.repository_defaults.template
+  template_repo_org = var.create_repository ? local.repository_defaults.template_owner : null
+  template_repo     = var.create_repository ? local.repository_defaults.template : null
 
   github_is_private   = false
   github_has_issues   = true
@@ -106,6 +122,10 @@ module "github_repo" {
       bypass_rules = false
     }
   ]
+
+  depends_on = [
+    github_branch.files_branch
+  ]
 }
 
 # The EKS deployment logic will go here, and will be skipped if create_repository is true.

templates/README.md.tf.tpl

@@ -1,4 +1,4 @@
-# EKS Cluster Configuration - ${upper(environment)}
+# EKS Cluster Configuration - ${upper(cluster_name)} - ${upper(environment)}
 
 This EKS cluster configuration was generated using Terraform and the terraform-eks-deployment module.
 
@@ -28,7 +28,7 @@ To apply this configuration:
 
 3. Deploy additional modules as needed:
    ```
-   cd ../eks-cert-manager
+   cd ../eks-cconfig
    terragrunt init
    terragrunt plan
    terragrunt apply

templates/account.hcl.tf.tpl

@@ -7,5 +7,5 @@ locals {
   aws_account_id   = "${aws_account_id}"
   aws_profile      = format("%v-%v", local.aws_account_id, replace(local.account_name, "-ew", "-gov"))
   environment      = "${environment}"
-  environment_abbr = "${environment_abbr}"
+  environment_abbr = local.environment_abbr == 'lab' ? 'lab' : 'prod'
 }

templates/default-versions.hcl

@@ -51,13 +51,6 @@ locals {
   istio_namespace = "${istio_namespace}"
   istio_version   = "${istio_version}"
 
-  ################
-  # k8s-dashboard
-  ################
-  dashboard_hostname            = "${dashboard_hostname}"
-  k8s_dashboard_metrics_scraper = "${k8s_dashboard_metrics_scraper}"
-  k8s_dashboard_version         = "${k8s_dashboard_version}"
-
   ################
   # Karpenter
   ################
@@ -92,12 +85,6 @@ locals {
   exporter_tag                     = "${exporter_tag}"
   sidecar_tag                      = "${sidecar_tag}"
 
-  ################
-  # Metrics Server
-  ################
-  metrics_server_helm_chart = "${metrics_server_helm_chart}"
-  metrics_server_tag        = "${metrics_server_tag}"
-
   ################
   # Prometheus
   ################

variables.tf

@@ -255,5 +255,17 @@ variable "tags" {
 variable "create_repository" {
   description = "If true, a GitHub repository will be created and configured (internal use)"
   type        = bool
-  default     = false
+  default     = true
+}
+
+variable "files_branch" {
+  description = "Branch to manage generated files on. Set to an existing branch (for example, update/csvd-dev-mcm) to support PR workflows."
+  type        = string
+  default     = null
+}
+
+variable "files_branch_source_branch" {
+  description = "Source branch used when creating files_branch for existing repositories. Defaults to the repository default branch."
+  type        = string
+  default     = null
 }