Init

.github/workflows/terraform-release.yaml

@@ -7,7 +7,7 @@ on:
       - main
 jobs:
   terraform-ci-cd:
-    runs-on: 229685449397
+    runs-on: "229685449397"
     permissions:
       contents: write
 

README.md

@@ -1,165 +1,144 @@
 # terraform-eks-deployment
 
-Terraform module for EKS cluster deployment and configuration
+Terraform module for EKS cluster repository bootstrapping and configuration
 
 ## Overview
 
-This module creates a new GitHub repository for your EKS cluster based on the template-eks-cluster repository. It sets up all necessary configuration files and triggers automated workflows for cluster deployment.
+This module creates and configures a new GitHub repository for your EKS cluster based on the template-eks-cluster repository. It automatically generates all necessary Terragrunt HCL files (`root.hcl`, `account.hcl`, `region.hcl`, etc.) directly from your input variables, eliminating the need for manual configuration or separate Ansible playbooks.
+
+## Features
+
+- **Fully Terraform-Native**: No Lambda functions, Ansible playbooks, or manual steps required
+- **Complete HCL Generation**: Automatically creates all necessary Terragrunt HCL files
+- **Team Management**: Configures repository permissions for your teams
+- **Customizable**: Extensive configuration options for cluster, account, and VPC settings
 
 ## Prerequisites
 
 - GitHub token with repository and workflow permissions
-- Python 3.x installed on the machine running Terraform
+- Terraform 1.0.0 or newer
 - Access to GitHub Enterprise (if using enterprise version)
 
 ## Usage
 
+### Basic Example
+
 ```hcl
 module "eks_deployment" {
-  source = "path/to/terraform-eks-deployment"
-
-  name         = "my-eks-cluster"
-  organization = "my-org"
-  environment  = "production"
-  region       = "us-east-1"
+  source = "github.com/HappyPathway/terraform-eks-deployment"
+
+  # Repository configuration
+  repository_name          = "eks-prod-cluster"
+  repository_template_owner = "HappyPathway"
+  repository_template      = "template-eks-cluster"
+  repository_teams         = {
+    "platform-team" = "admin",
+    "devops-team"   = "maintain",
+    "developers"    = "push"
+  }
   
-  cluster_config = {
-    cluster_name    = "prod-eks-01"
-    account_name    = "prod-account"
-    aws_account_id  = "123456789012"
-    aws_profile     = "prod-profile"
+  # Basic settings
+  organization       = "my-org"
+  environment        = "production"
+  region             = "us-gov-west-1"
+  github_server_url  = "https://github.e.it.census.gov"  # For GitHub Enterprise
+
+  # Account configuration
+  account_config = {
+    account_name     = "prod-account"
+    aws_account_id   = "123456789012"
     environment_abbr = "prod"
+  }
+
+  # VPC configuration
+  vpc_config = {
     vpc_name        = "prod-vpc"
     vpc_domain_name = "prod.example.com"
   }
 
-  github_token      = "your-github-token"
-  github_server_url = "https://github.e.it.census.gov"  # Optional, for GitHub Enterprise
+  # Cluster configuration
+  cluster_config = {
+    cluster_name              = "prod-eks-01"
+    cluster_mailing_list      = "team@example.com"
+    eks_instance_disk_size    = 200
+    eks_ng_desired_size       = 5
+    eks_ng_max_size           = 10
+    eks_ng_min_size           = 3
+    organization              = "census:ocio:csvd"
+    finops_project_name       = "csvd_platformbaseline"
+    finops_project_number     = "fs0000000078"
+    finops_project_role       = "csvd_platformbaseline_app"
+    tags = {
+      Owner       = "Platform Team",
+      Environment = "Production",
+      CostCenter  = "123-456"
+    }
+    module_enablement_overrides = {
+      cert_manager = true,
+      prometheus   = true,
+      grafana      = true,
+      istio        = true
+    }
+  }
 }
-```
-
-## Workflow Automation
-
-### Overview
-
-The module automatically triggers GitHub Actions workflows in your newly created repository to:
-1. Install Python requirements
-2. Execute Terragrunt operations for cluster management
-
-### Workflow Sequence
-
-1. **Repository Creation**: The module creates a new repository from the template-eks-cluster template
-2. **Initial Configuration**: Configuration files are generated based on your inputs
-3. **Requirements Installation**: A workflow is triggered to install Python dependencies
-4. **Cluster Planning**: A terragrunt plan workflow is automatically triggered
 
-### Available Workflows
-
-Your new repository will have these workflows available:
-
-1. **Install Requirements** (`install-requirements.yml`)
-   - Triggered automatically on repository creation
-   - Installs all Python dependencies from requirements.txt
-
-2. **Terragrunt Cluster Operations** (`terragrunt-cluster-build.yml`)
-   - Supports plan, apply, and destroy operations
-   - Can be triggered manually or via API
-   - Includes safety checks and approvals
-
-### Triggering Workflows
-
-The workflows can be triggered in two ways:
-
-1. **Automatic Triggering**
-   - On repository creation, the module automatically triggers:
-     1. Requirements installation
-     2. Initial cluster plan
-
-2. **Manual Triggering**
-   - Via GitHub UI:
-     1. Go to Actions tab
-     2. Select desired workflow
-     3. Click "Run workflow"
-     4. Fill in parameters
-
-3. **API Triggering**
-   - Use GitHub's API to trigger workflows:
-   ```bash
-   curl -X POST \
-     -H "Authorization: Bearer $GITHUB_TOKEN" \
-     -H "Accept: application/vnd.github.v3+json" \
-     "https://api.github.com/repos/OWNER/REPO/dispatches" \
-     -d '{
-       "event_type": "cluster-plan",
-       "client_payload": {
-         "environment": "dev",
-         "region": "us-east-1",
-         "cluster_dir": "my-cluster",
-         "auto_approve": false
-       }
-     }'
-   ```
-
-### Supported Events
-
-The following event types are supported for workflow triggers:
+output "repository_url" {
+  value = module.eks_deployment.repository_url
+}
+```
 
-- `install-requirements`: Install Python dependencies
-- `cluster-plan`: Preview cluster changes
-- `cluster-apply`: Apply cluster changes
-- `cluster-destroy`: Destroy cluster
+## Generated Files
 
-### Required Secrets
+The module automatically generates the following files in your new repository:
 
-The following secrets must be configured in your repository:
+- `root.hcl`: Global Terragrunt configuration
+- `[environment]/account.hcl`: Account-specific variables
+- `[environment]/[region]/region.hcl`: Region-specific variables
+- `[environment]/[region]/vpc/vpc.hcl`: VPC-specific variables
+- `[environment]/[region]/vpc/[cluster_name]/cluster.hcl`: Cluster-specific variables
+- `README.md`: Usage instructions and documentation
 
-- `AWS_ROLE_ARN`: ARN of the AWS role to assume
-- `GITHUB_TOKEN`: GitHub token with workflow permissions
+These files are committed directly to your new repository and are ready for use with Terragrunt to deploy your EKS cluster.
 
 ## Module Configuration
 
 ### Required Variables
 
-- `name`: Repository name
-- `organization`: GitHub organization name
-- `environment`: Deployment environment
-- `region`: AWS region
-- `cluster_config`: Cluster configuration object
-- `github_token`: GitHub token for workflow operations
+| Name | Description |
+|------|-------------|
+| `repository_name` | Name of the GitHub repository to create |
+| `organization` | GitHub organization name |
+| `environment` | Deployment environment (e.g., production, development) |
+| `region` | AWS region for the EKS cluster |
+| `account_config` | Map of account configuration values |
+| `vpc_config` | Map of VPC configuration values |
+| `cluster_config` | Map of cluster configuration values |
 
 ### Optional Variables
 
-- `github_server_url`: GitHub Enterprise server URL
-- `template_repo_org`: Organization containing the template repository
-- `enable_modules`: Map of modules to enable in the cluster
+| Name | Description | Default |
+|------|-------------|---------|
+| `repository_template_owner` | Owner of the template repository | `"HappyPathway"` |
+| `repository_template` | Template repository name | `"template-eks-cluster"` |
+| `repository_teams` | Map of team names and permission levels | `{}` |
+| `github_server_url` | GitHub Enterprise server URL | `"https://api.github.com"` |
 
-For more configuration options, see the variables.tf file.
+For complete configuration options, see the variables.tf file.
 
 ## Outputs
 
-- `repository_url`: URL of the created repository
-- `ssh_clone_url`: SSH clone URL of the repository
-
-## Security Considerations
-
-1. **GitHub Token**: Use a token with minimal required permissions
-2. **AWS Role**: Use role-based access with least privilege
-3. **Auto-approve**: Use with caution in production environments
-4. **Environment Protection**: Configure branch protection rules
-
-## Troubleshooting
+| Name | Description |
+|------|-------------|
+| `repository_url` | URL of the created repository |
+| `ssh_clone_url` | SSH clone URL of the repository |
 
-Common issues and solutions:
+## How It Works
 
-1. **Workflow Trigger Failures**
-   - Check GitHub token permissions
-   - Verify GitHub Enterprise URL (if applicable)
-   - Check network connectivity
+1. The module calls the `terraform-github-repo` module to create a new repository based on your template.
+2. It uses Terraform's `templatefile()` function to render Terragrunt HCL files from templates.
+3. These rendered files are committed directly to the repository using the `github_repository_file` resource.
+4. Team permissions are configured using the `github_team_repository` resource.
 
-2. **Python Requirements**
-   - Ensure requirements.txt exists in template repository
-   - Check Python version compatibility
+## Migrating from Previous Workflow
 
-3. **AWS Authentication**
-   - Verify AWS role ARN
-   - Check AWS credentials configuration
+This module replaces the previous Lambda/Ansible-based workflow with a purely Terraform-native approach. If you were previously using the template-automation-lambda to create repositories and then running an Ansible playbook to generate HCL files, you can now accomplish the entire process with just this module.

ROADMAP.md

@@ -1,62 +1,47 @@
-# EKS Cluster Template Roadmap
+# EKS Cluster Deployment Roadmap
 
 ## Current Architecture
-- Template repository (`template-eks-cluster`) serves as the base for creating new EKS cluster configurations
-- Uses Terraform GitHub repo module to create new repositories from the template
-- Implements managed and non-managed extra files functionality
-- Supports configuration through `config.json`
+- **Terraform-Native Workflow**: The module provides a fully Terraform-native workflow for bootstrapping a single GitHub repository for an EKS cluster.
+- **Declarative Configuration**: It uses a set of input variables (`account_config`, `vpc_config`, `cluster_config`) to define a cluster's configuration.
+- **Dynamic HCL Generation**: The module automatically generates all necessary Terragrunt HCL files (`root.hcl`, `account.hcl`, `region.hcl`, etc.) from internal templates.
+- **Wrapper Module**: This module acts as a sophisticated wrapper around the `terraform-github-repo` module, orchestrating repository creation, file generation, and team permission management.
 
 ## Planned Enhancements
 
-### 1. Automated Cluster Setup (High Priority)
-- [x] Add GitHub Actions workflows with workflow_dispatch triggers
-- [x] Implement automated terragrunt command execution for cluster building
-  - [x] Support for plan/apply/destroy commands
-  - [x] Environment-specific execution
-  - [x] Automated testing framework
-- [ ] Configure workflows to run on specific runners for credential management
-- [ ] Create templatized GitHub Actions workflow files
-- [ ] Enable direct cluster creation without manual repository cloning
-
-### 2. File Management System (Medium Priority)
-- [ ] Implement wrapper module for repo module
-- [ ] Add support for crafting and injecting various configuration files
-- [ ] Define file lifecycle management strategy
-  - [ ] Managed files (controlled by workspace)
-  - [ ] Non-managed files (user-modifiable)
-
-### 3. Version Management (Medium Priority)
-- [ ] Implement version control strategy for `default-versions.hcl`
-- [ ] Create system for managing platform release versions
-- [ ] Set up version override mechanism
-  - [ ] Default versions in template repo
-  - [ ] Override capability in workspace creating repos
-
-### 4. Configuration Management (Low Priority)
-- [ ] Enhance Makefile and Ansible playbook integration
-- [ ] Improve configuration file templating
-- [ ] Add validation for configuration files
+### 1. Version and Configuration Management (High Priority)
+- [x] Implement version control strategy for `default-versions.hcl`
+- [x] Create system for managing platform release versions
+- [x] Set up version override mechanism
+- [ ] Add validation for configuration files to fail early on invalid inputs.
+- [ ] Integrate a robust versioning strategy for the module itself, using tags.
+
+### 2. Automated Cluster Deployment (Medium Priority)
+- [ ] Create templatized GitHub Actions workflow files that can be injected into the created repository.
+- [ ] Configure workflows to run on specific runners for secure credential management.
+- [ ] Implement automated `terragrunt plan/apply` execution within the generated workflows.
+
+### 3. Module and Documentation Refinements (Low Priority)
+- [ ] Enhance documentation with more detailed examples, including edge cases.
+- [ ] Add contribution guidelines and a developer guide.
+- [ ] Refactor and clean up any legacy code or unused variables.
+
+## Completed Milestones
+
+- **Terraform-Native Migration**: Successfully replaced the legacy Lambda/Ansible workflow with a unified, Terraform-native solution for repository bootstrapping.
+- **File Management System**: Implemented a robust system for crafting and injecting configuration files directly via Terraform, fulfilling the core requirement of the "File Management System" epic.
 
 ## Technical Considerations
-1. File Lifecycle Management:
-   - Managed files: Controlled by workspace
-   - Non-managed files: User-modifiable post-creation
-   - Version-specific files: Platform release coordination
-
-2. Automation Requirements:
-   - GitHub Actions runner configuration
-   - Credential management
-   - Workflow templating
-   - Terragrunt integration
-
-3. Version Control Strategy:
-   - Module version collections
-   - Platform release versions
-   - Override mechanisms
+1.  **Automation Requirements**:
+    -   GitHub Actions runner configuration for secure AWS authentication.
+    -   Workflow templating to dynamically generate CI/CD pipelines.
+    -   Seamless Terragrunt integration within the automated workflows.
+
+2.  **Version Control Strategy**:
+    -   Centralized management of component versions (EKS, Istio, etc.).
+    -   Clear override mechanisms for environment-specific versioning.
 
 ## Success Criteria
-- Fully automated cluster creation process
-- Minimal manual intervention required
-- Proper version management system
-- Clear file lifecycle management
-- Secure credential handling
+-   Fully automated repository and cluster configuration process.
+-   A clear, maintainable, and scalable version management system.
+-   Secure and automated CI/CD pipelines for deploying EKS clusters.
+-   Comprehensive documentation that empowers users and contributors.