Merge pull request #8 from SCT-Engineering/mcmCluster

pre-commit and commitizen

.cz.yaml

@@ -0,0 +1,8 @@
+---
+commitizen:
+  major_version_zero: true
+  name: cz_gitmoji
+  tag_format: $version
+  update_changelog_on_bump: true
+  version_provider: scm
+  version_scheme: semver2

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.pre-commit-config.yaml

@@ -0,0 +1,99 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.6.0
+  hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+
+    # Cross platform
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: [--fix=lf]
+
+    # Security
+    - id: detect-aws-credentials
+      args: ['--allow-missing-credentials']
+    - id: detect-private-key
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: v4.0.0-alpha.8
+  hooks:
+  - id: prettier
+    # https://prettier.io/docs/en/options.html#parser
+    files: '.json5$'
+
+# Terraform Hooks
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.92.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  hooks:
+    - id: terraform_fmt
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_docs
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_tflint
+      name: Terraform validate with tflint
+      description: Validates all Terraform configuration files with TFLint.
+      require_serial: true
+      entry: hooks/terraform_tflint.sh
+      language: script
+      files: (\.tf|\.tfvars)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terragrunt_fmt
+      name: Terragrunt fmt
+      description: Rewrites all Terragrunt configuration files to a canonical format.
+      entry: hooks/terragrunt_fmt.sh
+      language: script
+      files: (\.hcl)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_validate
+    #   name: Terragrunt validate
+    #   description: Validates all Terragrunt configuration files.
+    #   entry: hooks/terragrunt_validate.sh
+    #   language: script
+    #   files: (\.hcl)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_validate_inputs
+    #   name: Terragrunt validate inputs
+    #   description: Validates Terragrunt unused and undefined inputs.
+    #   entry: hooks/terragrunt_validate_inputs.sh
+    #   language: script
+    #   files: (\.hcl)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_providers_lock
+    #   name: Terragrunt providers lock
+    #   description: Updates provider signatures in dependency lock files using terragrunt.
+    #   entry: hooks/terragrunt_providers_lock.sh
+    #   language: script
+    #   files: (terragrunt|\.terraform\.lock)\.hcl$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+
+- repo: https://github.com/ljnsn/cz-conventional-gitmoji
+  rev: v0.3.2
+  hooks:
+    - id: conventional-gitmoji

.releaserc.json

@@ -0,0 +1,36 @@
+{
+  "branches": [
+    "main",
+    "master"
+  ],
+  "ci": false,
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/github",
+      {
+        "successComment":
+        "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+        "labels": false,
+        "releasedLabels": false
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": [
+          "CHANGELOG.md"
+        ],
+        "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ]
+  ]
+}

.terraform-docs.yml

@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show:
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true

.tflint.hcl

@@ -0,0 +1,29 @@
+config {
+  module              = true
+  force               = false
+  disabled_by_default = false
+
+  #  ignore_module = {
+  #    "terraform-aws-modules/vpc/aws"            = true
+  #    "terraform-aws-modules/security-group/aws" = true
+  #  }
+
+  #  varfile = ["example1.tfvars", "example2.tfvars"]
+  #  variables = ["foo=bar", "bar=[\"baz\"]"]
+}
+
+rule "aws_instance_invalid_type" {
+  enabled = true
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.32.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "terraform" {
+  enabled = true
+  version = "0.9.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+}

CHANGELOG.md

@@ -0,0 +1,14 @@
+## Unreleased
+
+### Fix
+
+- **main.tf**: add operators ns here
+
+
+# CHANGELOG
+* 0.0.2 -- 2024-07-30
+  - remove cluster-autoscaler (using karpenter)
+* 0.0.1 -- 2024-07-22
+  - updated version.tf to 0.0.1
+  - included module.images in depends on helm charts
+  - created changelog

README.md

@@ -16,14 +16,27 @@ The module configures an eks cluster with additional components after the cluste
 When selecting which version of the cluster-autoscaler to install, use the one that is closest to the same version as the `cluster_version` or slightly higher.
 The cluster-autoscaler uses the kuberentes scheduling algorithm to appropriate scale the cluster, and if the autoscaler version sufficiently divirges from the kubernetes version, the autoscaler will scale the node groups incorrectly.
 
+A successful apply will yield:
+Apply complete! Resources: 14 added, 0 changed, 0 destroyed.
+Outputs:
+kubectl_image_full_path = "224384469011.dkr.ecr.us-gov-east-1.amazonaws.com/platform-eng-eks-mcm/kubectl:1.27.14"
+kubectl_image_registry = "224384469011.dkr.ecr.us-gov-east-1.amazonaws.com"
+kubectl_image_repository = "platform-eng-eks-mcm/kubectl"
+kubectl_image_tag = "1.27.14"
+module_name = "tfmod-eks-configuration"
+module_version = "0.0.2"
+rwo_storage_class = "gp3-encrypted"
+rwx_storage_class = "efs"
+real    2m4.048s
+user    0m23.112s
+sys     0m3.855s
+
+A successful destroy will yield:
+Destroy complete! Resources: 14 destroyed.
+real    0m43.539s
+user    0m17.060s
+sys     0m2.015s
 
-# CHANGELOG
-* 0.0.2 -- 2024-07-30
-  - remove cluster-autoscaler (using karpenter)
-* 0.0.1 -- 2024-07-22
-  - updated version.tf to 0.0.1
-  - included module.images in depends on helm charts
-  - created changelog
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
@@ -101,4 +114,4 @@ The cluster-autoscaler uses the kuberentes scheduling algorithm to appropriate s
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
 | <a name="output_rwo_storage_class"></a> [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
 | <a name="output_rwx_storage_class"></a> [rwx\_storage\_class](#output\_rwx\_storage\_class) | Kubernetes storage class that supports read/write many. |
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->

main.tf

@@ -26,8 +26,7 @@ resource "kubernetes_storage_class" "gp3_encrypted" {
     fsType    = "ext4"
     type      = "gp3"
     encrypted = "true"
-    #    kms_key_id = data.aws_kms_key.ebs_key.arn
-    kmsKeyId = data.aws_kms_key.ebs_key.arn
+    kmsKeyId  = data.aws_kms_key.ebs_key.arn
   }
   storage_provisioner    = "ebs.csi.aws.com"
   reclaim_policy         = "Delete"
@@ -46,8 +45,7 @@ resource "kubernetes_storage_class" "ebs_encrypted" {
     fsType    = "ext4"
     type      = "gp2"
     encrypted = "true"
-    #    kms_key_id = data.aws_kms_key.ebs_key.arn
-    kmsKeyId = data.aws_kms_key.ebs_key.arn
+    kmsKeyId  = data.aws_kms_key.ebs_key.arn
   }
   storage_provisioner    = "kubernetes.io/aws-ebs"
   reclaim_policy         = "Delete"
@@ -84,3 +82,9 @@ resource "kubernetes_storage_class" "efs-sc" {
   }
   mount_options = ["tls"]
 }
+
+resource "kubernetes_namespace" "operators" {
+  metadata {
+    name = var.operators_ns
+  }
+}