Merge pull request #5 from SCT-Engineering/mcmCluster

Testing Kiali

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.github/workflows/terragrunt-cicd.yml

@@ -0,0 +1,101 @@
+name: 'Terraform Module CI'
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.hcl'
+      - '**/*.tf'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**/*.hcl'
+      - '**/*.tf'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  validate:
+    name: 'Validate Module'
+    runs-on: self-hosted
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: 1.5.0
+
+    - name: Terraform Init
+      run: |
+        terraform init -backend=false
+
+    - name: Terraform Format
+      run: |
+        terraform fmt -check
+
+    - name: Terraform Validate
+      run: |
+        terraform validate
+
+    - name: Run tflint
+      uses: terraform-linters/setup-tflint@v3
+      if: github.event_name == 'pull_request'
+
+    - name: Lint Terraform
+      if: github.event_name == 'pull_request'
+      run: |
+        tflint --format compact
+
+  release:
+    name: 'Create Release'
+    needs: validate
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    runs-on: self-hosted
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install Commitizen
+        run: |
+          pip install commitizen
+
+      - name: Configure Git
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+      - name: Bump Version and Generate Changelog
+        id: cz
+        run: |
+          cz bump --yes
+          echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT
+          echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.cz.outputs.new_version }}
+          release_name: Release v${{ steps.cz.outputs.new_version }}
+          draft: false
+          prerelease: false
+          body: ${{ steps.cz.outputs.changelog }}

.tflint.hcl

@@ -4,18 +4,18 @@ config {
   disabled_by_default = false
 }
 
-rule "aws_instance_invalid_type" {
-  enabled = true
-}
+# rule "aws_instance_invalid_type" {
+#   enabled = true
+# }
 
-plugin "aws" {
-  enabled = true
-  version = "0.32.0"
-  source  = "github.com/terraform-linters/tflint-ruleset-aws"
-}
+# plugin "aws" {
+#   enabled = true
+#   version = "0.32.0"
+#   source  = "github.com/terraform-linters/tflint-ruleset-aws"
+# }
 
-plugin "terraform" {
-  enabled = true
-  version = "0.9.0"
-  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
-}
+# plugin "terraform" {
+#   enabled = true
+#   version = "0.9.0"
+#   source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }

README.md

@@ -13,25 +13,20 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.16.1 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
-| <a name="module_preinstall"></a> [preinstall](#module\_preinstall) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//config-job | feature-kiali-baseline |
-| <a name="module_service_account"></a> [service\_account](#module\_service\_account) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account | n/a |
+| <a name="module_ingress_resources"></a> [ingress\_resources](#module\_ingress\_resources) | git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git | main |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
 
 ## Inputs
 
@@ -40,18 +35,15 @@
 | <a name="input_cluster_domain"></a> [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
 | <a name="input_grafana_internal_url"></a> [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
-| <a name="input_grafana_namespace"></a> [grafana\_namespace](#input\_grafana\_namespace) | The namespace holding the grafana instance, used to look up the grafana password. | `string` | n/a | yes |
 | <a name="input_grafana_public_url"></a> [grafana\_public\_url](#input\_grafana\_public\_url) | The URL incoming traffic from outisde the cluster uses to access grafana. | `string` | n/a | yes |
 | <a name="input_grafana_secret_name"></a> [grafana\_secret\_name](#input\_grafana\_secret\_name) | The secret in the <grafana\_namespace> holding the grafana admin password. | `string` | n/a | yes |
 | <a name="input_istio_namespace"></a> [istio\_namespace](#input\_istio\_namespace) | The namespace where istio has been deployed. | `string` | `"istio-system"` | no |
-| <a name="input_jaeger_internal_url"></a> [jaeger\_internal\_url](#input\_jaeger\_internal\_url) | The url within the cluster to use to query the jaegertracing. | `string` | n/a | yes |
 | <a name="input_kiali_application_version"></a> [kiali\_application\_version](#input\_kiali\_application\_version) | The version of kiali to install | `string` | `"v1.73.0"` | no |
 | <a name="input_kiali_operator_version"></a> [kiali\_operator\_version](#input\_kiali\_operator\_version) | The version of kiali to install | `string` | `"1.73.0"` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"istio-tools"` | no |
-| <a name="input_operators_namespace"></a> [operators\_namespace](#input\_operators\_namespace) | The namespace into which all operators are to be deployed. | `string` | n/a | yes |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"namespace"` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | The AWS\_PROFILE to use while running the scripts. | `string` | `""` | no |
 | <a name="input_prometheus_internal_url"></a> [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
-| <a name="input_public_hostname"></a> [public\_hostname](#input\_public\_hostname) | The hostname to use for kiali that will be publicly available | `string` | `"kiali"` | no |
+| <a name="input_service_name"></a> [service\_name](#input\_service\_name) | The name of the service for Kiali. | `string` | `"kiali"` | no |
 
 ## Outputs
 
@@ -60,5 +52,5 @@
 | <a name="output_internal_endpoint"></a> [internal\_endpoint](#output\_internal\_endpoint) | The internal endpoint to use to access kiali |
 | <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
-| <a name="output_public_endpoint"></a> [public\_endpoint](#output\_public\_endpoint) | The public endpoint to use to access kiali |
+| <a name="output_public_endpoint"></a> [public\_endpoint](#output\_public\_endpoint) | The endpoint at which keycloak can be reached from outside the cluster. |
 <!-- END_TF_DOCS -->

copy_images.tf

@@ -1,6 +1,6 @@
 locals {
-  kiali_operator_key     = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
-  kiali_server_key       = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
+  kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
+  kiali_server_key   = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
 
   image_config = [
     ## Images for Kiali

main.tf

@@ -1,47 +1,7 @@
 locals {
-
-  internal_hostname    = format("kiali.%v.svc.cluster.local", var.namespace)
+  internal_hostname    = format("%v.%v.svc.cluster.local", var.service_name, var.namespace)
   internal_port_number = "20001"
-  internal_url         = format("http://%v:%v/", local.internal_hostname, local.internal_port_number)
-
-  grafana_secret_name  = "kiali"
-  grafana_password_key = "grafana_password"
-
-  preinstall_script = <<CONFIG
-wait_for_istio_ready() {
-  local retries http_code
-  echo "$(timestamp) : Waiting to make sure istio-proxy is in ready state..."
-  retries=30
-  http_code="$(istio_proxy_health)"
-  while [ "$http_code" != "200" ] && [ $retries -gt 0 ]; do
-    sleep 2
-    retries=$(( retries - 1 ))
-    http_code="$(istio_proxy_health)"
-  done
-  echo "wait_for_istio_ready = $http_code"
-}
-wait_for_istio_ready
-ensure_secret ${local.grafana_secret_name} ${local.grafana_password_key} "$(kubectl -n ${var.grafana_namespace} get secret ${var.grafana_secret_name} -o jsonpath='{.data.admin-password}' | base64 -d)"
-CONFIG
-}
-
-module "service_account" {
-  # tflint-ignore: terraform_module_pinned_source
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account"
-
-  namespace            = var.namespace
-  read_only_namespaces = [var.grafana_namespace]
-}
-
-module "preinstall" {
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//config-job?ref=feature-kiali-baseline"
-
-  profile              = var.profile
-  cluster_name         = var.cluster_name
-  namespace            = var.namespace
-  service_account_name = module.service_account.service_account_name
-  job_name             = "istio-tools-config-job"
-  config_script        = local.preinstall_script
+  internal_url         = format("https://%s:%s/", local.internal_hostname, local.internal_port_number)
 }
 
 resource "helm_release" "kiali_operator" {
@@ -63,55 +23,38 @@ resource "helm_release" "kiali_operator" {
     name  = "image.tag"
     value = module.images.images[local.kiali_operator_key].tag
   }
-
 
-  set {
-    name  = "cr.create"
-    value = "false"
-  }
   set {
     name  = "watchNamespace"
-    value = var.namespace
+    value = var.istio_namespace
   }
   set {
     name  = "env[0].name"
     value = "RELATED_IMAGE_kiali_default"
   }
   set {
-    name  = "env[0].value"
+    name = "env[0].value"
     value = format("%v/%v:%v",
       module.images.images[local.kiali_server_key].dest_registry,
       module.images.images[local.kiali_server_key].dest_repository,
       module.images.images[local.kiali_server_key].tag
     )
   }
-}
-
-resource "helm_release" "kiali" {
-  depends_on = [
-    helm_release.kiali_operator,
-    module.preinstall,
-  ]
-
-  chart      = "./kiali-server"
-  name       = "kiali"
-  namespace  = var.namespace
-
   set {
-    name  = "istioNamespace"
-    value = var.istio_namespace
+    name  = "publicHostname"
+    value = var.service_name
   }
   set {
-    name  = "prometheus.url"
-    value = var.prometheus_internal_url
+    name  = "publicDomain"
+    value = var.cluster_domain
   }
   set {
-    name  = "grafana.secretName"
-    value = local.grafana_secret_name
+    name  = "istioNamespace"
+    value = var.istio_namespace
   }
   set {
-    name  = "grafana.passwordKey"
-    value = local.grafana_password_key
+    name  = "prometheus.url"
+    value = var.prometheus_internal_url
   }
   set {
     name  = "grafana.externalUrl"
@@ -122,25 +65,18 @@ resource "helm_release" "kiali" {
     value = var.grafana_internal_url
   }
   set {
-    name  = "tracing.internalUrl"
-    value = var.tempo_internal_url
+    name  = "grafanaSecretName"
+    value = var.grafana_secret_name
   }
-  set {
-    name  = "tracing.tempo_config.datasource_uid"
-    value = var.tempo_datasource_id
-  }
-
-
 }
 
 module "ingress_resources" {
-  # tflint-ignore: terraform_module_version
+  depends_on = [helm_release.kiali_operator]
   # tflint-ignore: terraform_module_pinned_source
-  source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
-
-  public_hostname = "kiali"
-  public_domain = format("%v.%v", var.cluster_name, var.cluster_domain)
-  service_name = "kiali"
+  source            = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
+  public_hostname   = var.service_name
+  public_domain     = var.cluster_domain
+  service_name      = var.service_name
   service_namespace = var.namespace
-  service_port = local.internal_port_number
+  service_port      = local.internal_port_number
 }

outputs.tf

@@ -1,7 +1,6 @@
-
 output "public_endpoint" {
-  description = "The public endpoint to use to access kiali"
-  value = module.ingress_resources.service_url
+  description = "The endpoint at which keycloak can be reached from outside the cluster."
+  value       = module.ingress_resources.service_url
 }
 
 output "internal_endpoint" {