add ingress

SCT-Engineering · Mar 11, 2025 · 1df6062 · 1df6062
1 parent 3287571
commit 1df6062
Show file tree

Hide file tree

Showing 5 changed files with 151 additions and 27 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml
@@ -0,0 +1,101 @@
+name: 'Terraform Module CI'
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.hcl'
+      - '**/*.tf'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**/*.hcl'
+      - '**/*.tf'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  validate:
+    name: 'Validate Module'
+    runs-on: self-hosted
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: 1.5.0
+
+    - name: Terraform Init
+      run: |
+        terraform init -backend=false
+
+    - name: Terraform Format
+      run: |
+        terraform fmt -check
+
+    - name: Terraform Validate
+      run: |
+        terraform validate
+
+    - name: Run tflint
+      uses: terraform-linters/setup-tflint@v3
+      if: github.event_name == 'pull_request'
+
+    - name: Lint Terraform
+      if: github.event_name == 'pull_request'
+      run: |
+        tflint --format compact
+
+  release:
+    name: 'Create Release'
+    needs: validate
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    runs-on: self-hosted
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install Commitizen
+        run: |
+          pip install commitizen
+
+      - name: Configure Git
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+      - name: Bump Version and Generate Changelog
+        id: cz
+        run: |
+          cz bump --yes
+          echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT
+          echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.cz.outputs.new_version }}
+          release_name: Release v${{ steps.cz.outputs.new_version }}
+          draft: false
+          prerelease: false
+          body: ${{ steps.cz.outputs.changelog }}
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -4,18 +4,18 @@ config {
   disabled_by_default = false
 }
 
-rule "aws_instance_invalid_type" {
-  enabled = true
-}
+# rule "aws_instance_invalid_type" {
+#   enabled = true
+# }
 
-plugin "aws" {
-  enabled = true
-  version = "0.32.0"
-  source  = "github.com/terraform-linters/tflint-ruleset-aws"
-}
+# plugin "aws" {
+#   enabled = true
+#   version = "0.32.0"
+#   source  = "github.com/terraform-linters/tflint-ruleset-aws"
+# }
 
-plugin "terraform" {
-  enabled = true
-  version = "0.9.0"
-  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
-}
+# plugin "terraform" {
+#   enabled = true
+#   version = "0.9.0"
+#   source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }
diff --git a/README.md b/README.md
@@ -13,14 +13,15 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.16.1 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.36.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+| <a name="module_ingress_resources"></a> [ingress\_resources](#module\_ingress\_resources) | git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git | main |
 | <a name="module_preinstall"></a> [preinstall](#module\_preinstall) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//config-job | feature-kiali-baseline |
 | <a name="module_service_account"></a> [service\_account](#module\_service\_account) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account | n/a |
 
@@ -31,7 +32,7 @@
 | [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 
 ## Inputs
 

diff --git a/main.tf b/main.tf
@@ -1,9 +1,9 @@
 
 locals {
 
-  internal_hostname    = format("kiali.%v.svc.cluster.local", var.namespace)
+  internal_hostname    = format("%v.%v.svc.cluster.local", kubernetes_namespace.ns.metadata[0].name, local.service_name)
   internal_port_number = "20001"
-  internal_url         = format("http://%v:%v/", local.internal_hostname, local.internal_port_number)
+  internal_url         = format("https://%s:%s/", local.internal_hostname, local.internal_port_number)
 
   preinstall_script = <<CONFIG
 wait_for_istio_ready() {
@@ -22,15 +22,16 @@ wait_for_istio_ready
 ensure_secret kiali grafana_password "$(kubectl -n ${var.grafana_namespace} get secret ${var.grafana_secret_name} -o jsonpath='{.data.admin-password}' | base64 -d)"
 CONFIG
 
-  public_hostname    = format("kiali.%v", var.cluster_domain)
-  public_port_number = "80"
-  public_url         = format("https://%v:%v/", local.public_hostname, local.public_port_number)
-  ns                 = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.operators[0].metadata[0].name)
+  public_domain = format("%v.%v", var.cluster_name, var.cluster_domain)
+  service_name  = var.namespace
 }
 
-data "kubernetes_namespace" "operators" {
+resource "kubernetes_namespace" "operators" {
   metadata {
     name = var.operators_namespace
+    labels = {
+      istio-injection = "enabled"
+    }
   }
 }
 
@@ -55,7 +56,7 @@ module "service_account" {
   # tflint-ignore: terraform_module_pinned_source
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account"
 
-  namespace            = local.ns
+  namespace            = kubernetes_namespace.ns.metadata[0].name
   read_only_namespaces = ["grafana"]
 }
 
@@ -64,7 +65,7 @@ module "preinstall" {
 
   profile              = var.profile
   cluster_name         = var.cluster_name
-  namespace            = local.ns
+  namespace            = kubernetes_namespace.ns.metadata[0].name
   service_account_name = module.service_account.service_account_name
   job_name             = "istio-tools-config-job"
   config_script        = local.preinstall_script
@@ -75,7 +76,7 @@ resource "helm_release" "kiali_operator" {
   chart      = "kiali-operator"
   version    = var.kiali_operator_version
   name       = "kiali-operator"
-  namespace  = data.kubernetes_namespace.operators.metadata[0].name
+  namespace  = kubernetes_namespace.operators.metadata[0].name
   repository = "https://kiali.org/helm-charts"
 
   set {
@@ -95,7 +96,7 @@ resource "helm_release" "kiali_operator" {
   }
   set {
     name  = "watchNamespace"
-    value = var.namespace
+    value = kubernetes_namespace.ns.metadata[0].name
   }
   set {
     name  = "allowAdHocKialiImage"
@@ -230,3 +231,13 @@ resource "helm_release" "kiali" {
 #   gogatekeeper_repository    = var.gogatekeeper_repository
 #   gogatekeeper_tag           = var.gogatekeeper_tag
 # }
+
+module "ingress_resources" {
+  # tflint-ignore: terraform_module_pinned_source
+  source            = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
+  public_hostname   = local.service_name
+  public_domain     = local.public_domain
+  service_name      = local.service_name
+  service_namespace = kubernetes_namespace.ns.metadata[0].name
+  service_port      = local.internal_port_number
+}