diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..867570d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+ - package-ecosystem: "terraform" # See documentation for possible values
+ directory: "/" # Location of package manifests
+ schedule:
+ interval: "daily"
diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml
new file mode 100644
index 0000000..a78523e
--- /dev/null
+++ b/.github/workflows/terragrunt-cicd.yml
@@ -0,0 +1,101 @@
+name: 'Terraform Module CI'
+
+on:
+ push:
+ branches:
+ - main
+ paths:
+ - '**/*.hcl'
+ - '**/*.tf'
+ pull_request:
+ branches:
+ - main
+ paths:
+ - '**/*.hcl'
+ - '**/*.tf'
+
+permissions:
+ contents: read
+ pull-requests: write
+
+jobs:
+ validate:
+ name: 'Validate Module'
+ runs-on: self-hosted
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v2
+ with:
+ terraform_version: 1.5.0
+
+ - name: Terraform Init
+ run: |
+ terraform init -backend=false
+
+ - name: Terraform Format
+ run: |
+ terraform fmt -check
+
+ - name: Terraform Validate
+ run: |
+ terraform validate
+
+ - name: Run tflint
+ uses: terraform-linters/setup-tflint@v3
+ if: github.event_name == 'pull_request'
+
+ - name: Lint Terraform
+ if: github.event_name == 'pull_request'
+ run: |
+ tflint --format compact
+
+ release:
+ name: 'Create Release'
+ needs: validate
+ if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ runs-on: self-hosted
+ permissions:
+ contents: write
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ token: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Setup Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.9'
+
+ - name: Install Commitizen
+ run: |
+ pip install commitizen
+
+ - name: Configure Git
+ run: |
+ git config --local user.email "action@github.com"
+ git config --local user.name "GitHub Action"
+
+ - name: Bump Version and Generate Changelog
+ id: cz
+ run: |
+ cz bump --yes
+ echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT
+ echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT
+
+ - name: Create Release
+ uses: actions/create-release@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ tag_name: v${{ steps.cz.outputs.new_version }}
+ release_name: Release v${{ steps.cz.outputs.new_version }}
+ draft: false
+ prerelease: false
+ body: ${{ steps.cz.outputs.changelog }}
diff --git a/.tflint.hcl b/.tflint.hcl
index 684d807..ab8ea66 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -4,18 +4,18 @@ config {
disabled_by_default = false
}
-rule "aws_instance_invalid_type" {
- enabled = true
-}
+# rule "aws_instance_invalid_type" {
+# enabled = true
+# }
-plugin "aws" {
- enabled = true
- version = "0.32.0"
- source = "github.com/terraform-linters/tflint-ruleset-aws"
-}
+# plugin "aws" {
+# enabled = true
+# version = "0.32.0"
+# source = "github.com/terraform-linters/tflint-ruleset-aws"
+# }
-plugin "terraform" {
- enabled = true
- version = "0.9.0"
- source = "github.com/terraform-linters/tflint-ruleset-terraform"
-}
+# plugin "terraform" {
+# enabled = true
+# version = "0.9.0"
+# source = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }
diff --git a/README.md b/README.md
index 8d49162..bb7c40f 100644
--- a/README.md
+++ b/README.md
@@ -13,14 +13,15 @@
| Name | Version |
|------|---------|
-| [helm](#provider\_helm) | 2.16.1 |
-| [kubernetes](#provider\_kubernetes) | 2.33.0 |
+| [helm](#provider\_helm) | 2.17.0 |
+| [kubernetes](#provider\_kubernetes) | 2.36.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+| [ingress\_resources](#module\_ingress\_resources) | git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git | main |
| [preinstall](#module\_preinstall) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//config-job | feature-kiali-baseline |
| [service\_account](#module\_service\_account) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account | n/a |
@@ -31,7 +32,7 @@
| [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
## Inputs
diff --git a/main.tf b/main.tf
index b02d609..5755a43 100644
--- a/main.tf
+++ b/main.tf
@@ -1,8 +1,8 @@
locals {
- internal_hostname = format("kiali.%v.svc.cluster.local", var.namespace)
+ internal_hostname = format("%v.%v.svc.cluster.local", kubernetes_namespace.ns.metadata[0].name, local.service_name)
internal_port_number = "20001"
- internal_url = format("http://%v:%v/", local.internal_hostname, local.internal_port_number)
+ internal_url = format("https://%s:%s/", local.internal_hostname, local.internal_port_number)
grafana_secret_name = "kiali"
grafana_password_key = "grafana_password"
@@ -23,14 +23,43 @@ wait_for_istio_ready() {
wait_for_istio_ready
ensure_secret ${local.grafana_secret_name} ${local.grafana_password_key} "$(kubectl -n ${var.grafana_namespace} get secret ${var.grafana_secret_name} -o jsonpath='{.data.admin-password}' | base64 -d)"
CONFIG
+
+ public_domain = format("%v.%v", var.cluster_name, var.cluster_domain)
+ service_name = var.namespace
+}
+
+resource "kubernetes_namespace" "operators" {
+ metadata {
+ name = var.operators_namespace
+ labels = {
+ istio-injection = "enabled"
+ }
+ }
}
+resource "kubernetes_namespace" "ns" {
+ metadata {
+ name = var.namespace
+ labels = {
+ istio-injection = "enabled"
+ }
+ }
+}
+
+# data "kubernetes_namespace" "keycloak" {
+# count = local.have_keycloak ? 1 : 0
+
+# metadata {
+# name = var.keycloak_namespace
+# }
+# }
+
module "service_account" {
# tflint-ignore: terraform_module_pinned_source
source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account"
- namespace = var.namespace
- read_only_namespaces = [var.grafana_namespace]
+ namespace = kubernetes_namespace.ns.metadata[0].name
+ read_only_namespaces = ["grafana"]
}
module "preinstall" {
@@ -38,7 +67,7 @@ module "preinstall" {
profile = var.profile
cluster_name = var.cluster_name
- namespace = var.namespace
+ namespace = kubernetes_namespace.ns.metadata[0].name
service_account_name = module.service_account.service_account_name
job_name = "istio-tools-config-job"
config_script = local.preinstall_script
@@ -49,7 +78,7 @@ resource "helm_release" "kiali_operator" {
chart = "kiali-operator"
version = var.kiali_operator_version
name = "kiali-operator"
- namespace = var.namespace
+ namespace = kubernetes_namespace.operators.metadata[0].name
repository = "https://kiali.org/helm-charts"
set {
@@ -71,7 +100,7 @@ resource "helm_release" "kiali_operator" {
}
set {
name = "watchNamespace"
- value = var.namespace
+ value = kubernetes_namespace.ns.metadata[0].name
}
set {
name = "env[0].name"
@@ -138,9 +167,37 @@ module "ingress_resources" {
# tflint-ignore: terraform_module_pinned_source
source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
- public_hostname = "kiali"
- public_domain = format("%v.%v", var.cluster_name, var.cluster_domain)
- service_name = "kiali"
- service_namespace = var.namespace
- service_port = local.internal_port_number
+
+# module "kiali_ingress" {
+# depends_on = [helm_release.kiali]
+
+# #source = "git@github.it.census.gov:SOA/tfmod-gogatekeeper.git//>ref=1.0.0"
+# source = "git@github.it.census.gov:SOA/tfmod-gogatekeeper.git//"
+
+# certificate_issuer = var.certificate_issuer
+
+# namespace = local.ns
+# application_name = "kiali"
+# public_hostname = "kiali"
+# cluster_domain = var.cluster_domain
+# upstream_hostname = local.internal_hostname
+# upstream_port = local.internal_port_number
+# redirection_url = local.public_url
+# client_id = var.sso_client_id
+# client_secret = var.sso_client_secret
+# keycloak_public_url = var.keycloak_public_url
+# gogatekeeper_chart_version = var.gogatekeeper_chart_version
+# gogatekeeper_registry = var.gogatekeeper_registry
+# gogatekeeper_repository = var.gogatekeeper_repository
+# gogatekeeper_tag = var.gogatekeeper_tag
+# }
+
+module "ingress_resources" {
+ # tflint-ignore: terraform_module_pinned_source
+ source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
+ public_hostname = local.service_name
+ public_domain = local.public_domain
+ service_name = local.service_name
+ service_namespace = kubernetes_namespace.ns.metadata[0].name
+ service_port = local.internal_port_number
}