Merge pull request #2 from SCT-Engineering/mcmCluster

release/0.1.1

.cz.yaml

@@ -0,0 +1,8 @@
+---
+commitizen:
+  major_version_zero: true
+  name: cz_gitmoji
+  tag_format: $version
+  update_changelog_on_bump: true
+  version_provider: scm
+  version_scheme: semver2

.gitignore

@@ -35,4 +35,3 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
-

.pre-commit-config.yaml

@@ -0,0 +1,99 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v5.0.0
+  hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    # - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+
+    # Cross platform
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: [--fix=lf]
+
+    # Security
+    - id: detect-aws-credentials
+      args: ['--allow-missing-credentials']
+    - id: detect-private-key
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: v4.0.0-alpha.8
+  hooks:
+  - id: prettier
+    files: '.json5$'
+
+# Terraform Hooks
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  hooks:
+    - id: terraform_fmt
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_docs
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terraform_tflint
+      name: Terraform validate with tflint
+      description: Validates all Terraform configuration files with TFLint.
+      require_serial: true
+      entry: hooks/terraform_tflint.sh
+      language: script
+      files: (\.tf|\.tfvars)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    - id: terragrunt_fmt
+      name: Terragrunt fmt
+      description: Rewrites all Terragrunt configuration files to a canonical format.
+      entry: hooks/terragrunt_fmt.sh
+      language: script
+      files: (\.hcl)$
+      exclude: \.(terraform/.*|terragrunt-cache)$
+      args:
+        - --hook-config=--parallelism-ci-cpu-cores=2
+    ### DISABLED UNTIL MINIFIED TERRAGRUNT.HCL IS CREATED
+    # - id: terragrunt_validate
+    #   name: Terragrunt validate
+    #   description: Validates all Terragrunt configuration files.
+    #   entry: hooks/terragrunt_validate.sh
+    #   language: script
+    #   files: (\.hcl)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_validate_inputs
+    #   name: Terragrunt validate inputs
+    #   description: Validates Terragrunt unused and undefined inputs.
+    #   entry: hooks/terragrunt_validate_inputs.sh
+    #   language: script
+    #   files: (\.hcl)$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+    # - id: terragrunt_providers_lock
+    #   name: Terragrunt providers lock
+    #   description: Updates provider signatures in dependency lock files using terragrunt.
+    #   entry: hooks/terragrunt_providers_lock.sh
+    #   language: script
+    #   files: (terragrunt|\.terraform\.lock)\.hcl$
+    #   exclude: \.(terraform/.*|terragrunt-cache)$
+    #   args:
+    #     - --hook-config=--parallelism-ci-cpu-cores=2
+
+- repo: https://github.com/ljnsn/cz-conventional-gitmoji
+  rev: v0.6.1
+  hooks:
+    - id: conventional-gitmoji

.releaserc.json

@@ -0,0 +1,36 @@
+{
+  "branches": [
+    "main",
+    "master"
+  ],
+  "ci": false,
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/github",
+      {
+        "successComment":
+        "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+        "labels": false,
+        "releasedLabels": false
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": [
+          "CHANGELOG.md"
+        ],
+        "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ]
+  ]
+}

.terraform-docs.yml

@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show:
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true

.tflint.hcl

@@ -0,0 +1,21 @@
+config {
+  module              = true
+  force               = false
+  disabled_by_default = false
+}
+
+rule "aws_instance_invalid_type" {
+  enabled = true
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.32.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "terraform" {
+  enabled = true
+  version = "0.9.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+}

CHANGELOG.md

@@ -0,0 +1,14 @@
+## 0.0.1 (2024-10-24)
+
+### 🐛🚑️ Fixes
+
+- **repo**: add pre-commit config
+- **images**: update module ref
+
+### ♻️  Refactorings
+
+- **mvp**: merge my work with lukes and resolve lints
+
+### 🎨🏗️ Style & Architecture
+
+- **repo**: resolve lints

README.md

@@ -1,2 +1,64 @@
-# tfmod-istio-tools
 # tfmod-kiali
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.16.1 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_images"></a> [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+| <a name="module_preinstall"></a> [preinstall](#module\_preinstall) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//config-job | feature-kiali-baseline |
+| <a name="module_service_account"></a> [service\_account](#module\_service\_account) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cluster_domain"></a> [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
+| <a name="input_grafana_internal_url"></a> [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
+| <a name="input_grafana_namespace"></a> [grafana\_namespace](#input\_grafana\_namespace) | The namespace holding the grafana instance, used to look up the grafana password. | `string` | n/a | yes |
+| <a name="input_grafana_public_url"></a> [grafana\_public\_url](#input\_grafana\_public\_url) | The URL incoming traffic from outisde the cluster uses to access grafana. | `string` | n/a | yes |
+| <a name="input_grafana_secret_name"></a> [grafana\_secret\_name](#input\_grafana\_secret\_name) | The secret in the <grafana\_namespace> holding the grafana admin password. | `string` | n/a | yes |
+| <a name="input_istio_namespace"></a> [istio\_namespace](#input\_istio\_namespace) | The namespace where istio has been deployed. | `string` | `"istio-system"` | no |
+| <a name="input_jaeger_internal_url"></a> [jaeger\_internal\_url](#input\_jaeger\_internal\_url) | The url within the cluster to use to query the jaegertracing. | `string` | n/a | yes |
+| <a name="input_kiali_application_version"></a> [kiali\_application\_version](#input\_kiali\_application\_version) | The version of kiali to install | `string` | `"v1.73.0"` | no |
+| <a name="input_kiali_operator_version"></a> [kiali\_operator\_version](#input\_kiali\_operator\_version) | The version of kiali to install | `string` | `"1.73.0"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"istio-tools"` | no |
+| <a name="input_operators_namespace"></a> [operators\_namespace](#input\_operators\_namespace) | The namespace into which all operators are to be deployed. | `string` | n/a | yes |
+| <a name="input_profile"></a> [profile](#input\_profile) | The AWS\_PROFILE to use while running the scripts. | `string` | `""` | no |
+| <a name="input_prometheus_internal_url"></a> [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
+| <a name="input_public_hostname"></a> [public\_hostname](#input\_public\_hostname) | The hostname to use for kiali that will be publicly available | `string` | `"kiali"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_internal_endpoint"></a> [internal\_endpoint](#output\_internal\_endpoint) | The internal endpoint to use to access kiali |
+| <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
+| <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
+| <a name="output_public_endpoint"></a> [public\_endpoint](#output\_public\_endpoint) | The public endpoint to use to access kiali |
+<!-- END_TF_DOCS -->

chart/kiali/Chart.yaml → charts/kiali/Chart.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v2
 name: kiali
 description: A Helm chart for Kubernetes

chart/kiali/templates/_helpers.tpl → charts/kiali/templates/_helpers.tpl

@@ -1,3 +1,4 @@
+---
 {{/*
 Expand the name of the chart.
 */}}

chart/kiali/templates/kiali.yaml → charts/kiali/templates/kiali.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: kiali.io/v1alpha1
 kind: Kiali
 metadata:
@@ -9,6 +10,8 @@ spec:
   istio_namespace: {{ .Values.istioNamespace | quote }}
   deployment:
     accessible_namespaces: "**"
+    image_name: {{ .Values.image_name | quote }}
+    # image_version: {{ .Values.image_version | quote }}
   external_services:
     grafana:
       auth:

chart/kiali/templates/secret.yaml → charts/kiali/templates/secret.yaml

@@ -1,8 +1,9 @@
+---
 {{ if .Values.openid.secret }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: kiali
+  name: kiali-o
   labels:
     {{- include "kiali.labels" . | nindent 4 }}
 stringData:

chart/kiali/values.yaml → charts/kiali/values.yaml

@@ -1,13 +1,14 @@
-
+---
 publicHostname: "kiali"
 publicDomain: "cluster.domain"
 
 istioNamespace: "istio-system"
-prometheusInClusterUrl: "http://loki-prometheus-server.logging.svc.cluster.local/"
+prometheusInClusterUrl: "http://loki-prometheus-server.prometheus.svc.cluster.local/"
 jaegerInClusterUrl: "http://istio-jaeger-query.istio-tools.svc.cluster.local:16686/"
-grafanaInClusterUrl: "http://loki-grafana.logging.svc.cluster.local/"
+grafanaInClusterUrl: "http://loki-grafana.grafana.svc.cluster.local/"
 grafanaPublicUrl: "https://grafana.cluster.domain/"
-grafanaUserName: "admin"
+# grafanaUserName: "admin"
+grafanaUserName: "YWRtaW4="
 grafanaSecretName: "kiali"
 grafanaSecretPasswordKey: "grafana_password"
 
@@ -18,4 +19,3 @@ openid:
   disableRbac: true
   issuerUri: "https://keycloak.cluster.domain/realms/sso_admin_realm"
   usernameClaim: "username_claim"
-

copy_images.tf

@@ -1,6 +1,6 @@
 locals {
   kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
-  kiali_key          = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
+  # kiali_key          = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
 
   image_config = [
     ## Images for Kiali
@@ -26,21 +26,14 @@ locals {
 }
 
 module "images" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
 
   profile          = var.profile
   application_name = var.cluster_name
   image_config     = local.image_config
   tags             = {}
 
-  ### optional
-  ##  account_alias        = ""
-  ##  account_id           = ""
-  ##  destination_password = ""
-  ##  destination_username = ""
-  ##  override_prefixes    = {}
-  ##  region               = ""
-  ##  source_password      = ""
-  ##  source_username      = ""
+  enable_lifecycle_policy = true
+  lifecycle_policy_all    = true
+  force_delete            = true
 }
-