diff --git a/.cz.yaml b/.cz.yaml
new file mode 100644
index 0000000..b1981ec
--- /dev/null
+++ b/.cz.yaml
@@ -0,0 +1,8 @@
+---
+commitizen:
+ major_version_zero: true
+ name: cz_gitmoji
+ tag_format: $version
+ update_changelog_on_bump: true
+ version_provider: scm
+ version_scheme: semver2
diff --git a/.gitignore b/.gitignore
index 7c1cae9..403ffa9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,4 +35,3 @@ override.tf.json
# Ignore CLI configuration files
.terraformrc
terraform.rc
-
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..a4f80c1
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,99 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v5.0.0
+ hooks:
+ # Git style
+ - id: check-added-large-files
+ - id: check-merge-conflict
+ - id: check-vcs-permalinks
+ - id: forbid-new-submodules
+ - id: no-commit-to-branch
+
+ # Common errors
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
+ args: [--markdown-linebreak-ext=md]
+ exclude: CHANGELOG.md
+ # - id: check-yaml
+ - id: check-merge-conflict
+ - id: check-executables-have-shebangs
+
+ # Cross platform
+ - id: check-case-conflict
+ - id: mixed-line-ending
+ args: [--fix=lf]
+
+ # Security
+ - id: detect-aws-credentials
+ args: ['--allow-missing-credentials']
+ - id: detect-private-key
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+ rev: v4.0.0-alpha.8
+ hooks:
+ - id: prettier
+ files: '.json5$'
+
+# Terraform Hooks
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ hooks:
+ - id: terraform_fmt
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ - id: terraform_docs
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ - id: terraform_tflint
+ name: Terraform validate with tflint
+ description: Validates all Terraform configuration files with TFLint.
+ require_serial: true
+ entry: hooks/terraform_tflint.sh
+ language: script
+ files: (\.tf|\.tfvars)$
+ exclude: \.(terraform/.*|terragrunt-cache)$
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ - id: terragrunt_fmt
+ name: Terragrunt fmt
+ description: Rewrites all Terragrunt configuration files to a canonical format.
+ entry: hooks/terragrunt_fmt.sh
+ language: script
+ files: (\.hcl)$
+ exclude: \.(terraform/.*|terragrunt-cache)$
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ ### DISABLED UNTIL MINIFIED TERRAGRUNT.HCL IS CREATED
+ # - id: terragrunt_validate
+ # name: Terragrunt validate
+ # description: Validates all Terragrunt configuration files.
+ # entry: hooks/terragrunt_validate.sh
+ # language: script
+ # files: (\.hcl)$
+ # exclude: \.(terraform/.*|terragrunt-cache)$
+ # args:
+ # - --hook-config=--parallelism-ci-cpu-cores=2
+ # - id: terragrunt_validate_inputs
+ # name: Terragrunt validate inputs
+ # description: Validates Terragrunt unused and undefined inputs.
+ # entry: hooks/terragrunt_validate_inputs.sh
+ # language: script
+ # files: (\.hcl)$
+ # exclude: \.(terraform/.*|terragrunt-cache)$
+ # args:
+ # - --hook-config=--parallelism-ci-cpu-cores=2
+ # - id: terragrunt_providers_lock
+ # name: Terragrunt providers lock
+ # description: Updates provider signatures in dependency lock files using terragrunt.
+ # entry: hooks/terragrunt_providers_lock.sh
+ # language: script
+ # files: (terragrunt|\.terraform\.lock)\.hcl$
+ # exclude: \.(terraform/.*|terragrunt-cache)$
+ # args:
+ # - --hook-config=--parallelism-ci-cpu-cores=2
+
+- repo: https://github.com/ljnsn/cz-conventional-gitmoji
+ rev: v0.6.1
+ hooks:
+ - id: conventional-gitmoji
diff --git a/.releaserc.json b/.releaserc.json
new file mode 100644
index 0000000..6e39031
--- /dev/null
+++ b/.releaserc.json
@@ -0,0 +1,36 @@
+{
+ "branches": [
+ "main",
+ "master"
+ ],
+ "ci": false,
+ "plugins": [
+ "@semantic-release/commit-analyzer",
+ "@semantic-release/release-notes-generator",
+ [
+ "@semantic-release/github",
+ {
+ "successComment":
+ "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+ "labels": false,
+ "releasedLabels": false
+ }
+ ],
+ [
+ "@semantic-release/changelog",
+ {
+ "changelogFile": "CHANGELOG.md",
+ "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+ }
+ ],
+ [
+ "@semantic-release/git",
+ {
+ "assets": [
+ "CHANGELOG.md"
+ ],
+ "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+ }
+ ]
+ ]
+}
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
new file mode 100644
index 0000000..fabfb8d
--- /dev/null
+++ b/.terraform-docs.yml
@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+## hide: []
+ show:
+ - data-sources
+ - header
+ - footer
+ - inputs
+ - modules
+ - outputs
+ - providers
+ - requirements
+ - resources
+
+output:
+ file: README.md
+ mode: inject
+ template: |-
+
+ {{ .Content }}
+
+
+output-values:
+ enabled: false
+ from: ""
+
+sort:
+ enabled: true
+ by: name
+
+settings:
+ anchor: true
+ color: true
+ default: true
+ description: true
+ escape: true
+ indent: 2
+ required: true
+ sensitive: true
+ type: true
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000..684d807
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,21 @@
+config {
+ module = true
+ force = false
+ disabled_by_default = false
+}
+
+rule "aws_instance_invalid_type" {
+ enabled = true
+}
+
+plugin "aws" {
+ enabled = true
+ version = "0.32.0"
+ source = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "terraform" {
+ enabled = true
+ version = "0.9.0"
+ source = "github.com/terraform-linters/tflint-ruleset-terraform"
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..08fc5ad
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,14 @@
+## 0.0.1 (2024-10-24)
+
+### 🐛🚑️ Fixes
+
+- **repo**: add pre-commit config
+- **images**: update module ref
+
+### ♻️ Refactorings
+
+- **mvp**: merge my work with lukes and resolve lints
+
+### 🎨🏗️ Style & Architecture
+
+- **repo**: resolve lints
diff --git a/README.md b/README.md
index f521b08..8d49162 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,64 @@
-# tfmod-istio-tools
# tfmod-kiali
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 0.13 |
+| [helm](#requirement\_helm) | >= 2.11.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [helm](#provider\_helm) | 2.16.1 |
+| [kubernetes](#provider\_kubernetes) | 2.33.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+| [preinstall](#module\_preinstall) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//config-job | feature-kiali-baseline |
+| [service\_account](#module\_service\_account) | git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
+| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
+| [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
+| [grafana\_namespace](#input\_grafana\_namespace) | The namespace holding the grafana instance, used to look up the grafana password. | `string` | n/a | yes |
+| [grafana\_public\_url](#input\_grafana\_public\_url) | The URL incoming traffic from outisde the cluster uses to access grafana. | `string` | n/a | yes |
+| [grafana\_secret\_name](#input\_grafana\_secret\_name) | The secret in the holding the grafana admin password. | `string` | n/a | yes |
+| [istio\_namespace](#input\_istio\_namespace) | The namespace where istio has been deployed. | `string` | `"istio-system"` | no |
+| [jaeger\_internal\_url](#input\_jaeger\_internal\_url) | The url within the cluster to use to query the jaegertracing. | `string` | n/a | yes |
+| [kiali\_application\_version](#input\_kiali\_application\_version) | The version of kiali to install | `string` | `"v1.73.0"` | no |
+| [kiali\_operator\_version](#input\_kiali\_operator\_version) | The version of kiali to install | `string` | `"1.73.0"` | no |
+| [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"istio-tools"` | no |
+| [operators\_namespace](#input\_operators\_namespace) | The namespace into which all operators are to be deployed. | `string` | n/a | yes |
+| [profile](#input\_profile) | The AWS\_PROFILE to use while running the scripts. | `string` | `""` | no |
+| [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
+| [public\_hostname](#input\_public\_hostname) | The hostname to use for kiali that will be publicly available | `string` | `"kiali"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [internal\_endpoint](#output\_internal\_endpoint) | The internal endpoint to use to access kiali |
+| [module\_name](#output\_module\_name) | The name of this module. |
+| [module\_version](#output\_module\_version) | The version of this module. |
+| [public\_endpoint](#output\_public\_endpoint) | The public endpoint to use to access kiali |
+
diff --git a/charts/kiali/templates/kiali.yaml b/charts/kiali/templates/kiali.yaml
new file mode 100644
index 0000000..541fb62
--- /dev/null
+++ b/charts/kiali/templates/kiali.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: kiali.io/v1alpha1
+kind: Kiali
+metadata:
+ name: {{ include "kiali.fullname" . }}
+ labels:
+ {{- include "kiali.labels" . | nindent 4 }}
+spec:
+ image_version: "operator_version"
+ istio_namespace: {{ .Values.istioNamespace | quote }}
+ deployment:
+ accessible_namespaces: "**"
+ image_name: {{ .Values.image_name | quote }}
+ # image_version: {{ .Values.image_version | quote }}
+ external_services:
+ grafana:
+ auth:
+ type: "basic"
+ username: {{ .Values.grafanaUserName | quote }}
+ password: "secret:{{ .Values.grafanaSecretName }}:{{ .Values.grafanaSecretPasswordKey }}"
+ in_cluster_url: {{ .Values.grafanaInClusterUrl | quote}}
+ url: {{ .Values.grafanaPublicUrl | quote }}
+ prometheus:
+ url: {{ .Values.prometheusInClusterUrl | quote }}
+ tracing:
+ in_cluster_url: {{ .Values.jaegerInClusterUrl | quote }}
+ auth:
+ strategy: {{ .Values.kialiAuthStrategy }}
+{{ if eq .Values.kialiAuthStrategy "openid" }}
+ openid:
+ client_id: {{ .Values.openid.clientId | quote }}
+ disable_rbac: {{ .Values.openid.disableRbac }}
+ issuer_uri: {{ .Values.openid.issuerUri | quote }}
+ username_claim: {{ .Values.openid.username_claim | quote }}
+{{- end }}
diff --git a/charts/kiali/templates/secret.yaml b/charts/kiali/templates/secret.yaml
new file mode 100644
index 0000000..d7a530e
--- /dev/null
+++ b/charts/kiali/templates/secret.yaml
@@ -0,0 +1,11 @@
+---
+{{ if .Values.openid.secret }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: kiali-o
+ labels:
+ {{- include "kiali.labels" . | nindent 4 }}
+stringData:
+ oidc-secret: {{ .Values.openid.secret | quote }}
+{{- end }}
diff --git a/charts/kiali/values.yaml b/charts/kiali/values.yaml
new file mode 100644
index 0000000..888c110
--- /dev/null
+++ b/charts/kiali/values.yaml
@@ -0,0 +1,21 @@
+---
+publicHostname: "kiali"
+publicDomain: "cluster.domain"
+
+istioNamespace: "istio-system"
+prometheusInClusterUrl: "http://loki-prometheus-server.prometheus.svc.cluster.local/"
+jaegerInClusterUrl: "http://istio-jaeger-query.istio-tools.svc.cluster.local:16686/"
+grafanaInClusterUrl: "http://loki-grafana.grafana.svc.cluster.local/"
+grafanaPublicUrl: "https://grafana.cluster.domain/"
+# grafanaUserName: "admin"
+grafanaUserName: "YWRtaW4="
+grafanaSecretName: "kiali"
+grafanaSecretPasswordKey: "grafana_password"
+
+kialiAuthStrategy: openid
+openid:
+ clientId: "sso_admin_client_id"
+ secret: "sso_admin_client_secret"
+ disableRbac: true
+ issuerUri: "https://keycloak.cluster.domain/realms/sso_admin_realm"
+ usernameClaim: "username_claim"
diff --git a/copy_images.tf b/copy_images.tf
index e8232d7..72f2a49 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -1,8 +1,6 @@
locals {
- kiali_operator_version = "v2.2.0"
- kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", local.kiali_operator_version)
-
- kiali_server_key = format("%v#%v", "istio-tools/kiali", local.kiali_operator_version)
+ kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
+ # kiali_key = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
image_config = [
## Images for Kiali
@@ -39,4 +37,3 @@ module "images" {
lifecycle_policy_all = true
force_delete = true
}
-
diff --git a/kiali-server/Chart.yaml b/kiali-server/Chart.yaml
index 29729f4..742901b 100644
--- a/kiali-server/Chart.yaml
+++ b/kiali-server/Chart.yaml
@@ -1,3 +1,4 @@
+---
apiVersion: v2
name: kiali-server
description: A Helm chart for Kubernetes
diff --git a/kiali-server/templates/_helpers.tpl b/kiali-server/templates/_helpers.tpl
index b7e85ed..21d38a9 100644
--- a/kiali-server/templates/_helpers.tpl
+++ b/kiali-server/templates/_helpers.tpl
@@ -1,3 +1,4 @@
+---
{{/*
Expand the name of the chart.
*/}}
diff --git a/kiali-server/templates/kiali.yaml b/kiali-server/templates/kiali.yaml
index aca8d96..47f8cd1 100644
--- a/kiali-server/templates/kiali.yaml
+++ b/kiali-server/templates/kiali.yaml
@@ -1,7 +1,9 @@
apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
- name: kiali
+ name: {{ include "kiali.fullname" . }}
+ labels:
+ {{- include "kiali.labels" . | nindent 4 }}
spec:
istio_namespace: {{ .Values.istioNamespace }}
auth:
@@ -14,7 +16,6 @@ spec:
enabled: true
auth:
insecure_skip_verify: true
- # url: "http://prometheus-server.prometheus.svc.cluster.local:80/"
url: {{ .Values.prometheus.url }}
grafana:
enabled: true
diff --git a/kiali-server/values.yaml b/kiali-server/values.yaml
index 33d4e43..b7d9356 100644
--- a/kiali-server/values.yaml
+++ b/kiali-server/values.yaml
@@ -15,8 +15,6 @@ grafana:
username: "admin"
secretName:
passwordKey:
- # password: "Q8rktnHqzYFEf591U35Uf66T1xFJ4HZZFqiOn4fh"
- # password: secret:my-secret:my-cred
externalUrl:
internalUrl:
diff --git a/main.tf b/main.tf
index 917be5d..c4325d1 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,4 @@
locals {
- public_hostname = format("kiali.%v", var.cluster_domain)
- public_port_number = "80"
- public_url = format("https://%v:%v/", local.public_hostname, local.public_port_number)
internal_hostname = format("kiali.%v.svc.cluster.local", var.namespace)
internal_port_number = "20001"
@@ -29,6 +26,7 @@ CONFIG
}
module "service_account" {
+ # tflint-ignore: terraform_module_pinned_source
source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account"
namespace = var.namespace
@@ -46,7 +44,8 @@ module "preinstall" {
config_script = local.preinstall_script
}
-resource "helm_release" "kiali-operator" {
+resource "helm_release" "kiali_operator" {
+ depends_on = [module.images]
chart = "kiali-operator"
version = var.kiali_operator_version
name = "kiali-operator"
@@ -64,7 +63,6 @@ resource "helm_release" "kiali-operator" {
name = "image.tag"
value = module.images.images[local.kiali_operator_key].tag
}
-
set {
name = "cr.create"
value = "false"
diff --git a/outputs.tf b/outputs.tf
index b0c6e23..8664c39 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -16,3 +16,17 @@ output "internal_endpoint" {
url = local.internal_url
}
}
+
+################################################################################
+# Module information
+################################################################################
+
+output "module_name" {
+ description = "The name of this module."
+ value = local.module_name
+}
+
+output "module_version" {
+ description = "The version of this module."
+ value = local.module_version
+}
diff --git a/requirements.tf b/requirements.tf
index 32e5c6f..5f150af 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -2,10 +2,6 @@ terraform {
required_version = ">= 0.13"
required_providers {
- aws = {
- source = "hashicorp/aws"
- version = ">= 5.14.0"
- }
helm = {
source = "hashicorp/helm"
version = ">= 2.11.0"
@@ -14,9 +10,5 @@ terraform {
source = "hashicorp/kubernetes"
version = ">= 2.23.0"
}
- null = {
- source = "hashicorp/null"
- version = ">= 3.2.1"
- }
}
}
diff --git a/variables.tf b/variables.tf
index 1c52579..3986584 100644
--- a/variables.tf
+++ b/variables.tf
@@ -97,10 +97,6 @@ variable "public_hostname" {
default = "kiali"
}
-variable "certificate_issuer" {
- description = "The cluster issuer to use to create the grafana SSL certificate."
- type = string
-}
# helm repo add kiali https://kiali.org/helm-charts
@@ -118,27 +114,3 @@ variable "kiali_application_version" {
type = string
default = "v1.73.0"
}
-
-variable "gogatekeeper_chart_version" {
- description = "When SSO information is supplied, use this gogatekeeper chart version to protect kiali/jaeger"
- type = string
- default = ""
-}
-
-variable "gogatekeeper_registry" {
- description = "When SSO information is supplied, use gogatekeeper in this registry to protect kiali/jaeger"
- type = string
- default = ""
-}
-
-variable "gogatekeeper_repository" {
- description = "When SSO information is supplied, use gogatekeeper in this repository to protect kiali/jaeger"
- type = string
- default = ""
-}
-
-variable "gogatekeeper_tag" {
- description = "When SSO information is supplied, use gogatekeeper with this tag to protect kiali/jaeger"
- type = string
- default = ""
-}
diff --git a/version.tf b/version.tf
new file mode 100644
index 0000000..8644a7f
--- /dev/null
+++ b/version.tf
@@ -0,0 +1,4 @@
+locals {
+ module_name = "tfmod-kiali"
+ module_version = "0.1.1"
+}