diff --git a/.cz.yaml b/.cz.yaml
new file mode 100644
index 0000000..b1981ec
--- /dev/null
+++ b/.cz.yaml
@@ -0,0 +1,8 @@
+---
+commitizen:
+ major_version_zero: true
+ name: cz_gitmoji
+ tag_format: $version
+ update_changelog_on_bump: true
+ version_provider: scm
+ version_scheme: semver2
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..867570d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+ - package-ecosystem: "terraform" # See documentation for possible values
+ directory: "/" # Location of package manifests
+ schedule:
+ interval: "daily"
diff --git a/.gitignore b/.gitignore
index 03d66da..98d790c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
# Local .terraform directories
**/.terraform/*
+**/.terragrunt-cache/*
# terraform lock file.
**/.terraform.lock.hcl
@@ -35,6 +36,3 @@ override.tf.json
# Ignore CLI configuration files
.terraformrc
terraform.rc
-
-# It's a module, shouldn't have a providers.tf
-provider*.tf
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..edcbdd7
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,111 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.6.0
+ hooks:
+ # Git style
+ - id: check-added-large-files
+ - id: check-merge-conflict
+ - id: check-vcs-permalinks
+ - id: forbid-new-submodules
+ - id: no-commit-to-branch
+ - id: check-byte-order-marker
+ - id: check-case-conflict
+ - id: check-json
+ - id: check-merge-conflict
+ - id: check-symlinks
+ - id: check-vcs-permalinks
+ - id: check-toml
+ - id: check-xml
+ - id: detect-private-key
+ - id: requirements-txt-fixer
+ - id: sort-simple-yaml
+
+ # Common errors
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
+ args: [--markdown-linebreak-ext=md]
+ exclude: CHANGELOG.md
+ - id: check-yaml
+ - id: check-merge-conflict
+ - id: check-executables-have-shebangs
+
+ # Cross platform
+ - id: check-case-conflict
+ - id: mixed-line-ending
+ args: [--fix=lf]
+
+ # Security
+ - id: detect-aws-credentials
+ args: ['--allow-missing-credentials']
+ - id: detect-private-key
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+ rev: v4.0.0-alpha.8
+ hooks:
+ - id: prettier
+ # https://prettier.io/docs/en/options.html#parser
+ files: '.json5$'
+
+# Terraform Hooks
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.92.2 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ hooks:
+ - id: terraform_fmt
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ - id: terraform_docs
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ - id: terraform_tflint
+ name: Terraform validate with tflint
+ description: Validates all Terraform configuration files with TFLint.
+ require_serial: true
+ entry: hooks/terraform_tflint.sh
+ language: script
+ files: (\.tf|\.tfvars)$
+ exclude: \.(terraform/.*|terragrunt-cache)$
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ - id: terragrunt_fmt
+ name: Terragrunt fmt
+ description: Rewrites all Terragrunt configuration files to a canonical format.
+ entry: hooks/terragrunt_fmt.sh
+ language: script
+ files: (\.hcl)$
+ exclude: \.(terraform/.*|terragrunt-cache)$
+ args:
+ - --hook-config=--parallelism-ci-cpu-cores=2
+ # Will require dependency mocks
+ # - id: terragrunt_validate
+ # name: Terragrunt validate
+ # description: Validates all Terragrunt configuration files.
+ # entry: hooks/terragrunt_validate.sh
+ # language: script
+ # files: (\.hcl)$
+ # exclude: \.(terraform/.*|terragrunt-cache)$
+ # args:
+ # - --hook-config=--parallelism-ci-cpu-cores=2
+ # - id: terragrunt_validate_inputs
+ # name: Terragrunt validate inputs
+ # description: Validates Terragrunt unused and undefined inputs.
+ # entry: hooks/terragrunt_validate_inputs.sh
+ # language: script
+ # files: (\.hcl)$
+ # exclude: \.(terraform/.*|terragrunt-cache)$
+ # args:
+ # - --hook-config=--parallelism-ci-cpu-cores=2
+ # - id: terragrunt_providers_lock
+ # name: Terragrunt providers lock
+ # description: Updates provider signatures in dependency lock files using terragrunt.
+ # entry: hooks/terragrunt_providers_lock.sh
+ # language: script
+ # files: (terragrunt|\.terraform\.lock)\.hcl$
+ # exclude: \.(terraform/.*|terragrunt-cache)$
+ # args:
+ # - --hook-config=--parallelism-ci-cpu-cores=2
+
+- repo: https://github.com/ljnsn/cz-conventional-gitmoji
+ rev: v0.3.3
+ hooks:
+ - id: conventional-gitmoji
diff --git a/.releaserc.json b/.releaserc.json
new file mode 100644
index 0000000..6e39031
--- /dev/null
+++ b/.releaserc.json
@@ -0,0 +1,36 @@
+{
+ "branches": [
+ "main",
+ "master"
+ ],
+ "ci": false,
+ "plugins": [
+ "@semantic-release/commit-analyzer",
+ "@semantic-release/release-notes-generator",
+ [
+ "@semantic-release/github",
+ {
+ "successComment":
+ "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+ "labels": false,
+ "releasedLabels": false
+ }
+ ],
+ [
+ "@semantic-release/changelog",
+ {
+ "changelogFile": "CHANGELOG.md",
+ "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+ }
+ ],
+ [
+ "@semantic-release/git",
+ {
+ "assets": [
+ "CHANGELOG.md"
+ ],
+ "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+ }
+ ]
+ ]
+}
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
new file mode 100644
index 0000000..fabfb8d
--- /dev/null
+++ b/.terraform-docs.yml
@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+## hide: []
+ show:
+ - data-sources
+ - header
+ - footer
+ - inputs
+ - modules
+ - outputs
+ - providers
+ - requirements
+ - resources
+
+output:
+ file: README.md
+ mode: inject
+ template: |-
+
+ {{ .Content }}
+
+
+output-values:
+ enabled: false
+ from: ""
+
+sort:
+ enabled: true
+ by: name
+
+settings:
+ anchor: true
+ color: true
+ default: true
+ description: true
+ escape: true
+ indent: 2
+ required: true
+ sensitive: true
+ type: true
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000..684d807
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,21 @@
+config {
+ module = true
+ force = false
+ disabled_by_default = false
+}
+
+rule "aws_instance_invalid_type" {
+ enabled = true
+}
+
+plugin "aws" {
+ enabled = true
+ version = "0.32.0"
+ source = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "terraform" {
+ enabled = true
+ version = "0.9.0"
+ source = "github.com/terraform-linters/tflint-ruleset-terraform"
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..59ffc31
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,15 @@
+## Unreleased
+
+### 🎨🏗️ Style & Architecture
+
+- **repo**: install repo features pre-commit and commitizen
+
+# CHANGELOG
+* 0.0.2 -- 2024-07-30
+ - update images module
+ - formatting
+ - fix for tags
+* 0.0.1 -- 2024-07-22
+ - updated version.tf to 0.0.1
+ - included module.images in depends on helm charts
+ - created changelog
diff --git a/README.md b/README.md
index 1fed409..08354e1 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,75 @@ to loki.
* Requires additional Node HD space - 40GB is not enough.
# tfmod-loki
+
+
+
+
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 0.13 |
+| [aws](#requirement\_aws) | >= 5.14.0 |
+| [helm](#requirement\_helm) | >= 2.11.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | 5.61.0 |
+| [helm](#provider\_helm) | 2.14.0 |
+| [kubernetes](#provider\_kubernetes) | 2.31.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
+| [loki\_irsa\_role](#module\_loki\_irsa\_role) | git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/ | n/a |
+| [loki\_s3](#module\_loki\_s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.loki](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_s3_bucket.s3_server_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source |
+| [kubernetes_namespace.existing_ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [canary\_tag](#input\_canary\_tag) | The tag of the grafana/loki-canary image to use. | `string` | `"3.0.0"` | no |
+| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
+| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `string` | `"true"` | no |
+| [enterprise\_logs\_provisioner\_tag](#input\_enterprise\_logs\_provisioner\_tag) | The version of the grafana/enterprise-logs-provisioner image to use. | `string` | `"v1.7.0"` | no |
+| [exporter\_tag](#input\_exporter\_tag) | The version of prom/memcached-exporter to use for the gateway. | `string` | `"v0.14.2"` | no |
+| [gateway\_tag](#input\_gateway\_tag) | The version of nginxinc/nginx-unprivileged to use for the gateway. | `string` | `"1.25.2-alpine"` | no |
+| [loki\_chart\_version](#input\_loki\_chart\_version) | Which version of the grafana/loki helm chart to use. | `string` | `"6.6.5"` | no |
+| [loki\_tag](#input\_loki\_tag) | The tag of the loki image to use. | `string` | `"3.0.0"` | no |
+| [memcached\_tag](#input\_memcached\_tag) | The version of memcached to use for the gateway. | `string` | `"1.6.23-alpine"` | no |
+| [namespace](#input\_namespace) | The namespace into which grafana will be deployed | `string` | `"loki"` | no |
+| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN in the EKS cluster for the OpenID Connect identity provider. | `string` | n/a | yes |
+| [profile](#input\_profile) | AWS config profile used to upload images into ECR | `string` | `""` | no |
+| [region](#input\_region) | The region holding these resources (for the s3 bucket.) | `string` | n/a | yes |
+| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |
+| [sidecar\_tag](#input\_sidecar\_tag) | The version of kiwigrid/k8s-sidecar to use for the gateway. | `string` | `"1.24.3"` | no |
+| [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no |
+| [tags](#input\_tags) | Additional tags to add to resources created in AWS (s3 bucket, ...) | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [gateway\_internal\_endpoint](#output\_gateway\_internal\_endpoint) | The endpoint which can be used inside of the cluster to access loki-gateway. |
+| [module\_name](#output\_module\_name) | The name of this module. |
+| [module\_version](#output\_module\_version) | The version of this module. |
+| [rwo\_storage\_class](#output\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. |
+
diff --git a/main.tf b/main.tf
index e39b7d6..726adbd 100644
--- a/main.tf
+++ b/main.tf
@@ -15,7 +15,7 @@ resource "kubernetes_namespace" "ns" {
}
}
-data "kubernetes_namespace" "existing-ns" {
+data "kubernetes_namespace" "existing_ns" {
count = var.create_namespace == "true" ? 0 : 1
metadata {
@@ -26,17 +26,19 @@ data "kubernetes_namespace" "existing-ns" {
locals {
tags = merge({
"eks-cluster-name" = var.cluster_name
- "boc:tf_module_name" = local._module_name
- "boc:tf_module_version" = local._module_version
+ "boc:tf_module_name" = local.module_name
+ "boc:tf_module_version" = local.module_version
"boc:created_by" = "terraform"
CostAllocation = var.tag_costallocation
- }, var.additional_tags)
+ }, var.tags)
- ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing-ns[0].metadata[0].name)
+ ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing_ns[0].metadata[0].name)
}
-module "loki-irsa-role" {
- #source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/?ref=1.0.0"
+module "loki_irsa_role" {
+ # source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/?ref=1.0.0"
+ # tflint-ignore: terraform_module_version
+ # tflint-ignore: terraform_module_pinned_source
source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/"
role_name = "${var.cluster_name}-loki"
@@ -45,11 +47,11 @@ module "loki-irsa-role" {
attach_encrypted_object_manager_policy = true
s3_bucket_arns = [
- module.loki-s3.s3_bucket_arn,
- "${module.loki-s3.s3_bucket_arn}/*",
+ module.loki_s3.s3_bucket_arn,
+ "${module.loki_s3.s3_bucket_arn}/*",
]
kms_key_arns = [
- "${module.loki-s3.kms_key_arn}"
+ module.loki_s3.kms_key_arn
]
oidc_providers = {
@@ -67,8 +69,8 @@ resource "helm_release" "loki" {
name = "loki"
namespace = local.ns
repository = "https://grafana.github.io/helm-charts"
- timeout = 900
- wait = true
+ timeout = 900
+ wait = true
##### Globals #####
set {
@@ -153,7 +155,7 @@ resource "helm_release" "loki" {
}
set {
name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
- value = module.loki-irsa-role.iam_role_arn
+ value = module.loki_irsa_role.iam_role_arn
}
set {
name = "memberlist.service.publishNotReadyAddresses"
@@ -163,15 +165,15 @@ resource "helm_release" "loki" {
##### Storage #####
set {
name = "loki.storage.bucketNames.chunks"
- value = module.loki-s3.s3_requested_bucket_name
+ value = module.loki_s3.s3_requested_bucket_name
}
set {
name = "loki.storage.bucketNames.ruler"
- value = module.loki-s3.s3_requested_bucket_name
+ value = module.loki_s3.s3_requested_bucket_name
}
set {
name = "loki.storage.bucketNames.admin"
- value = module.loki-s3.s3_requested_bucket_name
+ value = module.loki_s3.s3_requested_bucket_name
}
set {
name = "loki.storage.type"
@@ -189,7 +191,7 @@ resource "helm_release" "loki" {
name = "loki.storage_config.aws.s3"
value = format("s3://%v/%v",
var.region,
- module.loki-s3.s3_requested_bucket_name
+ module.loki_s3.s3_requested_bucket_name
)
}
set {
diff --git a/outputs.tf b/outputs.tf
index 8f016cc..06eec05 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,3 +1,7 @@
+output "rwo_storage_class" {
+ description = "Specify the storage class for read/write/once persistent volumes."
+ value = var.rwo_storage_class
+}
output "gateway_internal_endpoint" {
description = "The endpoint which can be used inside of the cluster to access loki-gateway."
@@ -7,4 +11,16 @@ output "gateway_internal_endpoint" {
url = local.gateway_internal_url
}
}
+################################################################################
+# Module information
+################################################################################
+
+output "module_name" {
+ description = "The name of this module."
+ value = local.module_name
+}
+output "module_version" {
+ description = "The version of this module."
+ value = local.module_version
+}
diff --git a/requirements.tf b/requirements.tf
index 1b7a5da..ae62e15 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -14,13 +14,5 @@ terraform {
source = "hashicorp/kubernetes"
version = ">= 2.23.0"
}
- null = {
- source = "hashicorp/null"
- version = ">= 3.2.1"
- }
- template = {
- source = "hashicorp/template"
- version = ">= 2.2.0"
- }
}
}
diff --git a/s3.tf b/s3.tf
index f1b3611..cac37c6 100644
--- a/s3.tf
+++ b/s3.tf
@@ -9,7 +9,7 @@ data "aws_s3_bucket" "s3_server_access_logs" {
bucket = format("inf-logs-%v-%v", local.account_id, var.region)
}
-module "loki-s3" {
+module "loki_s3" {
source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard?ref=tf-upgrade"
bucket_name = format("%v-loki", var.cluster_name)
diff --git a/variables.tf b/variables.tf
index b488133..ecad875 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,7 +4,7 @@ variable "tag_costallocation" {
default = "csvd:infrastructure"
}
-variable "additional_tags" {
+variable "tags" {
description = "Additional tags to add to resources created in AWS (s3 bucket, ...)"
type = map(string)
default = {}
diff --git a/version.tf b/version.tf
index 3a981dc..77fb555 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
locals {
- _module_name = "tfmod-loki"
- _module_version = "0.0.1"
+ module_name = "tfmod-loki"
+ module_version = "0.0.2"
}