From 40bdea7dabf8458bec58dd5ff1a8e0393032f23b Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 22 Jul 2024 20:45:10 -0400 Subject: [PATCH 01/11] add force_delete update readme add output rwo_storage_class --- README.md | 9 +++++++++ copy_images.tf | 1 + outputs.tf | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1fed409..9275fee 100644 --- a/README.md +++ b/README.md @@ -6,3 +6,12 @@ to loki. * Requires additional Node HD space - 40GB is not enough. # tfmod-loki + + + +# CHANGELOG + +* 0.0.1 -- 2024-07-22 + - updated version.tf to 0.0.1 + - included module.images in depends on helm charts + - created changelog diff --git a/copy_images.tf b/copy_images.tf index 8a9fe95..fa07696 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -94,4 +94,5 @@ module "images" { enable_lifecycle_policy = true lifecycle_policy_all = true + force_delete = true } diff --git a/outputs.tf b/outputs.tf index 8f016cc..158d38c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,3 +1,7 @@ +output "rwo_storage_class" { + description = "Specify the storage class for read/write/once persistent volumes." + value = var.rwo_storage_class +} output "gateway_internal_endpoint" { description = "The endpoint which can be used inside of the cluster to access loki-gateway." @@ -7,4 +11,3 @@ output "gateway_internal_endpoint" { url = local.gateway_internal_url } } - From e5ba01bc30b573669e7af635a829e6aeca3dcfd8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 26 Jul 2024 21:19:02 -0400 Subject: [PATCH 02/11] add _module_providers --- version.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/version.tf b/version.tf index 3a981dc..f35fe4c 100644 --- a/version.tf +++ b/version.tf @@ -1,4 +1,5 @@ locals { _module_name = "tfmod-loki" _module_version = "0.0.1" + _module_providers = ["helm", "kubernetes"] } From 3c530f831ae420580874f46a62170e1b49ce66af Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 30 Jul 2024 17:41:26 -0400 Subject: [PATCH 03/11] formatting --- README.md | 5 ++++- main.tf | 6 +++--- outputs.tf | 15 ++++++++++++++- version.tf | 3 +-- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 9275fee..5df53f8 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,10 @@ to loki. # CHANGELOG - +* 0.0.2 -- 2024-07-30 + - update images module + - formatting + - fix for tags * 0.0.1 -- 2024-07-22 - updated version.tf to 0.0.1 - included module.images in depends on helm charts diff --git a/main.tf b/main.tf index e39b7d6..45a8a59 100644 --- a/main.tf +++ b/main.tf @@ -30,7 +30,7 @@ locals { "boc:tf_module_version" = local._module_version "boc:created_by" = "terraform" CostAllocation = var.tag_costallocation - }, var.additional_tags) + }, var.tags) ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing-ns[0].metadata[0].name) } @@ -67,8 +67,8 @@ resource "helm_release" "loki" { name = "loki" namespace = local.ns repository = "https://grafana.github.io/helm-charts" - timeout = 900 - wait = true + timeout = 900 + wait = true ##### Globals ##### set { diff --git a/outputs.tf b/outputs.tf index 158d38c..fc88094 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,6 +1,6 @@ output "rwo_storage_class" { description = "Specify the storage class for read/write/once persistent volumes." - value = var.rwo_storage_class + value = var.rwo_storage_class } output "gateway_internal_endpoint" { @@ -11,3 +11,16 @@ output "gateway_internal_endpoint" { url = local.gateway_internal_url } } +################################################################################ +# Module information +################################################################################ + +output "module_name" { + description = "The name of this module." + value = local._module_name +} + +output "module_version" { + description = "The version of this module." + value = local._module_version +} diff --git a/version.tf b/version.tf index f35fe4c..8d88b94 100644 --- a/version.tf +++ b/version.tf @@ -1,5 +1,4 @@ locals { _module_name = "tfmod-loki" - _module_version = "0.0.1" - _module_providers = ["helm", "kubernetes"] + _module_version = "0.0.2" } From 192fddad946ec961632aa3a75dcbdeb4b8564b07 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 5 Aug 2024 23:48:14 -0400 Subject: [PATCH 04/11] =?UTF-8?q?=F0=9F=8E=A8=20style(repo):=20install=20r?= =?UTF-8?q?epo=20features=20pre-commit=20and=20commitizen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .cz.yaml | 8 ++ .github/dependabot.yml | 11 +++ .gitignore | 4 +- .pre-commit-config.yaml | 111 ++++++++++++++++++++++++++ .pre-commit-hooks.yaml | 170 ++++++++++++++++++++++++++++++++++++++++ .releaserc.json | 36 +++++++++ .terraform-docs.yml | 44 +++++++++++ .tflint.hcl | 21 +++++ 8 files changed, 402 insertions(+), 3 deletions(-) create mode 100644 .cz.yaml create mode 100644 .github/dependabot.yml create mode 100644 .pre-commit-config.yaml create mode 100644 .pre-commit-hooks.yaml create mode 100644 .releaserc.json create mode 100644 .terraform-docs.yml create mode 100644 .tflint.hcl diff --git a/.cz.yaml b/.cz.yaml new file mode 100644 index 0000000..b1981ec --- /dev/null +++ b/.cz.yaml @@ -0,0 +1,8 @@ +--- +commitizen: + major_version_zero: true + name: cz_gitmoji + tag_format: $version + update_changelog_on_bump: true + version_provider: scm + version_scheme: semver2 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..867570d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "terraform" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.gitignore b/.gitignore index 03d66da..98d790c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Local .terraform directories **/.terraform/* +**/.terragrunt-cache/* # terraform lock file. **/.terraform.lock.hcl @@ -35,6 +36,3 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc - -# It's a module, shouldn't have a providers.tf -provider*.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..d6091dd --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,111 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + # Git style + - id: check-added-large-files + - id: check-merge-conflict + - id: check-vcs-permalinks + - id: forbid-new-submodules + - id: no-commit-to-branch + - id: check-byte-order-marker + - id: check-case-conflict + - id: check-json + - id: check-merge-conflict + - id: check-symlinks + - id: check-vcs-permalinks + - id: check-toml + - id: check-xml + - id: detect-private-key + - id: requirements-txt-fixer + - id: sort-simple-yaml + + # Common errors + - id: end-of-file-fixer + - id: trailing-whitespace + args: [--markdown-linebreak-ext=md] + exclude: CHANGELOG.md + - id: check-yaml + - id: check-merge-conflict + - id: check-executables-have-shebangs + + # Cross platform + - id: check-case-conflict + - id: mixed-line-ending + args: [--fix=lf] + + # Security + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - id: detect-private-key + +# JSON5 Linter +- repo: https://github.com/pre-commit/mirrors-prettier + rev: v4.0.0-alpha.8 + hooks: + - id: prettier + # https://prettier.io/docs/en/options.html#parser + files: '.json5$' + +# Terraform Hooks +- repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.92.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + hooks: + - id: terraform_fmt + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + - id: terraform_docs + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + - id: terraform_tflint + name: Terraform validate with tflint + description: Validates all Terraform configuration files with TFLint. + require_serial: true + entry: hooks/terraform_tflint.sh + language: script + files: (\.tf|\.tfvars)$ + exclude: \.(terraform/.*|terragrunt-cache)$ + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + - id: terragrunt_fmt + name: Terragrunt fmt + description: Rewrites all Terragrunt configuration files to a canonical format. + entry: hooks/terragrunt_fmt.sh + language: script + files: (\.hcl)$ + exclude: \.(terraform/.*|terragrunt-cache)$ + args: + - --hook-config=--parallelism-ci-cpu-cores=2 + # Will require dependency mocks + # - id: terragrunt_validate + # name: Terragrunt validate + # description: Validates all Terragrunt configuration files. + # entry: hooks/terragrunt_validate.sh + # language: script + # files: (\.hcl)$ + # exclude: \.(terraform/.*|terragrunt-cache)$ + # args: + # - --hook-config=--parallelism-ci-cpu-cores=2 + # - id: terragrunt_validate_inputs + # name: Terragrunt validate inputs + # description: Validates Terragrunt unused and undefined inputs. + # entry: hooks/terragrunt_validate_inputs.sh + # language: script + # files: (\.hcl)$ + # exclude: \.(terraform/.*|terragrunt-cache)$ + # args: + # - --hook-config=--parallelism-ci-cpu-cores=2 + # - id: terragrunt_providers_lock + # name: Terragrunt providers lock + # description: Updates provider signatures in dependency lock files using terragrunt. + # entry: hooks/terragrunt_providers_lock.sh + # language: script + # files: (terragrunt|\.terraform\.lock)\.hcl$ + # exclude: \.(terraform/.*|terragrunt-cache)$ + # args: + # - --hook-config=--parallelism-ci-cpu-cores=2 + +- repo: https://github.com/ljnsn/cz-conventional-gitmoji + rev: v0.3.2 + hooks: + - id: conventional-gitmoji diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..266f0c7 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,170 @@ +#### THESE ARE NOT ENABLED, THEY ARE FOR REFERENCE +# - id: infracost_breakdown +# name: Infracost breakdown +# description: Check terraform infrastructure cost +# entry: hooks/infracost_breakdown.sh +# language: script +# require_serial: true +# files: \.(tf(vars)?|hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_fmt +# name: Terraform fmt +# description: Rewrites all Terraform configuration files to a canonical format. +# entry: hooks/terraform_fmt.sh +# language: script +# files: (\.tf|\.tfvars)$ +# exclude: \.terraform/.*$ + +# - id: terraform_docs +# name: Terraform docs +# description: Inserts input and output documentation into README.md (using terraform-docs). +# require_serial: true +# entry: hooks/terraform_docs.sh +# language: script +# files: (\.tf|\.terraform\.lock\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_docs_without_aggregate_type_defaults +# name: Terraform docs (without aggregate type defaults) +# description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. +# require_serial: true +# entry: hooks/terraform_docs.sh +# language: script +# files: (\.tf)$ +# exclude: \.terraform/.*$ + +# - id: terraform_docs_replace +# name: Terraform docs (overwrite README.md) +# description: Overwrite content of README.md with terraform-docs. +# require_serial: true +# entry: terraform_docs_replace +# language: python +# files: (\.tf)$ +# exclude: \.terraform/.*$ + +# - id: terraform_validate +# name: Terraform validate +# description: Validates all Terraform configuration files. +# require_serial: true +# entry: hooks/terraform_validate.sh +# language: script +# files: \.(tf(vars)?|terraform\.lock\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_providers_lock +# name: Lock terraform provider versions +# description: Updates provider signatures in dependency lock files. +# require_serial: true +# entry: hooks/terraform_providers_lock.sh +# language: script +# files: (\.terraform\.lock\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terraform_tflint +# name: Terraform validate with tflint +# description: Validates all Terraform configuration files with TFLint. +# require_serial: true +# entry: hooks/terraform_tflint.sh +# language: script +# files: (\.tf|\.tfvars)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_fmt +# name: Terragrunt fmt +# description: Rewrites all Terragrunt configuration files to a canonical format. +# entry: hooks/terragrunt_fmt.sh +# language: script +# files: (\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_validate +# name: Terragrunt validate +# description: Validates all Terragrunt configuration files. +# entry: hooks/terragrunt_validate.sh +# language: script +# files: (\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_validate_inputs +# name: Terragrunt validate inputs +# description: Validates Terragrunt unused and undefined inputs. +# entry: hooks/terragrunt_validate_inputs.sh +# language: script +# files: (\.hcl)$ +# exclude: \.terraform/.*$ + +# - id: terragrunt_providers_lock +# name: Terragrunt providers lock +# description: Updates provider signatures in dependency lock files using terragrunt. +# entry: hooks/terragrunt_providers_lock.sh +# language: script +# files: (terragrunt|\.terraform\.lock)\.hcl$ +# exclude: \.(terraform/.*|terragrunt-cache)$ + +# - id: terraform_tfsec +# name: Terraform validate with tfsec (deprecated, use "terraform_trivy") +# description: Static analysis of Terraform templates to spot potential security issues. +# require_serial: true +# entry: hooks/terraform_tfsec.sh +# files: \.tf(vars)?$ +# language: script + +# - id: terraform_trivy +# name: Terraform validate with trivy +# description: Static analysis of Terraform templates to spot potential security issues. +# require_serial: true +# entry: hooks/terraform_trivy.sh +# files: \.tf(vars)?$ +# language: script + +# - id: checkov +# name: checkov (deprecated, use "terraform_checkov") +# description: Runs checkov on Terraform templates. +# entry: checkov -d . +# language: python +# pass_filenames: false +# always_run: false +# files: \.tf$ +# exclude: \.terraform/.*$ +# require_serial: true + +# - id: terraform_checkov +# name: Checkov +# description: Runs checkov on Terraform templates. +# entry: hooks/terraform_checkov.sh +# language: script +# always_run: false +# files: \.tf$ +# exclude: \.terraform/.*$ +# require_serial: true + +# - id: terraform_wrapper_module_for_each +# name: Terraform wrapper with for_each in module +# description: Generate Terraform wrappers with for_each in module. +# entry: hooks/terraform_wrapper_module_for_each.sh +# language: script +# pass_filenames: false +# always_run: false +# require_serial: true +# files: \.tf$ +# exclude: \.terraform/.*$ + +# - id: terrascan +# name: terrascan +# description: Runs terrascan on Terraform templates. +# language: script +# entry: hooks/terrascan.sh +# files: \.tf$ +# exclude: \.terraform/.*$ +# require_serial: true + +# - id: tfupdate +# name: tfupdate +# description: Runs tfupdate on Terraform templates. +# language: script +# entry: hooks/tfupdate.sh +# args: +# - --args=terraform +# files: \.tf$ +# require_serial: true diff --git a/.releaserc.json b/.releaserc.json new file mode 100644 index 0000000..6e39031 --- /dev/null +++ b/.releaserc.json @@ -0,0 +1,36 @@ +{ + "branches": [ + "main", + "master" + ], + "ci": false, + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + [ + "@semantic-release/github", + { + "successComment": + "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:", + "labels": false, + "releasedLabels": false + } + ], + [ + "@semantic-release/changelog", + { + "changelogFile": "CHANGELOG.md", + "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file." + } + ], + [ + "@semantic-release/git", + { + "assets": [ + "CHANGELOG.md" + ], + "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + } + ] + ] +} diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..fabfb8d --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,44 @@ +formatter: markdown table + +header-from: main.tf +footer-from: "" + +sections: +## hide: [] + show: + - data-sources + - header + - footer + - inputs + - modules + - outputs + - providers + - requirements + - resources + +output: + file: README.md + mode: inject + template: |- + + {{ .Content }} + + +output-values: + enabled: false + from: "" + +sort: + enabled: true + by: name + +settings: + anchor: true + color: true + default: true + description: true + escape: true + indent: 2 + required: true + sensitive: true + type: true diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..684d807 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,21 @@ +config { + module = true + force = false + disabled_by_default = false +} + +rule "aws_instance_invalid_type" { + enabled = true +} + +plugin "aws" { + enabled = true + version = "0.32.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +plugin "terraform" { + enabled = true + version = "0.9.0" + source = "github.com/terraform-linters/tflint-ruleset-terraform" +} From c983649b84b425025dae1c513c490a054e3ddcbc Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 5 Aug 2024 23:49:52 -0400 Subject: [PATCH 05/11] =?UTF-8?q?=F0=9F=93=9D=20docs(CHANGELOG.md):=20add?= =?UTF-8?q?=20cz=20ch=20changelog?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 5 ++++ README.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..fda45ab --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +## Unreleased + +### 🎨🏗️ Style & Architecture + +- **repo**: install repo features pre-commit and commitizen diff --git a/README.md b/README.md index 5df53f8..5bcb9c9 100644 --- a/README.md +++ b/README.md @@ -18,3 +18,73 @@ to loki. - updated version.tf to 0.0.1 - included module.images in depends on helm charts - created changelog + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 5.14.0 | +| [helm](#requirement\_helm) | >= 2.11.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | +| [null](#requirement\_null) | >= 3.2.1 | +| [template](#requirement\_template) | >= 2.2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.14.0 | +| [helm](#provider\_helm) | >= 2.11.0 | +| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | +| [loki-irsa-role](#module\_loki-irsa-role) | git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/ | n/a | +| [loki-s3](#module\_loki-s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.loki](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_s3_bucket.s3_server_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source | +| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [additional\_tags](#input\_additional\_tags) | Additional tags to add to resources created in AWS (s3 bucket, ...) | `map(string)` | `{}` | no | +| [canary\_tag](#input\_canary\_tag) | The tag of the grafana/loki-canary image to use. | `string` | `"3.0.0"` | no | +| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | +| [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `string` | `"true"` | no | +| [enterprise\_logs\_provisioner\_tag](#input\_enterprise\_logs\_provisioner\_tag) | The version of the grafana/enterprise-logs-provisioner image to use. | `string` | `"v1.7.0"` | no | +| [exporter\_tag](#input\_exporter\_tag) | The version of prom/memcached-exporter to use for the gateway. | `string` | `"v0.14.2"` | no | +| [gateway\_tag](#input\_gateway\_tag) | The version of nginxinc/nginx-unprivileged to use for the gateway. | `string` | `"1.25.2-alpine"` | no | +| [loki\_chart\_version](#input\_loki\_chart\_version) | Which version of the grafana/loki helm chart to use. | `string` | `"6.6.5"` | no | +| [loki\_tag](#input\_loki\_tag) | The tag of the loki image to use. | `string` | `"3.0.0"` | no | +| [memcached\_tag](#input\_memcached\_tag) | The version of memcached to use for the gateway. | `string` | `"1.6.23-alpine"` | no | +| [namespace](#input\_namespace) | The namespace into which grafana will be deployed | `string` | `"loki"` | no | +| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN in the EKS cluster for the OpenID Connect identity provider. | `string` | n/a | yes | +| [profile](#input\_profile) | AWS config profile used to upload images into ECR | `string` | `""` | no | +| [region](#input\_region) | The region holding these resources (for the s3 bucket.) | `string` | n/a | yes | +| [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | +| [sidecar\_tag](#input\_sidecar\_tag) | The version of kiwigrid/k8s-sidecar to use for the gateway. | `string` | `"1.24.3"` | no | +| [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [gateway\_internal\_endpoint](#output\_gateway\_internal\_endpoint) | The endpoint which can be used inside of the cluster to access loki-gateway. | +| [module\_name](#output\_module\_name) | The name of this module. | +| [module\_version](#output\_module\_version) | The version of this module. | +| [rwo\_storage\_class](#output\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | + From 6799f999b23e2ef66fe5c57ab229daf83d1a60f1 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 5 Aug 2024 23:59:39 -0400 Subject: [PATCH 06/11] =?UTF-8?q?=F0=9F=8E=A8=20style(lints):=20reslove=20?= =?UTF-8?q?lint=20output=20from=20tflint?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 10 ++++++++++ README.md | 26 ++++++++------------------ main.tf | 16 ++++++++-------- requirements.tf | 8 -------- s3.tf | 2 +- variables.tf | 2 +- version.tf | 4 ++-- 7 files changed, 30 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fda45ab..59ffc31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,3 +3,13 @@ ### 🎨🏗️ Style & Architecture - **repo**: install repo features pre-commit and commitizen + +# CHANGELOG +* 0.0.2 -- 2024-07-30 + - update images module + - formatting + - fix for tags +* 0.0.1 -- 2024-07-22 + - updated version.tf to 0.0.1 + - included module.images in depends on helm charts + - created changelog diff --git a/README.md b/README.md index 5bcb9c9..af6871b 100644 --- a/README.md +++ b/README.md @@ -9,15 +9,7 @@ to loki. -# CHANGELOG -* 0.0.2 -- 2024-07-30 - - update images module - - formatting - - fix for tags -* 0.0.1 -- 2024-07-22 - - updated version.tf to 0.0.1 - - included module.images in depends on helm charts - - created changelog + ## Requirements @@ -28,24 +20,22 @@ to loki. | [aws](#requirement\_aws) | >= 5.14.0 | | [helm](#requirement\_helm) | >= 2.11.0 | | [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | -| [null](#requirement\_null) | >= 3.2.1 | -| [template](#requirement\_template) | >= 2.2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.14.0 | -| [helm](#provider\_helm) | >= 2.11.0 | -| [kubernetes](#provider\_kubernetes) | >= 2.23.0 | +| [aws](#provider\_aws) | 5.61.0 | +| [helm](#provider\_helm) | 2.14.0 | +| [kubernetes](#provider\_kubernetes) | 2.31.0 | ## Modules | Name | Source | Version | |------|--------|---------| | [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | -| [loki-irsa-role](#module\_loki-irsa-role) | git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/ | n/a | -| [loki-s3](#module\_loki-s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade | +| [loki\_irsa\_role](#module\_loki\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | +| [loki\_s3](#module\_loki\_s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade | ## Resources @@ -55,13 +45,12 @@ to loki. | [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_s3_bucket.s3_server_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source | -| [kubernetes_namespace.existing-ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | +| [kubernetes_namespace.existing_ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tags](#input\_additional\_tags) | Additional tags to add to resources created in AWS (s3 bucket, ...) | `map(string)` | `{}` | no | | [canary\_tag](#input\_canary\_tag) | The tag of the grafana/loki-canary image to use. | `string` | `"3.0.0"` | no | | [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes | | [create\_namespace](#input\_create\_namespace) | Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`) | `string` | `"true"` | no | @@ -78,6 +67,7 @@ to loki. | [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | | [sidecar\_tag](#input\_sidecar\_tag) | The version of kiwigrid/k8s-sidecar to use for the gateway. | `string` | `"1.24.3"` | no | | [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no | +| [tags](#input\_tags) | Additional tags to add to resources created in AWS (s3 bucket, ...) | `map(string)` | `{}` | no | ## Outputs diff --git a/main.tf b/main.tf index 45a8a59..64a11bd 100644 --- a/main.tf +++ b/main.tf @@ -15,7 +15,7 @@ resource "kubernetes_namespace" "ns" { } } -data "kubernetes_namespace" "existing-ns" { +data "kubernetes_namespace" "existing_ns" { count = var.create_namespace == "true" ? 0 : 1 metadata { @@ -26,18 +26,18 @@ data "kubernetes_namespace" "existing-ns" { locals { tags = merge({ "eks-cluster-name" = var.cluster_name - "boc:tf_module_name" = local._module_name - "boc:tf_module_version" = local._module_version + "boc:tf_module_name" = local.module_name + "boc:tf_module_version" = local.module_version "boc:created_by" = "terraform" CostAllocation = var.tag_costallocation }, var.tags) - ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing-ns[0].metadata[0].name) + ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing_ns[0].metadata[0].name) } -module "loki-irsa-role" { - #source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/?ref=1.0.0" - source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/" +# tflint-ignore: terraform_module_version +module "loki_irsa_role" { + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" role_name = "${var.cluster_name}-loki" @@ -49,7 +49,7 @@ module "loki-irsa-role" { "${module.loki-s3.s3_bucket_arn}/*", ] kms_key_arns = [ - "${module.loki-s3.kms_key_arn}" + module.loki-s3.kms_key_arn ] oidc_providers = { diff --git a/requirements.tf b/requirements.tf index 1b7a5da..ae62e15 100644 --- a/requirements.tf +++ b/requirements.tf @@ -14,13 +14,5 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.23.0" } - null = { - source = "hashicorp/null" - version = ">= 3.2.1" - } - template = { - source = "hashicorp/template" - version = ">= 2.2.0" - } } } diff --git a/s3.tf b/s3.tf index f1b3611..cac37c6 100644 --- a/s3.tf +++ b/s3.tf @@ -9,7 +9,7 @@ data "aws_s3_bucket" "s3_server_access_logs" { bucket = format("inf-logs-%v-%v", local.account_id, var.region) } -module "loki-s3" { +module "loki_s3" { source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard?ref=tf-upgrade" bucket_name = format("%v-loki", var.cluster_name) diff --git a/variables.tf b/variables.tf index b488133..ecad875 100644 --- a/variables.tf +++ b/variables.tf @@ -4,7 +4,7 @@ variable "tag_costallocation" { default = "csvd:infrastructure" } -variable "additional_tags" { +variable "tags" { description = "Additional tags to add to resources created in AWS (s3 bucket, ...)" type = map(string) default = {} diff --git a/version.tf b/version.tf index 8d88b94..77fb555 100644 --- a/version.tf +++ b/version.tf @@ -1,4 +1,4 @@ locals { - _module_name = "tfmod-loki" - _module_version = "0.0.2" + module_name = "tfmod-loki" + module_version = "0.0.2" } From 1512f5087110e910c5f9c43aada696ed9271355c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 6 Aug 2024 00:12:30 -0400 Subject: [PATCH 07/11] fixes module --- README.md | 2 +- main.tf | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index af6871b..6a845e4 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ to loki. | Name | Source | Version | |------|--------|---------| | [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | -| [loki\_irsa\_role](#module\_loki\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | +| [loki\_irsa\_role](#module\_loki\_irsa\_role) | git@github.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git/ | n/a | | [loki\_s3](#module\_loki\_s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade | ## Resources diff --git a/main.tf b/main.tf index 64a11bd..f14a136 100644 --- a/main.tf +++ b/main.tf @@ -35,9 +35,11 @@ locals { ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing_ns[0].metadata[0].name) } -# tflint-ignore: terraform_module_version module "loki_irsa_role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + # source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/?ref=1.0.0" + # tflint-ignore: terraform_module_version + # tflint-ignore: terraform_module_pinned_source + source = "git@github.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git/" role_name = "${var.cluster_name}-loki" From 403d7490b5deddabe88e68d660c8ce3c4ed9204c Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 6 Aug 2024 00:14:09 -0400 Subject: [PATCH 08/11] update module location --- README.md | 2 +- main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6a845e4..08354e1 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ to loki. | Name | Source | Version | |------|--------|---------| | [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | -| [loki\_irsa\_role](#module\_loki\_irsa\_role) | git@github.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git/ | n/a | +| [loki\_irsa\_role](#module\_loki\_irsa\_role) | git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/ | n/a | | [loki\_s3](#module\_loki\_s3) | git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard | tf-upgrade | ## Resources diff --git a/main.tf b/main.tf index f14a136..93a1976 100644 --- a/main.tf +++ b/main.tf @@ -39,7 +39,7 @@ module "loki_irsa_role" { # source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/?ref=1.0.0" # tflint-ignore: terraform_module_version # tflint-ignore: terraform_module_pinned_source - source = "git@github.it.census.gov:SCT-Engineering/tfmod-custom-iam-role-for-service-account-eks.git/" + source = "git@github.it.census.gov:SOA/tfmod-custom-iam-role-for-service-account-eks.git/" role_name = "${var.cluster_name}-loki" From d0aa07d5b19651c438b87d95a0d0d00338e073c3 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 6 Aug 2024 10:36:09 -0400 Subject: [PATCH 09/11] lints --- main.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index 93a1976..726adbd 100644 --- a/main.tf +++ b/main.tf @@ -47,11 +47,11 @@ module "loki_irsa_role" { attach_encrypted_object_manager_policy = true s3_bucket_arns = [ - module.loki-s3.s3_bucket_arn, - "${module.loki-s3.s3_bucket_arn}/*", + module.loki_s3.s3_bucket_arn, + "${module.loki_s3.s3_bucket_arn}/*", ] kms_key_arns = [ - module.loki-s3.kms_key_arn + module.loki_s3.kms_key_arn ] oidc_providers = { @@ -155,7 +155,7 @@ resource "helm_release" "loki" { } set { name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" - value = module.loki-irsa-role.iam_role_arn + value = module.loki_irsa_role.iam_role_arn } set { name = "memberlist.service.publishNotReadyAddresses" @@ -165,15 +165,15 @@ resource "helm_release" "loki" { ##### Storage ##### set { name = "loki.storage.bucketNames.chunks" - value = module.loki-s3.s3_requested_bucket_name + value = module.loki_s3.s3_requested_bucket_name } set { name = "loki.storage.bucketNames.ruler" - value = module.loki-s3.s3_requested_bucket_name + value = module.loki_s3.s3_requested_bucket_name } set { name = "loki.storage.bucketNames.admin" - value = module.loki-s3.s3_requested_bucket_name + value = module.loki_s3.s3_requested_bucket_name } set { name = "loki.storage.type" @@ -191,7 +191,7 @@ resource "helm_release" "loki" { name = "loki.storage_config.aws.s3" value = format("s3://%v/%v", var.region, - module.loki-s3.s3_requested_bucket_name + module.loki_s3.s3_requested_bucket_name ) } set { From 700b357bf3c567beccfdc1b0da3cd2841ecbb3c5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 6 Aug 2024 10:37:48 -0400 Subject: [PATCH 10/11] more lints --- outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outputs.tf b/outputs.tf index fc88094..06eec05 100644 --- a/outputs.tf +++ b/outputs.tf @@ -17,10 +17,10 @@ output "gateway_internal_endpoint" { output "module_name" { description = "The name of this module." - value = local._module_name + value = local.module_name } output "module_version" { description = "The version of this module." - value = local._module_version + value = local.module_version } From 60208fc9d8a929729289dfbd767c382cf6f7deac Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Wed, 21 Aug 2024 18:04:17 -0400 Subject: [PATCH 11/11] update pre-commit --- .pre-commit-config.yaml | 4 +- .pre-commit-hooks.yaml | 170 ---------------------------------------- 2 files changed, 2 insertions(+), 172 deletions(-) delete mode 100644 .pre-commit-hooks.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d6091dd..edcbdd7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -49,7 +49,7 @@ repos: # Terraform Hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + rev: v1.92.2 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt args: @@ -106,6 +106,6 @@ repos: # - --hook-config=--parallelism-ci-cpu-cores=2 - repo: https://github.com/ljnsn/cz-conventional-gitmoji - rev: v0.3.2 + rev: v0.3.3 hooks: - id: conventional-gitmoji diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml deleted file mode 100644 index 266f0c7..0000000 --- a/.pre-commit-hooks.yaml +++ /dev/null @@ -1,170 +0,0 @@ -#### THESE ARE NOT ENABLED, THEY ARE FOR REFERENCE -# - id: infracost_breakdown -# name: Infracost breakdown -# description: Check terraform infrastructure cost -# entry: hooks/infracost_breakdown.sh -# language: script -# require_serial: true -# files: \.(tf(vars)?|hcl)$ -# exclude: \.terraform/.*$ - -# - id: terraform_fmt -# name: Terraform fmt -# description: Rewrites all Terraform configuration files to a canonical format. -# entry: hooks/terraform_fmt.sh -# language: script -# files: (\.tf|\.tfvars)$ -# exclude: \.terraform/.*$ - -# - id: terraform_docs -# name: Terraform docs -# description: Inserts input and output documentation into README.md (using terraform-docs). -# require_serial: true -# entry: hooks/terraform_docs.sh -# language: script -# files: (\.tf|\.terraform\.lock\.hcl)$ -# exclude: \.terraform/.*$ - -# - id: terraform_docs_without_aggregate_type_defaults -# name: Terraform docs (without aggregate type defaults) -# description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. -# require_serial: true -# entry: hooks/terraform_docs.sh -# language: script -# files: (\.tf)$ -# exclude: \.terraform/.*$ - -# - id: terraform_docs_replace -# name: Terraform docs (overwrite README.md) -# description: Overwrite content of README.md with terraform-docs. -# require_serial: true -# entry: terraform_docs_replace -# language: python -# files: (\.tf)$ -# exclude: \.terraform/.*$ - -# - id: terraform_validate -# name: Terraform validate -# description: Validates all Terraform configuration files. -# require_serial: true -# entry: hooks/terraform_validate.sh -# language: script -# files: \.(tf(vars)?|terraform\.lock\.hcl)$ -# exclude: \.terraform/.*$ - -# - id: terraform_providers_lock -# name: Lock terraform provider versions -# description: Updates provider signatures in dependency lock files. -# require_serial: true -# entry: hooks/terraform_providers_lock.sh -# language: script -# files: (\.terraform\.lock\.hcl)$ -# exclude: \.terraform/.*$ - -# - id: terraform_tflint -# name: Terraform validate with tflint -# description: Validates all Terraform configuration files with TFLint. -# require_serial: true -# entry: hooks/terraform_tflint.sh -# language: script -# files: (\.tf|\.tfvars)$ -# exclude: \.terraform/.*$ - -# - id: terragrunt_fmt -# name: Terragrunt fmt -# description: Rewrites all Terragrunt configuration files to a canonical format. -# entry: hooks/terragrunt_fmt.sh -# language: script -# files: (\.hcl)$ -# exclude: \.terraform/.*$ - -# - id: terragrunt_validate -# name: Terragrunt validate -# description: Validates all Terragrunt configuration files. -# entry: hooks/terragrunt_validate.sh -# language: script -# files: (\.hcl)$ -# exclude: \.terraform/.*$ - -# - id: terragrunt_validate_inputs -# name: Terragrunt validate inputs -# description: Validates Terragrunt unused and undefined inputs. -# entry: hooks/terragrunt_validate_inputs.sh -# language: script -# files: (\.hcl)$ -# exclude: \.terraform/.*$ - -# - id: terragrunt_providers_lock -# name: Terragrunt providers lock -# description: Updates provider signatures in dependency lock files using terragrunt. -# entry: hooks/terragrunt_providers_lock.sh -# language: script -# files: (terragrunt|\.terraform\.lock)\.hcl$ -# exclude: \.(terraform/.*|terragrunt-cache)$ - -# - id: terraform_tfsec -# name: Terraform validate with tfsec (deprecated, use "terraform_trivy") -# description: Static analysis of Terraform templates to spot potential security issues. -# require_serial: true -# entry: hooks/terraform_tfsec.sh -# files: \.tf(vars)?$ -# language: script - -# - id: terraform_trivy -# name: Terraform validate with trivy -# description: Static analysis of Terraform templates to spot potential security issues. -# require_serial: true -# entry: hooks/terraform_trivy.sh -# files: \.tf(vars)?$ -# language: script - -# - id: checkov -# name: checkov (deprecated, use "terraform_checkov") -# description: Runs checkov on Terraform templates. -# entry: checkov -d . -# language: python -# pass_filenames: false -# always_run: false -# files: \.tf$ -# exclude: \.terraform/.*$ -# require_serial: true - -# - id: terraform_checkov -# name: Checkov -# description: Runs checkov on Terraform templates. -# entry: hooks/terraform_checkov.sh -# language: script -# always_run: false -# files: \.tf$ -# exclude: \.terraform/.*$ -# require_serial: true - -# - id: terraform_wrapper_module_for_each -# name: Terraform wrapper with for_each in module -# description: Generate Terraform wrappers with for_each in module. -# entry: hooks/terraform_wrapper_module_for_each.sh -# language: script -# pass_filenames: false -# always_run: false -# require_serial: true -# files: \.tf$ -# exclude: \.terraform/.*$ - -# - id: terrascan -# name: terrascan -# description: Runs terrascan on Terraform templates. -# language: script -# entry: hooks/terrascan.sh -# files: \.tf$ -# exclude: \.terraform/.*$ -# require_serial: true - -# - id: tfupdate -# name: tfupdate -# description: Runs tfupdate on Terraform templates. -# language: script -# entry: hooks/tfupdate.sh -# args: -# - --args=terraform -# files: \.tf$ -# require_serial: true