Skip to content

Commit

Permalink
[Major] Code Freeze PR (#15)
Browse files Browse the repository at this point in the history
* action

* autoscaling

* update requests

* update resources

* add module release process

* update module source

* pull from ent-ecr

* use ironbank image

* update source path

* fix pushgateway

* add 10m timeout on deploy

* pull across accounts from central ecr

* add eecr_account_id

* fix ent_ecr_source

* dynamic version

* fix merge

* remove eecr data item as it is in the provider

* update copy images for eecr pulling

* update var and ent_ecr_source

* ensure workflows are current

* ensure workflows are current

* ensure committed
  • Loading branch information
morga471 committed Apr 22, 2025
1 parent 96f9332 commit 259799f
Show file tree
Hide file tree
Showing 8 changed files with 137 additions and 88 deletions.
43 changes: 5 additions & 38 deletions .github/workflows/terraform-release.yaml
Original file line number Diff line number Diff line change
@@ -1,25 +1,20 @@
name: Terraform CI/CD
name: Terraform Module Release
on:
workflow_dispatch:
pull_request:
types: [closed]
branches:
- main
jobs:
terraform-ci-cd:
runs-on: 229685449397
terraform-release:
runs-on: "229685449397"
permissions:
contents: write

steps:
- name: Checkout code
uses: CSVD/gh-actions-checkout@v4

- name: Setup Terraform
uses: CSVD/gh-actions-setup-terraform@v3
with:
terraform_version: "1.9.1"

- name: Setup GITHUB Credentials
id: github_credentials
uses: CSVD/gh-auth@main
Expand All @@ -28,28 +23,6 @@ jobs:
github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
github_app_id: ${{ vars.GH_APP_ID }}


- name: Debug Authentication
run: |
# Print the GitHub server URL
echo "GitHub Server URL: ${{ github.server_url }}"
# Extract the host from the URL
HOST="${{ github.server_url }}"
HOST="${HOST#*//}"
HOST="${HOST%%/*}"
echo "GitHub Host: $HOST"
# Check if token exists
if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then
echo "Token generated successfully"
# Test the token with a simple GitHub API call (without exposing the token)
STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user")
echo "API Test Status Code: $STATUS"
else
echo "No token was generated!"
fi
- name: Setup GitHub CLI
run: |
# Force manual authentication since setup-git might not work with GitHub Enterprise
Expand All @@ -60,14 +33,8 @@ jobs:
# Test GitHub CLI auth status
gh auth status || echo "GitHub CLI authentication failed"
- name: AWS Auth
id: aws_auth
uses: CSVD/aws-auth@main
with:
ecs: true

- name: Run Terraform Module Release Action
uses: CSVD/terraform-module-release@main
- name: Run Release Action
uses: CSVD/releaser@main
with:
github-token: ${{ steps.github_credentials.outputs.github_token }}
working-directory: '.'
2 changes: 1 addition & 1 deletion .github/workflows/terraform-validate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
- name: Setup Terraform
uses: CSVD/gh-actions-setup-terraform@v2
with:
terraform_version: '1.7.3'
terraform_version: '1.10.5'

- name: Validate Terraform Configuration
id: validate
Expand Down
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,14 +62,19 @@ sys 0m3.489s
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 |
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.94.1 |
| <a name="provider_aws.eecr"></a> [aws.eecr](#provider\_aws.eecr) | 5.94.1 |
| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
| <a name="provider_null"></a> [null](#provider\_null) | 3.2.3 |

## Modules

Expand All @@ -82,13 +87,18 @@ sys 0m3.489s
| Name | Type |
|------|------|
| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |
| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no |
| <a name="input_alertmanager_tag"></a> [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes |
| <a name="input_eecr_info"></a> [eecr\_info](#input\_eecr\_info) | Enterprise ECR source information | <pre>object({<br/> account_id = string<br/> alias = string<br/> profile = string<br/> region = string<br/> })</pre> | <pre>{<br/> "account_id": "269222635945",<br/> "alias": "lab-gov-shared-nonprod",<br/> "profile": "269222635945-lab-gov-shared-nonprod",<br/> "region": "us-gov-east-1"<br/>}</pre> | no |
| <a name="input_kube_state_metrics_tag"></a> [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no |
| <a name="input_node_exporter_tag"></a> [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no |
Expand All @@ -97,6 +107,7 @@ sys 0m3.489s
| <a name="input_prometheus_config_reloader_tag"></a> [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.2"` | no |
| <a name="input_prometheus_server_tag"></a> [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.54.0"` | no |
| <a name="input_pushgateway_tag"></a> [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no |
| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | n/a | yes |
| <a name="input_rwo_storage_class"></a> [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no |

## Outputs
Expand Down
59 changes: 41 additions & 18 deletions copy_images.tf
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
locals {
prom_config_reload_name = "prometheus/prometheus-config-reloader"
prom_config_reload_key = format("%v#%v", local.prom_config_reload_name, var.prometheus_config_reloader_tag)

prom_name = "prometheus/prometheus"
prom_key = format("%v#%v", local.prom_name, var.prometheus_server_tag)

alertman_name = "prometheus/alertmanager"
alertman_key = format("%v#%v", local.alertman_name, var.alertmanager_tag)

ent_ecr_source = format("%v.%v.%v.%v", var.eecr_info.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")

ksm_name = "prometheus/kube-state-metrics"
ksm_key = format("%v#%v", local.ksm_name, var.kube_state_metrics_tag)

node_exporter_name = "prometheus/node-exporter"
node_exporter_key = format("%v#%v", local.node_exporter_name, var.node_exporter_tag)

prom_config_reload_name = "prometheus/prometheus-config-reloader"
prom_config_reload_key = format("%v#%v", local.prom_config_reload_name, var.prometheus_config_reloader_tag)

prom_name = "prometheus/prometheus"
prom_key = format("%v#%v", local.prom_name, var.prometheus_server_tag)

pushgateway_name = "prometheus/pushgateway"
pushgateway_key = format("%v#%v", local.pushgateway_name, var.pushgateway_tag)

Expand All @@ -22,44 +24,44 @@ locals {
enabled = true
dest_path = null
name = local.prom_config_reload_name
source_image = "prometheus-operator/prometheus-config-reloader"
source_registry = "quay.io"
source_image = "opensource/prometheus-operator/prometheus-config-reloader"
source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
source_tag = var.prometheus_config_reloader_tag
tag = var.prometheus_config_reloader_tag
},
{
enabled = true
dest_path = null
name = local.prom_name
source_image = "prometheus/prometheus"
source_registry = "quay.io"
source_image = "opensource/prometheus/prometheus"
source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
source_tag = var.prometheus_server_tag
tag = var.prometheus_server_tag
},
{
enabled = true
dest_path = null
name = local.alertman_name
source_image = "prometheus/alertmanager"
source_registry = "quay.io"
source_image = "opensource/prometheus/alertmanager"
source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
source_tag = var.alertmanager_tag
tag = var.alertmanager_tag
},
{
enabled = true
dest_path = null
name = local.ksm_name
source_image = "kube-state-metrics/kube-state-metrics"
source_registry = "registry.k8s.io"
source_image = "opensource/kubernetes/kube-state-metrics"
source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
source_tag = var.kube_state_metrics_tag
tag = var.kube_state_metrics_tag
},
{
enabled = true
dest_path = null
name = local.node_exporter_name
source_image = "prometheus/node-exporter"
source_registry = "quay.io"
source_image = "opensource/prometheus/node-exporter"
source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
source_tag = var.node_exporter_tag
tag = var.node_exporter_tag
},
Expand All @@ -68,7 +70,7 @@ locals {
dest_path = null
name = local.pushgateway_name
source_image = "prometheus/pushgateway"
source_registry = "quay.io"
source_registry = format("%v/%v", local.ent_ecr_source, "quay")
source_tag = var.pushgateway_tag
tag = var.pushgateway_tag
},
Expand All @@ -86,5 +88,26 @@ module "images" {
enable_lifecycle_policy = true
lifecycle_policy_all = true
force_delete = true
lifecycle_policy_keep_count = 3
lifecycle_policy_keep_count = 5

source_username = data.aws_ecr_authorization_token.ecr_token.user_name
source_password = data.aws_ecr_authorization_token.ecr_token.password

destination_username = data.aws_ecr_authorization_token.token.user_name
destination_password = data.aws_ecr_authorization_token.token.password
}

data "aws_ecr_authorization_token" "token" {
registry_id = var.account_id
}

data "aws_ecr_authorization_token" "ecr_token" {
provider = aws.eecr
registry_id = var.eecr_info.account_id
}

provider "aws" {
alias = "eecr"
profile = var.eecr_info.profile
region = var.eecr_info.region
}
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ resource "helm_release" "prometheus" {
namespace = var.namespace
version = var.prometheus_chart_version
repository = "https://prometheus-community.github.io/helm-charts"
timeout = 600

# Global
set {
Expand Down
8 changes: 8 additions & 0 deletions requirements.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ terraform {
required_version = ">= 0.13"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.14.0"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.11.0"
Expand All @@ -10,5 +14,9 @@ terraform {
source = "hashicorp/kubernetes"
version = ">= 2.23.0"
}
null = {
source = "hashicorp/null"
version = ">= 3.2.1"
}
}
}
Loading

0 comments on commit 259799f

Please sign in to comment.