From d09b2c3ccd37ef39912b133ce77e4b9b33a0019e Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 28 Feb 2025 12:54:04 -0500 Subject: [PATCH 01/22] action --- .github/workflows/terragrunt-cicd.yml | 101 ++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml new file mode 100644 index 0000000..a78523e --- /dev/null +++ b/.github/workflows/terragrunt-cicd.yml @@ -0,0 +1,101 @@ +name: 'Terraform Module CI' + +on: + push: + branches: + - main + paths: + - '**/*.hcl' + - '**/*.tf' + pull_request: + branches: + - main + paths: + - '**/*.hcl' + - '**/*.tf' + +permissions: + contents: read + pull-requests: write + +jobs: + validate: + name: 'Validate Module' + runs-on: self-hosted + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.5.0 + + - name: Terraform Init + run: | + terraform init -backend=false + + - name: Terraform Format + run: | + terraform fmt -check + + - name: Terraform Validate + run: | + terraform validate + + - name: Run tflint + uses: terraform-linters/setup-tflint@v3 + if: github.event_name == 'pull_request' + + - name: Lint Terraform + if: github.event_name == 'pull_request' + run: | + tflint --format compact + + release: + name: 'Create Release' + needs: validate + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + runs-on: self-hosted + permissions: + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Install Commitizen + run: | + pip install commitizen + + - name: Configure Git + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + + - name: Bump Version and Generate Changelog + id: cz + run: | + cz bump --yes + echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT + echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT + + - name: Create Release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: v${{ steps.cz.outputs.new_version }} + release_name: Release v${{ steps.cz.outputs.new_version }} + draft: false + prerelease: false + body: ${{ steps.cz.outputs.changelog }} From 74054e81023b1bbf441d3ef5973db62f5dc3f8a0 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 28 Feb 2025 18:19:17 -0500 Subject: [PATCH 02/22] autoscaling --- .tflint.hcl | 26 +++++++++++++------------- README.md | 4 +--- main.tf | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 16 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index f63db7d..6a77997 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -5,18 +5,18 @@ config { } -rule "aws_instance_invalid_type" { - enabled = true -} +# rule "aws_instance_invalid_type" { +# enabled = true +# } -plugin "aws" { - enabled = true - version = "0.32.0" - source = "github.com/terraform-linters/tflint-ruleset-aws" -} +# plugin "aws" { +# enabled = true +# version = "0.32.0" +# source = "github.com/terraform-linters/tflint-ruleset-aws" +# } -plugin "terraform" { - enabled = true - version = "0.9.0" - source = "github.com/terraform-linters/tflint-ruleset-terraform" -} +# plugin "terraform" { +# enabled = true +# version = "0.9.0" +# source = "github.com/terraform-linters/tflint-ruleset-terraform" +# } diff --git a/README.md b/README.md index 3e07f85..68e37b8 100644 --- a/README.md +++ b/README.md @@ -69,8 +69,7 @@ sys 0m3.489s | Name | Version | |------|---------| -| [helm](#provider\_helm) | 2.16.1 | -| [kubernetes](#provider\_kubernetes) | 2.33.0 | +| [helm](#provider\_helm) | 2.17.0 | ## Modules @@ -83,7 +82,6 @@ sys 0m3.489s | Name | Type | |------|------| | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | ## Inputs diff --git a/main.tf b/main.tf index c1c7b09..2f8d045 100644 --- a/main.tf +++ b/main.tf @@ -113,4 +113,51 @@ resource "helm_release" "prometheus" { name = "prometheus-pushgateway.image.tag" value = module.images.images[local.pushgateway_key].tag } + + set { + name = "server.resources.requests.cpu" + value = "300m" + } + + set { + name = "server.resources.requests.memory" + value = "512Mi" + } + + set { + name = "server.resources.limits.cpu" + value = "1000m" + } + + set { + name = "server.resources.limits.memory" + value = "2Gi" + } + + # Autoscaling for Prometheus server + set { + name = "server.autoscaling.enabled" + value = "true" + } + + set { + name = "server.autoscaling.minReplicas" + value = "1" + } + + set { + name = "server.autoscaling.maxReplicas" + value = "3" + } + + set { + name = "server.autoscaling.targetCPUUtilizationPercentage" + value = "80" + } + + set { + name = "server.autoscaling.targetMemoryUtilizationPercentage" + value = "80" + } + } From 863951b77d28df3f70256782a6d51d4321c2abe6 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 6 Mar 2025 19:56:35 -0500 Subject: [PATCH 03/22] update requests --- main.tf | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index 2f8d045..9fb4dcb 100644 --- a/main.tf +++ b/main.tf @@ -116,12 +116,12 @@ resource "helm_release" "prometheus" { set { name = "server.resources.requests.cpu" - value = "300m" + value = "1m" } set { name = "server.resources.requests.memory" - value = "512Mi" + value = "1Mi" } set { @@ -147,7 +147,7 @@ resource "helm_release" "prometheus" { set { name = "server.autoscaling.maxReplicas" - value = "3" + value = "5" } set { @@ -155,9 +155,4 @@ resource "helm_release" "prometheus" { value = "80" } - set { - name = "server.autoscaling.targetMemoryUtilizationPercentage" - value = "80" - } - } From 0838c5373d3da07d063f1f29b19a7861b75ca1b8 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 21 Mar 2025 20:40:39 -0400 Subject: [PATCH 04/22] update resources --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 9fb4dcb..cf9754e 100644 --- a/main.tf +++ b/main.tf @@ -116,12 +116,12 @@ resource "helm_release" "prometheus" { set { name = "server.resources.requests.cpu" - value = "1m" + value = "100m" } set { name = "server.resources.requests.memory" - value = "1Mi" + value = "128Mi" } set { From 97e0fbd7c5715d96c766eed78b4182414fc7f5c1 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 11:53:04 -0400 Subject: [PATCH 05/22] add module release process --- .github/workflows/terraform-release.yaml | 73 ++++++++++++++++ .github/workflows/terraform-validate.yaml | 42 +++++++++ .github/workflows/terragrunt-cicd.yml | 101 ---------------------- 3 files changed, 115 insertions(+), 101 deletions(-) create mode 100644 .github/workflows/terraform-release.yaml create mode 100644 .github/workflows/terraform-validate.yaml delete mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml new file mode 100644 index 0000000..90910bc --- /dev/null +++ b/.github/workflows/terraform-release.yaml @@ -0,0 +1,73 @@ +name: Terraform CI/CD +on: + workflow_dispatch: + pull_request: + types: [closed] + branches: + - main +jobs: + terraform-ci-cd: + runs-on: 229685449397 + permissions: + contents: write + + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v3 + with: + terraform_version: "1.9.1" + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_app_id: ${{ vars.GH_APP_ID }} + + + - name: Debug Authentication + run: | + # Print the GitHub server URL + echo "GitHub Server URL: ${{ github.server_url }}" + + # Extract the host from the URL + HOST="${{ github.server_url }}" + HOST="${HOST#*//}" + HOST="${HOST%%/*}" + echo "GitHub Host: $HOST" + + # Check if token exists + if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then + echo "Token generated successfully" + # Test the token with a simple GitHub API call (without exposing the token) + STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user") + echo "API Test Status Code: $STATUS" + else + echo "No token was generated!" + fi + + - name: Setup GitHub CLI + run: | + # Force manual authentication since setup-git might not work with GitHub Enterprise + echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt + gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt + rm /tmp/token.txt + + # Test GitHub CLI auth status + gh auth status || echo "GitHub CLI authentication failed" + + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + + - name: Run Terraform Module Release Action + uses: CSVD/terraform-module-release@main + with: + github-token: ${{ steps.github_credentials.outputs.github_token }} + working-directory: '.' diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml new file mode 100644 index 0000000..72829d8 --- /dev/null +++ b/.github/workflows/terraform-validate.yaml @@ -0,0 +1,42 @@ +name: Terraform Validate +on: + pull_request: + workflow_dispatch: + +jobs: + + terraform-validate: + runs-on: "229685449397" + permissions: + contents: write + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: '1.7.3' + + - name: Validate Terraform Configuration + id: validate + uses: CSVD/terraform-validate@main + + - name: Check Validation/Test Results + if: always() + run: | + # Set default values if outputs are empty + IS_VALID="${{ steps.validate.outputs.is_valid }}" + TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" + + # If outputs are empty, set them to false + [ -z "$IS_VALID" ] && IS_VALID="false" + [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" + + if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then + echo "Validation or test errors found:" + echo "${{ steps.validate.outputs.stderr }}" + exit 1 + else + echo "All validations and tests passed successfully!" + fi diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml deleted file mode 100644 index a78523e..0000000 --- a/.github/workflows/terragrunt-cicd.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: 'Terraform Module CI' - -on: - push: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - pull_request: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - -permissions: - contents: read - pull-requests: write - -jobs: - validate: - name: 'Validate Module' - runs-on: self-hosted - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.5.0 - - - name: Terraform Init - run: | - terraform init -backend=false - - - name: Terraform Format - run: | - terraform fmt -check - - - name: Terraform Validate - run: | - terraform validate - - - name: Run tflint - uses: terraform-linters/setup-tflint@v3 - if: github.event_name == 'pull_request' - - - name: Lint Terraform - if: github.event_name == 'pull_request' - run: | - tflint --format compact - - release: - name: 'Create Release' - needs: validate - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - runs-on: self-hosted - permissions: - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.9' - - - name: Install Commitizen - run: | - pip install commitizen - - - name: Configure Git - run: | - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - - - name: Bump Version and Generate Changelog - id: cz - run: | - cz bump --yes - echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT - echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT - - - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ steps.cz.outputs.new_version }} - release_name: Release v${{ steps.cz.outputs.new_version }} - draft: false - prerelease: false - body: ${{ steps.cz.outputs.changelog }} From f32fda7225cf9e0ef7f1d41234293ca78bb2389d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 1 Apr 2025 20:29:35 -0400 Subject: [PATCH 06/22] update module source --- .github/workflows/terragrunt-cicd.yml | 101 -------------------------- README.md | 2 +- copy_images.tf | 2 +- 3 files changed, 2 insertions(+), 103 deletions(-) delete mode 100644 .github/workflows/terragrunt-cicd.yml diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml deleted file mode 100644 index a78523e..0000000 --- a/.github/workflows/terragrunt-cicd.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: 'Terraform Module CI' - -on: - push: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - pull_request: - branches: - - main - paths: - - '**/*.hcl' - - '**/*.tf' - -permissions: - contents: read - pull-requests: write - -jobs: - validate: - name: 'Validate Module' - runs-on: self-hosted - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.5.0 - - - name: Terraform Init - run: | - terraform init -backend=false - - - name: Terraform Format - run: | - terraform fmt -check - - - name: Terraform Validate - run: | - terraform validate - - - name: Run tflint - uses: terraform-linters/setup-tflint@v3 - if: github.event_name == 'pull_request' - - - name: Lint Terraform - if: github.event_name == 'pull_request' - run: | - tflint --format compact - - release: - name: 'Create Release' - needs: validate - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - runs-on: self-hosted - permissions: - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.9' - - - name: Install Commitizen - run: | - pip install commitizen - - - name: Configure Git - run: | - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - - - name: Bump Version and Generate Changelog - id: cz - run: | - cz bump --yes - echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT - echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT - - - name: Create Release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: v${{ steps.cz.outputs.new_version }} - release_name: Release v${{ steps.cz.outputs.new_version }} - draft: false - prerelease: false - body: ${{ steps.cz.outputs.changelog }} diff --git a/README.md b/README.md index 68e37b8..a7e1379 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ sys 0m3.489s | Name | Source | Version | |------|--------|---------| -| [images](#module\_images) | git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | +| [images](#module\_images) | git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade | ## Resources diff --git a/copy_images.tf b/copy_images.tf index 478182b..d92393b 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -76,7 +76,7 @@ locals { } module "images" { - source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" + source = "git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade" profile = var.profile application_name = var.cluster_name From b2571d0c5b3391d8d1f82c8532b7539725449751 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 14 Apr 2025 18:23:36 -0400 Subject: [PATCH 07/22] pull from ent-ecr --- .github/workflows/terraform-validate.yaml | 54 +++++++++-------- README.md | 6 ++ copy_images.tf | 44 +++++++++----- requirements.tf | 4 ++ variables.tf | 71 +++++++++++++---------- 5 files changed, 107 insertions(+), 72 deletions(-) diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml index 72829d8..04b96db 100644 --- a/.github/workflows/terraform-validate.yaml +++ b/.github/workflows/terraform-validate.yaml @@ -1,42 +1,40 @@ -name: Terraform Validate +name: Terraform CI/CD on: - pull_request: workflow_dispatch: - + pull_request: + types: [closed] + branches: + - main jobs: - - terraform-validate: - runs-on: "229685449397" + terraform-ci-cd: + runs-on: 229685449397 permissions: contents: write + steps: - name: Checkout code uses: CSVD/gh-actions-checkout@v4 - - name: Setup Terraform - uses: CSVD/gh-actions-setup-terraform@v2 + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main with: - terraform_version: '1.7.3' - - - name: Validate Terraform Configuration - id: validate - uses: CSVD/terraform-validate@main + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_app_id: ${{ vars.GH_APP_ID }} - - name: Check Validation/Test Results - if: always() + - name: Setup GitHub CLI run: | - # Set default values if outputs are empty - IS_VALID="${{ steps.validate.outputs.is_valid }}" - TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" + # Force manual authentication since setup-git might not work with GitHub Enterprise + echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt + gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt + rm /tmp/token.txt - # If outputs are empty, set them to false - [ -z "$IS_VALID" ] && IS_VALID="false" - [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" + # Test GitHub CLI auth status + gh auth status || echo "GitHub CLI authentication failed" - if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then - echo "Validation or test errors found:" - echo "${{ steps.validate.outputs.stderr }}" - exit 1 - else - echo "All validations and tests passed successfully!" - fi + - name: Run Release Action + uses: CSVD/releaser@main + with: + github-token: ${{ steps.github_credentials.outputs.github_token }} + working-directory: '.' diff --git a/README.md b/README.md index a7e1379..804d573 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ sys 0m3.489s | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | +| [aws](#requirement\_aws) | >= 5.14.0 | | [helm](#requirement\_helm) | >= 2.11.0 | | [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | @@ -69,6 +70,7 @@ sys 0m3.489s | Name | Version | |------|---------| +| [aws](#provider\_aws) | 5.89.0 | | [helm](#provider\_helm) | 2.17.0 | ## Modules @@ -82,11 +84,14 @@ sys 0m3.489s | Name | Type | |------|------| | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | +| [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no | | [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | | [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | | [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | @@ -97,6 +102,7 @@ sys 0m3.489s | [prometheus\_config\_reloader\_tag](#input\_prometheus\_config\_reloader\_tag) | The image tag of the prometheus-config-reloader image. | `string` | `"v0.75.2"` | no | | [prometheus\_server\_tag](#input\_prometheus\_server\_tag) | The image tag of prometheus server to install into the cluster. | `string` | `"v2.54.0"` | no | | [pushgateway\_tag](#input\_pushgateway\_tag) | The image tag of the pushgateway image. | `string` | `"v1.9.0"` | no | +| [region](#input\_region) | AWS region | `string` | n/a | yes | | [rwo\_storage\_class](#input\_rwo\_storage\_class) | Specify the storage class for read/write/once persistent volumes. | `string` | `"gp3-encrypted"` | no | ## Outputs diff --git a/copy_images.tf b/copy_images.tf index d92393b..d226182 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -1,19 +1,21 @@ locals { - prom_config_reload_name = "prometheus/prometheus-config-reloader" - prom_config_reload_key = format("%v#%v", local.prom_config_reload_name, var.prometheus_config_reloader_tag) - - prom_name = "prometheus/prometheus" - prom_key = format("%v#%v", local.prom_name, var.prometheus_server_tag) - alertman_name = "prometheus/alertmanager" alertman_key = format("%v#%v", local.alertman_name, var.alertmanager_tag) + ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images") + ksm_name = "prometheus/kube-state-metrics" ksm_key = format("%v#%v", local.ksm_name, var.kube_state_metrics_tag) node_exporter_name = "prometheus/node-exporter" node_exporter_key = format("%v#%v", local.node_exporter_name, var.node_exporter_tag) + prom_config_reload_name = "prometheus/prometheus-config-reloader" + prom_config_reload_key = format("%v#%v", local.prom_config_reload_name, var.prometheus_config_reloader_tag) + + prom_name = "prometheus/prometheus" + prom_key = format("%v#%v", local.prom_name, var.prometheus_server_tag) + pushgateway_name = "prometheus/pushgateway" pushgateway_key = format("%v#%v", local.pushgateway_name, var.pushgateway_tag) @@ -23,7 +25,7 @@ locals { dest_path = null name = local.prom_config_reload_name source_image = "prometheus-operator/prometheus-config-reloader" - source_registry = "quay.io" + source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.prometheus_config_reloader_tag tag = var.prometheus_config_reloader_tag }, @@ -32,7 +34,7 @@ locals { dest_path = null name = local.prom_name source_image = "prometheus/prometheus" - source_registry = "quay.io" + source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.prometheus_server_tag tag = var.prometheus_server_tag }, @@ -41,7 +43,7 @@ locals { dest_path = null name = local.alertman_name source_image = "prometheus/alertmanager" - source_registry = "quay.io" + source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.alertmanager_tag tag = var.alertmanager_tag }, @@ -49,8 +51,8 @@ locals { enabled = true dest_path = null name = local.ksm_name - source_image = "kube-state-metrics/kube-state-metrics" - source_registry = "registry.k8s.io" + source_image = "opensource/kubernetes/kube-state-metrics" + source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") source_tag = var.kube_state_metrics_tag tag = var.kube_state_metrics_tag }, @@ -59,7 +61,7 @@ locals { dest_path = null name = local.node_exporter_name source_image = "prometheus/node-exporter" - source_registry = "quay.io" + source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.node_exporter_tag tag = var.node_exporter_tag }, @@ -68,7 +70,7 @@ locals { dest_path = null name = local.pushgateway_name source_image = "prometheus/pushgateway" - source_registry = "quay.io" + source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.pushgateway_tag tag = var.pushgateway_tag }, @@ -86,5 +88,19 @@ module "images" { enable_lifecycle_policy = true lifecycle_policy_all = true force_delete = true - lifecycle_policy_keep_count = 3 + lifecycle_policy_keep_count = 5 + + source_username = data.aws_ecr_authorization_token.ecr_token.user_name + source_password = data.aws_ecr_authorization_token.ecr_token.password + + destination_username = data.aws_ecr_authorization_token.token.user_name + destination_password = data.aws_ecr_authorization_token.token.password +} + +data "aws_ecr_authorization_token" "ecr_token" { + registry_id = var.account_id +} + +data "aws_ecr_authorization_token" "token" { + registry_id = var.account_id } diff --git a/requirements.tf b/requirements.tf index 5f150af..ae62e15 100644 --- a/requirements.tf +++ b/requirements.tf @@ -2,6 +2,10 @@ terraform { required_version = ">= 0.13" required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.14.0" + } helm = { source = "hashicorp/helm" version = ">= 2.11.0" diff --git a/variables.tf b/variables.tf index ad3b3b7..549f70f 100644 --- a/variables.tf +++ b/variables.tf @@ -1,20 +1,50 @@ -variable "profile" { - description = "AWS_PROFILE to use to apply the terraform script." +variable "account_id" { + description = "aws account number" type = string default = "" } +# The `APP VERSION` of the output: +# helm search repo prometheus-community/alertmanager +variable "alertmanager_tag" { + description = "The image tag of the alertmanager image." + type = string + default = "v0.27.0" +} + variable "cluster_name" { description = "The name of the cluster into which prometheus will be installed." type = string } +# The `APP VERSION` of the output: +# helm search repo prometheus-community/kube-state-metrics +variable "kube_state_metrics_tag" { + description = "The image tag of the kube-state-metrics image." + type = string + default = "v2.13.0" +} + variable "namespace" { description = "The namespace to install the prometheus components. Defaults to 'prometheus'" type = string default = "prometheus" } +# The `APP VERSION` of the output: +# helm search repo prometheus-community/prometheus-node-exporter +variable "node_exporter_tag" { + description = "The image tag of the node-exporter image." + type = string + default = "v1.8.2" +} + +variable "profile" { + description = "AWS_PROFILE to use to apply the terraform script." + type = string + default = "" +} + # helm repo add prometheus-community https://prometheus-community.github.io/helm-charts # helm search repo prometheus-community/prometheus | head -2 variable "prometheus_chart_version" { @@ -23,13 +53,6 @@ variable "prometheus_chart_version" { default = "25.26.0" } -# The `APP VERSION` of the output found while determining the chart version -variable "prometheus_server_tag" { - description = "The image tag of prometheus server to install into the cluster." - type = string - default = "v2.54.0" -} - # helm show values prometheus-community/prometheus | less variable "prometheus_config_reloader_tag" { description = "The image tag of the prometheus-config-reloader image." @@ -37,28 +60,11 @@ variable "prometheus_config_reloader_tag" { default = "v0.75.2" } -# The `APP VERSION` of the output: -# helm search repo prometheus-community/alertmanager -variable "alertmanager_tag" { - description = "The image tag of the alertmanager image." - type = string - default = "v0.27.0" -} - -# The `APP VERSION` of the output: -# helm search repo prometheus-community/kube-state-metrics -variable "kube_state_metrics_tag" { - description = "The image tag of the kube-state-metrics image." - type = string - default = "v2.13.0" -} - -# The `APP VERSION` of the output: -# helm search repo prometheus-community/prometheus-node-exporter -variable "node_exporter_tag" { - description = "The image tag of the node-exporter image." +# The `APP VERSION` of the output found while determining the chart version +variable "prometheus_server_tag" { + description = "The image tag of prometheus server to install into the cluster." type = string - default = "v1.8.2" + default = "v2.54.0" } # The `APP VERSION` of the output: @@ -69,6 +75,11 @@ variable "pushgateway_tag" { default = "v1.9.0" } +variable "region" { + description = "AWS region" + type = string +} + variable "rwo_storage_class" { description = "Specify the storage class for read/write/once persistent volumes." type = string From 71f661b91f7c1029f143ef1a0d2f4c37a97c9e3d Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 14 Apr 2025 23:03:47 -0400 Subject: [PATCH 08/22] use ironbank image --- copy_images.tf | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/copy_images.tf b/copy_images.tf index d226182..df77edb 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -24,8 +24,8 @@ locals { enabled = true dest_path = null name = local.prom_config_reload_name - source_image = "prometheus-operator/prometheus-config-reloader" - source_registry = format("%v/%v", local.ent_ecr_source, "quay") + source_image = "opensource/prometheus-operator/prometheus-config-reloader" + source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") source_tag = var.prometheus_config_reloader_tag tag = var.prometheus_config_reloader_tag }, @@ -33,8 +33,8 @@ locals { enabled = true dest_path = null name = local.prom_name - source_image = "prometheus/prometheus" - source_registry = format("%v/%v", local.ent_ecr_source, "quay") + source_image = "opensource/prometheus/prometheus" + source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") source_tag = var.prometheus_server_tag tag = var.prometheus_server_tag }, @@ -42,8 +42,8 @@ locals { enabled = true dest_path = null name = local.alertman_name - source_image = "prometheus/alertmanager" - source_registry = format("%v/%v", local.ent_ecr_source, "quay") + source_image = "opensource/prometheus/alertmanager" + source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") source_tag = var.alertmanager_tag tag = var.alertmanager_tag }, @@ -60,8 +60,8 @@ locals { enabled = true dest_path = null name = local.node_exporter_name - source_image = "prometheus/node-exporter" - source_registry = format("%v/%v", local.ent_ecr_source, "quay") + source_image = "opensource/prometheus/node-exporter" + source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") source_tag = var.node_exporter_tag tag = var.node_exporter_tag }, @@ -69,8 +69,8 @@ locals { enabled = true dest_path = null name = local.pushgateway_name - source_image = "prometheus/pushgateway" - source_registry = format("%v/%v", local.ent_ecr_source, "quay") + source_image = "opensource/prometheus/pushgateway" + source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") source_tag = var.pushgateway_tag tag = var.pushgateway_tag }, From dfef988a7fda7b2ca4a60950cc18c64923116621 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 14 Apr 2025 23:34:28 -0400 Subject: [PATCH 09/22] update source path --- copy_images.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/copy_images.tf b/copy_images.tf index df77edb..dde62ec 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -69,8 +69,8 @@ locals { enabled = true dest_path = null name = local.pushgateway_name - source_image = "opensource/prometheus/pushgateway" - source_registry = format("%v/%v", local.ent_ecr_source, "ironbank") + source_image = "oensource/prometheus/pushgateway" + source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.pushgateway_tag tag = var.pushgateway_tag }, From cd31aba52599b0b43cb1529f60d3a2d70ff70732 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 14 Apr 2025 23:39:54 -0400 Subject: [PATCH 10/22] fix pushgateway --- copy_images.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/copy_images.tf b/copy_images.tf index dde62ec..17490e7 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -69,7 +69,7 @@ locals { enabled = true dest_path = null name = local.pushgateway_name - source_image = "oensource/prometheus/pushgateway" + source_image = "prometheus/pushgateway" source_registry = format("%v/%v", local.ent_ecr_source, "quay") source_tag = var.pushgateway_tag tag = var.pushgateway_tag From bb7b897c3b7f7764e52bf1f847ccb00603054dfc Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 15 Apr 2025 16:09:39 -0400 Subject: [PATCH 11/22] add 10m timeout on deploy --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index cf9754e..0441b66 100644 --- a/main.tf +++ b/main.tf @@ -25,6 +25,7 @@ resource "helm_release" "prometheus" { namespace = var.namespace version = var.prometheus_chart_version repository = "https://prometheus-community.github.io/helm-charts" + timeout = 600 # Global set { From bbbc8bd7aa1cdb54f60887eafacd8082d7f13e52 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 17 Apr 2025 14:19:56 -0400 Subject: [PATCH 12/22] pull across accounts from central ecr --- README.md | 3 ++- copy_images.tf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 804d573..383903c 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,8 @@ sys 0m3.489s | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.89.0 | +| [aws](#provider\_aws) | 5.94.1 | +| [aws.eecr](#provider\_aws.eecr) | 5.94.1 | | [helm](#provider\_helm) | 2.17.0 | ## Modules diff --git a/copy_images.tf b/copy_images.tf index 17490e7..635578c 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -98,7 +98,8 @@ module "images" { } data "aws_ecr_authorization_token" "ecr_token" { - registry_id = var.account_id + provider = aws.eecr + registry_id = var.eecr_account_id } data "aws_ecr_authorization_token" "token" { From 140f1ef269422655a12bb10a5aa19ed7c96f5411 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 17 Apr 2025 17:47:03 -0400 Subject: [PATCH 13/22] add eecr_account_id --- README.md | 1 + variables.tf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 383903c..a396e1c 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ sys 0m3.489s | [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no | | [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | | [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | +| [eecr\_account\_id](#input\_eecr\_account\_id) | enterpirse ecr source aws account number | `string` | `""` | no | | [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | | [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | | [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | diff --git a/variables.tf b/variables.tf index 549f70f..8bcc6cb 100644 --- a/variables.tf +++ b/variables.tf @@ -17,6 +17,12 @@ variable "cluster_name" { type = string } +variable "eecr_account_id" { + description = "enterpirse ecr source aws account number" + type = string + default = "" +} + # The `APP VERSION` of the output: # helm search repo prometheus-community/kube-state-metrics variable "kube_state_metrics_tag" { From a9bd602521a728c8c5dfa9ab6432f9c3ab2300d5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 17 Apr 2025 19:35:39 -0400 Subject: [PATCH 14/22] fix ent_ecr_source --- copy_images.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/copy_images.tf b/copy_images.tf index 635578c..6c03200 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -2,7 +2,7 @@ locals { alertman_name = "prometheus/alertmanager" alertman_key = format("%v#%v", local.alertman_name, var.alertmanager_tag) - ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images") + ent_ecr_source = format("%v.%v.%v.%v", var.eecr_account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images") ksm_name = "prometheus/kube-state-metrics" ksm_key = format("%v#%v", local.ksm_name, var.kube_state_metrics_tag) From 34244d91050b98124a1936dd3581062b85a8cddc Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 17 Apr 2025 23:30:41 -0400 Subject: [PATCH 15/22] dynamic version --- README.md | 4 ++++ requirements.tf | 4 ++++ version.tf | 27 +++++++++++++++++++++++++-- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a396e1c..55e9298 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ sys 0m3.489s | [aws](#requirement\_aws) | >= 5.14.0 | | [helm](#requirement\_helm) | >= 2.11.0 | | [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | +| [null](#requirement\_null) | >= 3.2.1 | ## Providers @@ -73,6 +74,7 @@ sys 0m3.489s | [aws](#provider\_aws) | 5.94.1 | | [aws.eecr](#provider\_aws.eecr) | 5.94.1 | | [helm](#provider\_helm) | 2.17.0 | +| [null](#provider\_null) | 3.2.3 | ## Modules @@ -85,6 +87,8 @@ sys 0m3.489s | Name | Type | |------|------| | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.module_name](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | | [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | diff --git a/requirements.tf b/requirements.tf index ae62e15..32e5c6f 100644 --- a/requirements.tf +++ b/requirements.tf @@ -14,5 +14,9 @@ terraform { source = "hashicorp/kubernetes" version = ">= 2.23.0" } + null = { + source = "hashicorp/null" + version = ">= 3.2.1" + } } } diff --git a/version.tf b/version.tf index 80e6d93..ebe81a9 100644 --- a/version.tf +++ b/version.tf @@ -1,4 +1,27 @@ +resource "null_resource" "git_version" { + triggers = { + # Force this to run on every apply to get the latest tag value + always_run = timestamp() + } + + provisioner "local-exec" { + command = "git describe --tags --abbrev=0 2>/dev/null || echo 'unknown' > ${path.module}/.git_tag" + on_failure = continue + } +} + +resource "null_resource" "module_name" { + triggers = { + module_path = path.module + } + + provisioner "local-exec" { + command = "basename $(pwd) > ${path.module}/.module_name" + on_failure = continue + } +} + locals { - module_name = "tfmod-prometheus" - module_version = "0.1.1" + module_name = fileexists("${path.module}/.module_name") ? trimspace(file("${path.module}/.module_name")) : "tfmod-prometheus" + module_version = fileexists("${path.module}/.git_tag") ? trimspace(file("${path.module}/.git_tag")) : "latest" } From f18fc21de8e09da335f6c30c4425bf5a6d90ade3 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 18 Apr 2025 00:33:08 -0400 Subject: [PATCH 16/22] fix merge --- .github/workflows/terraform-validate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml index 72829d8..ac349eb 100644 --- a/.github/workflows/terraform-validate.yaml +++ b/.github/workflows/terraform-validate.yaml @@ -16,7 +16,7 @@ jobs: - name: Setup Terraform uses: CSVD/gh-actions-setup-terraform@v2 with: - terraform_version: '1.7.3' + terraform_version: '1.10.5' - name: Validate Terraform Configuration id: validate From bba36000e3708c7b1ec4ffbd782ad28e5cabc27f Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 18 Apr 2025 14:58:51 -0400 Subject: [PATCH 17/22] remove eecr data item as it is in the provider --- README.md | 2 -- copy_images.tf | 5 ----- 2 files changed, 7 deletions(-) diff --git a/README.md b/README.md index 55e9298..cfcab22 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,6 @@ sys 0m3.489s | Name | Version | |------|---------| | [aws](#provider\_aws) | 5.94.1 | -| [aws.eecr](#provider\_aws.eecr) | 5.94.1 | | [helm](#provider\_helm) | 2.17.0 | | [null](#provider\_null) | 3.2.3 | @@ -89,7 +88,6 @@ sys 0m3.489s | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.module_name](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | | [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | ## Inputs diff --git a/copy_images.tf b/copy_images.tf index 6c03200..b86535c 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -97,11 +97,6 @@ module "images" { destination_password = data.aws_ecr_authorization_token.token.password } -data "aws_ecr_authorization_token" "ecr_token" { - provider = aws.eecr - registry_id = var.eecr_account_id -} - data "aws_ecr_authorization_token" "token" { registry_id = var.account_id } From e5c6a45a1811b57262b951c835b8e88fd5f3fbdc Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 18 Apr 2025 21:14:46 -0400 Subject: [PATCH 18/22] update copy images for eecr pulling --- README.md | 2 ++ copy_images.tf | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/README.md b/README.md index cfcab22..55e9298 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ sys 0m3.489s | Name | Version | |------|---------| | [aws](#provider\_aws) | 5.94.1 | +| [aws.eecr](#provider\_aws.eecr) | 5.94.1 | | [helm](#provider\_helm) | 2.17.0 | | [null](#provider\_null) | 3.2.3 | @@ -88,6 +89,7 @@ sys 0m3.489s | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.module_name](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | | [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | ## Inputs diff --git a/copy_images.tf b/copy_images.tf index b86535c..c761f10 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -100,3 +100,14 @@ module "images" { data "aws_ecr_authorization_token" "token" { registry_id = var.account_id } + +data "aws_ecr_authorization_token" "ecr_token" { + provider = aws.eecr + registry_id = var.eecr_info.account_id +} + +provider "aws" { + alias = "eecr" + profile = var.eecr_info.profile + region = var.eecr_info.region +} From 52d535237c06e0b9a4edae5e09f910047b579963 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 18 Apr 2025 21:34:06 -0400 Subject: [PATCH 19/22] update var and ent_ecr_source --- README.md | 2 +- copy_images.tf | 2 +- variables.tf | 18 ++++++++++++++---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 55e9298..3d183e4 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ sys 0m3.489s | [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no | | [alertmanager\_tag](#input\_alertmanager\_tag) | The image tag of the alertmanager image. | `string` | `"v0.27.0"` | no | | [cluster\_name](#input\_cluster\_name) | The name of the cluster into which prometheus will be installed. | `string` | n/a | yes | -| [eecr\_account\_id](#input\_eecr\_account\_id) | enterpirse ecr source aws account number | `string` | `""` | no | +| [eecr\_info](#input\_eecr\_info) | Enterprise ECR source information | 
object({
    account_id = string
    alias      = string
    profile    = string
    region     = string
  })
| 
{
  "account_id": "269222635945",
  "alias": "lab-gov-shared-nonprod",
  "profile": "269222635945-lab-gov-shared-nonprod",
  "region": "us-gov-east-1"
}
| no | | [kube\_state\_metrics\_tag](#input\_kube\_state\_metrics\_tag) | The image tag of the kube-state-metrics image. | `string` | `"v2.13.0"` | no | | [namespace](#input\_namespace) | The namespace to install the prometheus components. Defaults to 'prometheus' | `string` | `"prometheus"` | no | | [node\_exporter\_tag](#input\_node\_exporter\_tag) | The image tag of the node-exporter image. | `string` | `"v1.8.2"` | no | diff --git a/copy_images.tf b/copy_images.tf index c761f10..611c60a 100644 --- a/copy_images.tf +++ b/copy_images.tf @@ -2,7 +2,7 @@ locals { alertman_name = "prometheus/alertmanager" alertman_key = format("%v#%v", local.alertman_name, var.alertmanager_tag) - ent_ecr_source = format("%v.%v.%v.%v", var.eecr_account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images") + ent_ecr_source = format("%v.%v.%v.%v", var.eecr_info.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images") ksm_name = "prometheus/kube-state-metrics" ksm_key = format("%v#%v", local.ksm_name, var.kube_state_metrics_tag) diff --git a/variables.tf b/variables.tf index 8bcc6cb..4563349 100644 --- a/variables.tf +++ b/variables.tf @@ -17,10 +17,20 @@ variable "cluster_name" { type = string } -variable "eecr_account_id" { - description = "enterpirse ecr source aws account number" - type = string - default = "" +variable "eecr_info" { + description = "Enterprise ECR source information" + type = object({ + account_id = string + alias = string + profile = string + region = string + }) + default = { + account_id = "269222635945" + alias = "lab-gov-shared-nonprod" + profile = "269222635945-lab-gov-shared-nonprod" + region = "us-gov-east-1" + } } # The `APP VERSION` of the output: From 3fc3b79a09954a52505cd002df9eb67da13f2788 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 21 Apr 2025 11:42:37 -0400 Subject: [PATCH 20/22] ensure workflows are current --- .github/workflows/terraform-release.yaml | 2 +- terraform-release.yaml | 40 ++++++++++++++++++++++ terraform-validate.yaml | 42 ++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 terraform-release.yaml create mode 100644 terraform-validate.yaml diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml index 90910bc..b91ef15 100644 --- a/.github/workflows/terraform-release.yaml +++ b/.github/workflows/terraform-release.yaml @@ -7,7 +7,7 @@ on: - main jobs: terraform-ci-cd: - runs-on: 229685449397 + runs-on: "229685449397" permissions: contents: write diff --git a/terraform-release.yaml b/terraform-release.yaml new file mode 100644 index 0000000..3f67574 --- /dev/null +++ b/terraform-release.yaml @@ -0,0 +1,40 @@ +name: Terraform Module Release +on: + workflow_dispatch: + pull_request: + types: [closed] + branches: + - main +jobs: + terraform-release: + runs-on: "229685449397" + permissions: + contents: write + + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_app_id: ${{ vars.GH_APP_ID }} + + - name: Setup GitHub CLI + run: | + # Force manual authentication since setup-git might not work with GitHub Enterprise + echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt + gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt + rm /tmp/token.txt + + # Test GitHub CLI auth status + gh auth status || echo "GitHub CLI authentication failed" + + - name: Run Release Action + uses: CSVD/releaser@main + with: + github-token: ${{ steps.github_credentials.outputs.github_token }} + working-directory: '.' diff --git a/terraform-validate.yaml b/terraform-validate.yaml new file mode 100644 index 0000000..ac349eb --- /dev/null +++ b/terraform-validate.yaml @@ -0,0 +1,42 @@ +name: Terraform Validate +on: + pull_request: + workflow_dispatch: + +jobs: + + terraform-validate: + runs-on: "229685449397" + permissions: + contents: write + steps: + - name: Checkout code + uses: CSVD/gh-actions-checkout@v4 + + - name: Setup Terraform + uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: '1.10.5' + + - name: Validate Terraform Configuration + id: validate + uses: CSVD/terraform-validate@main + + - name: Check Validation/Test Results + if: always() + run: | + # Set default values if outputs are empty + IS_VALID="${{ steps.validate.outputs.is_valid }}" + TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" + + # If outputs are empty, set them to false + [ -z "$IS_VALID" ] && IS_VALID="false" + [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" + + if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then + echo "Validation or test errors found:" + echo "${{ steps.validate.outputs.stderr }}" + exit 1 + else + echo "All validations and tests passed successfully!" + fi From 18eaa277a36c6b1f94de57597737c9952e70b4d5 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 21 Apr 2025 15:43:15 -0400 Subject: [PATCH 21/22] ensure workflows are current --- .github/workflows/terraform-release.yaml | 41 +++-------------------- terraform-release.yaml | 40 ---------------------- terraform-validate.yaml | 42 ------------------------ 3 files changed, 4 insertions(+), 119 deletions(-) delete mode 100644 terraform-release.yaml delete mode 100644 terraform-validate.yaml diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml index b91ef15..3f67574 100644 --- a/.github/workflows/terraform-release.yaml +++ b/.github/workflows/terraform-release.yaml @@ -1,4 +1,4 @@ -name: Terraform CI/CD +name: Terraform Module Release on: workflow_dispatch: pull_request: @@ -6,7 +6,7 @@ on: branches: - main jobs: - terraform-ci-cd: + terraform-release: runs-on: "229685449397" permissions: contents: write @@ -15,11 +15,6 @@ jobs: - name: Checkout code uses: CSVD/gh-actions-checkout@v4 - - name: Setup Terraform - uses: CSVD/gh-actions-setup-terraform@v3 - with: - terraform_version: "1.9.1" - - name: Setup GITHUB Credentials id: github_credentials uses: CSVD/gh-auth@main @@ -28,28 +23,6 @@ jobs: github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} github_app_id: ${{ vars.GH_APP_ID }} - - - name: Debug Authentication - run: | - # Print the GitHub server URL - echo "GitHub Server URL: ${{ github.server_url }}" - - # Extract the host from the URL - HOST="${{ github.server_url }}" - HOST="${HOST#*//}" - HOST="${HOST%%/*}" - echo "GitHub Host: $HOST" - - # Check if token exists - if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then - echo "Token generated successfully" - # Test the token with a simple GitHub API call (without exposing the token) - STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user") - echo "API Test Status Code: $STATUS" - else - echo "No token was generated!" - fi - - name: Setup GitHub CLI run: | # Force manual authentication since setup-git might not work with GitHub Enterprise @@ -60,14 +33,8 @@ jobs: # Test GitHub CLI auth status gh auth status || echo "GitHub CLI authentication failed" - - name: AWS Auth - id: aws_auth - uses: CSVD/aws-auth@main - with: - ecs: true - - - name: Run Terraform Module Release Action - uses: CSVD/terraform-module-release@main + - name: Run Release Action + uses: CSVD/releaser@main with: github-token: ${{ steps.github_credentials.outputs.github_token }} working-directory: '.' diff --git a/terraform-release.yaml b/terraform-release.yaml deleted file mode 100644 index 3f67574..0000000 --- a/terraform-release.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: Terraform Module Release -on: - workflow_dispatch: - pull_request: - types: [closed] - branches: - - main -jobs: - terraform-release: - runs-on: "229685449397" - permissions: - contents: write - - steps: - - name: Checkout code - uses: CSVD/gh-actions-checkout@v4 - - - name: Setup GITHUB Credentials - id: github_credentials - uses: CSVD/gh-auth@main - with: - github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} - github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} - github_app_id: ${{ vars.GH_APP_ID }} - - - name: Setup GitHub CLI - run: | - # Force manual authentication since setup-git might not work with GitHub Enterprise - echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt - gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt - rm /tmp/token.txt - - # Test GitHub CLI auth status - gh auth status || echo "GitHub CLI authentication failed" - - - name: Run Release Action - uses: CSVD/releaser@main - with: - github-token: ${{ steps.github_credentials.outputs.github_token }} - working-directory: '.' diff --git a/terraform-validate.yaml b/terraform-validate.yaml deleted file mode 100644 index ac349eb..0000000 --- a/terraform-validate.yaml +++ /dev/null @@ -1,42 +0,0 @@ -name: Terraform Validate -on: - pull_request: - workflow_dispatch: - -jobs: - - terraform-validate: - runs-on: "229685449397" - permissions: - contents: write - steps: - - name: Checkout code - uses: CSVD/gh-actions-checkout@v4 - - - name: Setup Terraform - uses: CSVD/gh-actions-setup-terraform@v2 - with: - terraform_version: '1.10.5' - - - name: Validate Terraform Configuration - id: validate - uses: CSVD/terraform-validate@main - - - name: Check Validation/Test Results - if: always() - run: | - # Set default values if outputs are empty - IS_VALID="${{ steps.validate.outputs.is_valid }}" - TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}" - - # If outputs are empty, set them to false - [ -z "$IS_VALID" ] && IS_VALID="false" - [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false" - - if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then - echo "Validation or test errors found:" - echo "${{ steps.validate.outputs.stderr }}" - exit 1 - else - echo "All validations and tests passed successfully!" - fi From b7d0b78270442e4ea7bae4d0cd7ccf6bdc824486 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 22 Apr 2025 00:04:53 -0400 Subject: [PATCH 22/22] ensure committed --- README.md | 1 - version.tf | 13 +------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/README.md b/README.md index 3d183e4..4634eb5 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,6 @@ sys 0m3.489s |------|------| | [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.module_name](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_ecr_authorization_token.ecr_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | | [aws_ecr_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecr_authorization_token) | data source | diff --git a/version.tf b/version.tf index ebe81a9..c5a17bd 100644 --- a/version.tf +++ b/version.tf @@ -10,18 +10,7 @@ resource "null_resource" "git_version" { } } -resource "null_resource" "module_name" { - triggers = { - module_path = path.module - } - - provisioner "local-exec" { - command = "basename $(pwd) > ${path.module}/.module_name" - on_failure = continue - } -} - locals { - module_name = fileexists("${path.module}/.module_name") ? trimspace(file("${path.module}/.module_name")) : "tfmod-prometheus" + module_name = "tfmod-prometheus" module_version = fileexists("${path.module}/.git_tag") ? trimspace(file("${path.module}/.git_tag")) : "latest" }