Upgrade readme (#1)

* Upgrade readme * Add missing files * Update README.yaml * Add Dockerfile
cloudposse-archives · Jul 18, 2018 · 125ce75 · 125ce75
1 parent 8e9623c
commit 125ce75
Show file tree

Hide file tree

Showing 12 changed files with 553 additions and 10 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,18 @@
+**/.terraform
+.git
+.gitignore
+.editorconfig
+
+# Compiled files
+*.tfstate
+*.tfstate.backup
+.terraform.tfstate.lock.info
+
+# Module directory
+.terraform/
+.idea
+*.iml
+
+# Build Harness
+.build-harness
+build-harness/
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,24 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Override for Makefile
+[{Makefile, makefile, GNUmakefile}]
+indent_style = tab
+indent_size = 4
+
+[Makefile.*]
+indent_style = tab
+indent_size = 4
+
+[shell]
+indent_style = tab
+indent_size = 4
+
+[*.sh]
+indent_style = tab
+indent_size = 4
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,13 @@
-#  Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
+# Compiled files
 *.tfstate
-*.tfstate.*
+*.tfstate.backup
+.terraform.tfstate.lock.info
+
+# Module directory
+.terraform/
+.idea
+*.iml
 
-# .tfvars files
-*.tfvars
+# Build Harness
+.build-harness
+build-harness/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,63 @@
+FROM cloudposse/terraform-root-modules:0.4.7 as terraform-root-modules
+
+FROM cloudposse/geodesic:0.11.6
+
+ENV DOCKER_IMAGE="cloudposse/dev.cloudposse.co"
+ENV DOCKER_TAG="latest"
+
+# Geodesic banner
+ENV BANNER="dev.cloudposse.co"
+
+# AWS Region
+ENV AWS_REGION="us-west-2"
+
+# Terraform vars
+ENV TF_VAR_region="${AWS_REGION}"
+ENV TF_VAR_account_id="838456590850"
+ENV TF_VAR_namespace="cpco"
+ENV TF_VAR_stage="dev"
+ENV TF_VAR_domain_name="dev.cloudposse.co"
+ENV TF_VAR_zone_name="dev.cloudposse.co."
+
+# chamber KMS config
+ENV CHAMBER_KMS_KEY_ALIAS="alias/${TF_VAR_namespace}-${TF_VAR_stage}-chamber"
+
+# Terraform State Bucket
+ENV TF_BUCKET_REGION="${AWS_REGION}"
+ENV TF_BUCKET="${TF_VAR_namespace}-${TF_VAR_stage}-terraform-state"
+ENV TF_DYNAMODB_TABLE="${TF_VAR_namespace}-${TF_VAR_stage}-terraform-state-lock"
+
+# Default AWS Profile name
+ENV AWS_DEFAULT_PROFILE="${TF_VAR_namespace}-${TF_VAR_stage}-admin"
+
+# Copy root modules
+COPY --from=terraform-root-modules /aws/tfstate-backend/ /conf/tfstate-backend/
+COPY --from=terraform-root-modules /aws/account-dns/ /conf/account-dns/
+COPY --from=terraform-root-modules /aws/acm/ /conf/acm/
+COPY --from=terraform-root-modules /aws/backing-services/ /conf/backing-services/
+COPY --from=terraform-root-modules /aws/chamber/ /conf/chamber/
+COPY --from=terraform-root-modules /aws/cloudtrail/ /conf/cloudtrail/
+COPY --from=terraform-root-modules /aws/kops/ /conf/kops/
+COPY --from=terraform-root-modules /aws/kops-aws-platform/ /conf/kops-aws-platform/
+
+# Filesystem entry for tfstate
+RUN s3 fstab '${TF_BUCKET}' '/' '/secrets/tf'
+
+# kops config
+ENV KUBERNETES_VERSION="1.9.6"
+ENV KOPS_CLUSTER_NAME="us-west-2.dev.cloudposse.co"
+ENV KOPS_DNS_ZONE=${KOPS_CLUSTER_NAME}
+ENV KOPS_STATE_STORE="s3://${TF_VAR_namespace}-${TF_VAR_stage}-kops-state"
+ENV KOPS_STATE_STORE_REGION="us-west-2"
+ENV KOPS_AVAILABILITY_ZONES="us-west-2a,us-west-2b,us-west-2c"
+ENV KOPS_BASTION_PUBLIC_NAME="bastion"
+ENV BASTION_MACHINE_TYPE="t2.medium"
+ENV MASTER_MACHINE_TYPE="t2.medium"
+ENV NODE_MACHINE_TYPE="t2.medium"
+ENV NODE_MAX_SIZE="2"
+ENV NODE_MIN_SIZE="2"
+
+# Generate kops manifest
+RUN build-kops-manifest
+
+WORKDIR /conf/
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2018 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/Makefile b/Makefile
@@ -0,0 +1,33 @@
+export CLUSTER ?= dev.cloudposse.co
+export DOCKER_ORG ?= cloudposse
+export DOCKER_IMAGE ?= $(DOCKER_ORG)/$(CLUSTER)
+export DOCKER_TAG ?= latest
+export DOCKER_IMAGE_NAME ?= $(DOCKER_IMAGE):$(DOCKER_TAG)
+export DOCKER_BUILD_FLAGS = 
+export README_DEPS ?= docs/targets.md docs/terraform.md
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+## Initialize build-harness, install deps, build docker container, install wrapper script and run shell
+all: init deps build install run
+	@exit 0
+
+## Install dependencies (if any)
+deps:
+	@exit 0
+
+## Build docker image
+build:
+	@make --no-print-directory docker/build
+
+## Push docker image to registry
+push:
+	docker push $(DOCKER_IMAGE)
+
+## Install wrapper script from geodesic container
+install:
+	@docker run --rm $(DOCKER_IMAGE_NAME) | sudo bash -s $(DOCKER_TAG)
+
+## Start the geodesic shell by calling wrapper script
+run:
+	$(CLUSTER)
diff --git a/README.md b/README.md
@@ -1,2 +1,144 @@
-# dev.cloudposse.co
-Example Terraform Reference Architecture for Geodesic Module Development Sandbox Organization in AWS.
+<!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+
+[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
+
+# dev.cloudposse.co [![Codefresh Build Status](https://g.codefresh.io/api/badges/build?repoOwner=cloudposse&repoName=dev.cloudposse.co&branch=master&pipelineName=dev.cloudposse.co&accountName=cloudposse&type=cf-1)](https://g.codefresh.io/pipelines/dev.cloudposse.co/builds) [![Latest Release](https://img.shields.io/github/release/cloudposse/dev.cloudposse.co.svg)](https://github.com/cloudposse/dev.cloudposse.co/releases) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
+
+
+Terraform/Kubernetes Reference Infrastructure for Cloud Posse Development Sandbox Organization in AWS.
+
+This account is intended for developers to provision and test their own AWS infrastructure.
+
+__NOTE:__ Before creating the Development infrastructure, you need to provision the [Parent ("Root") Organization](https://github.com/cloudposse/root.cloudposse.co) in AWS (because it creates resources needed for all other accounts). Follow the steps in [README](https://github.com/cloudposse/root.cloudposse.co) first. You need to do it only once.
+
+
+---
+
+This project is part of our comprehensive ["SweetOps"](https://docs.cloudposse.com) approach towards DevOps. 
+
+
+It's 100% Open Source and licensed under the [APACHE2](LICENSE).
+
+
+
+
+
+
+
+
+
+## Introduction
+
+We use [geodesic](https://github.com/cloudposse/geodesic) to define and build world-class cloud infrastructures backed by AWS and powered by Kubernetes.
+
+`geodesic` exposes many tools that can be used to define and provision AWS and Kubernetes resources.
+
+Here is the list of tools we use to provision the `dev.cloudposse.co` infrastructure:
+
+* [aws-vault](https://github.com/99designs/aws-vault)
+* [chamber](https://github.com/segmentio/chamber)
+* [terraform](https://www.terraform.io/)
+
+
+## Quick Start
+
+
+### Setup AWS Role
+
+__NOTE:__ You need to do it only once.
+
+Configure AWS profile in `~/.aws/config`. Make sure to change username (username@cloudposse.com) to your own.
+
+```bash
+[profile cpco-dev-admin]
+region=us-west-2
+role_arn=arn:aws:iam::590638247571:role/OrganizationAccountAccessRole
+mfa_serial=arn:aws:iam::681280261279:mfa/username@cloudposse.com
+source_profile=cpco
+```
+
+### Install and setup aws-vault
+
+__NOTE:__ You need to do it only once.
+
+We use [aws-vault](https://docs.cloudposse.com/tools/aws-vault/) to store IAM credentials in your operating system's secure keystore and then generates temporary credentials from those to expose to your shell and applications.
+
+Install [aws-vault](https://docs.cloudposse.com/tools/aws-vault/) on your local computer first.
+
+On MacOS, you may use `homebrew cask`
+
+```bash
+brew cask install aws-vault
+```
+
+Then setup your secret credentials for AWS in `aws-vault`
+```bash
+aws-vault add --backend file cpco
+```
+
+__NOTE:__ You should set `AWS_VAULT_BACKEND=file` in your shell rc config (e.g. `~/.bashrc`) so it persists.
+
+For more info, see [aws-vault](https://docs.cloudposse.com/tools/aws-vault/)
+
+
+## Examples
+
+### Build Docker Image
+
+```
+# Initialize the project's build-harness
+make init
+
+# Build docker image
+make docker/build
+```
+
+### Install the wrapper shell
+```bash
+make install
+```
+
+### Run the shell
+```bash
+dev.cloudposse.co
+```
+
+### Login to AWS with your MFA device
+```bash
+assume-role
+```
+
+__NOTE:__ Before provisioning AWS resources with Terraform, you need to create `tfstate-backend` first (S3 bucket to store Terraform state and DynamoDB table for state locking).
+
+Follow the steps in this [README](https://github.com/cloudposse/terraform-root-modules/blob/master/aws/tfstate-backend/). You need to do it only once.
+
+After `tfstate-backend` has been provisioned, follow the rest of the instructions in the order shown below.
+
+
+### Provision `dns` with Terraform
+
+Change directory to `dns` folder
+```bash
+cd /conf/dns
+```
+
+Run Terraform
+```bash
+init-terraform
+terraform plan
+terraform apply
+```
+
+For more info, see [geodesic-with-terraform](https://docs.cloudposse.com/geodesic/module/with-terraform/)
+
+### Provision `cloudtrail` with Terraform
+
+```bash
+cd /conf/cloudtrail
+init-terraform
+terraform plan
+terraform apply
+```
+
+
+