From 125ce75b44d1f378080851da9ce5abc5dc4a2649 Mon Sep 17 00:00:00 2001
From: Erik Osterman <erik@cloudposse.com>
Date: Tue, 17 Jul 2018 19:19:52 -0700
Subject: [PATCH] Upgrade readme (#1)

* Upgrade readme

* Add missing files

* Update README.yaml

* Add Dockerfile
---
 .dockerignore     |  18 +++++
 .editorconfig     |  24 +++++++
 .gitignore        |  18 +++--
 Dockerfile        |  63 +++++++++++++++++
 LICENSE           |   2 +-
 Makefile          |  33 +++++++++
 README.md         | 146 +++++++++++++++++++++++++++++++++++++-
 README.yaml       | 177 ++++++++++++++++++++++++++++++++++++++++++++++
 codefresh.yml     |  67 ++++++++++++++++++
 conf/.gitignore   |   0
 docs/targets.md   |  14 ++++
 docs/terraform.md |   1 +
 12 files changed, 553 insertions(+), 10 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 .editorconfig
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100644 README.yaml
 create mode 100644 codefresh.yml
 create mode 100644 conf/.gitignore
 create mode 100644 docs/targets.md
 create mode 100644 docs/terraform.md

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..cdc8107
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,18 @@
+**/.terraform
+.git
+.gitignore
+.editorconfig
+
+# Compiled files
+*.tfstate
+*.tfstate.backup
+.terraform.tfstate.lock.info
+
+# Module directory
+.terraform/
+.idea
+*.iml
+
+# Build Harness
+.build-harness
+build-harness/
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..b37aa4c
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,24 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Override for Makefile
+[{Makefile, makefile, GNUmakefile}]
+indent_style = tab
+indent_size = 4
+
+[Makefile.*]
+indent_style = tab
+indent_size = 4
+
+[shell]
+indent_style = tab
+indent_size = 4
+
+[*.sh]
+indent_style = tab
+indent_size = 4
diff --git a/.gitignore b/.gitignore
index 1fef4ab..d56c5b6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,13 @@
-#  Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
+# Compiled files
 *.tfstate
-*.tfstate.*
+*.tfstate.backup
+.terraform.tfstate.lock.info
+
+# Module directory
+.terraform/
+.idea
+*.iml
 
-# .tfvars files
-*.tfvars
+# Build Harness
+.build-harness
+build-harness/
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..47fb9d2
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,63 @@
+FROM cloudposse/terraform-root-modules:0.4.7 as terraform-root-modules
+
+FROM cloudposse/geodesic:0.11.6
+
+ENV DOCKER_IMAGE="cloudposse/dev.cloudposse.co"
+ENV DOCKER_TAG="latest"
+
+# Geodesic banner
+ENV BANNER="dev.cloudposse.co"
+
+# AWS Region
+ENV AWS_REGION="us-west-2"
+
+# Terraform vars
+ENV TF_VAR_region="${AWS_REGION}"
+ENV TF_VAR_account_id="838456590850"
+ENV TF_VAR_namespace="cpco"
+ENV TF_VAR_stage="dev"
+ENV TF_VAR_domain_name="dev.cloudposse.co"
+ENV TF_VAR_zone_name="dev.cloudposse.co."
+
+# chamber KMS config
+ENV CHAMBER_KMS_KEY_ALIAS="alias/${TF_VAR_namespace}-${TF_VAR_stage}-chamber"
+
+# Terraform State Bucket
+ENV TF_BUCKET_REGION="${AWS_REGION}"
+ENV TF_BUCKET="${TF_VAR_namespace}-${TF_VAR_stage}-terraform-state"
+ENV TF_DYNAMODB_TABLE="${TF_VAR_namespace}-${TF_VAR_stage}-terraform-state-lock"
+
+# Default AWS Profile name
+ENV AWS_DEFAULT_PROFILE="${TF_VAR_namespace}-${TF_VAR_stage}-admin"
+
+# Copy root modules
+COPY --from=terraform-root-modules /aws/tfstate-backend/ /conf/tfstate-backend/
+COPY --from=terraform-root-modules /aws/account-dns/ /conf/account-dns/
+COPY --from=terraform-root-modules /aws/acm/ /conf/acm/
+COPY --from=terraform-root-modules /aws/backing-services/ /conf/backing-services/
+COPY --from=terraform-root-modules /aws/chamber/ /conf/chamber/
+COPY --from=terraform-root-modules /aws/cloudtrail/ /conf/cloudtrail/
+COPY --from=terraform-root-modules /aws/kops/ /conf/kops/
+COPY --from=terraform-root-modules /aws/kops-aws-platform/ /conf/kops-aws-platform/
+
+# Filesystem entry for tfstate
+RUN s3 fstab '${TF_BUCKET}' '/' '/secrets/tf'
+
+# kops config
+ENV KUBERNETES_VERSION="1.9.6"
+ENV KOPS_CLUSTER_NAME="us-west-2.dev.cloudposse.co"
+ENV KOPS_DNS_ZONE=${KOPS_CLUSTER_NAME}
+ENV KOPS_STATE_STORE="s3://${TF_VAR_namespace}-${TF_VAR_stage}-kops-state"
+ENV KOPS_STATE_STORE_REGION="us-west-2"
+ENV KOPS_AVAILABILITY_ZONES="us-west-2a,us-west-2b,us-west-2c"
+ENV KOPS_BASTION_PUBLIC_NAME="bastion"
+ENV BASTION_MACHINE_TYPE="t2.medium"
+ENV MASTER_MACHINE_TYPE="t2.medium"
+ENV NODE_MACHINE_TYPE="t2.medium"
+ENV NODE_MAX_SIZE="2"
+ENV NODE_MIN_SIZE="2"
+
+# Generate kops manifest
+RUN build-kops-manifest
+
+WORKDIR /conf/
diff --git a/LICENSE b/LICENSE
index 261eeb9..c37833f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2018 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..0ec7904
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,33 @@
+export CLUSTER ?= dev.cloudposse.co
+export DOCKER_ORG ?= cloudposse
+export DOCKER_IMAGE ?= $(DOCKER_ORG)/$(CLUSTER)
+export DOCKER_TAG ?= latest
+export DOCKER_IMAGE_NAME ?= $(DOCKER_IMAGE):$(DOCKER_TAG)
+export DOCKER_BUILD_FLAGS = 
+export README_DEPS ?= docs/targets.md docs/terraform.md
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+## Initialize build-harness, install deps, build docker container, install wrapper script and run shell
+all: init deps build install run
+	@exit 0
+
+## Install dependencies (if any)
+deps:
+	@exit 0
+
+## Build docker image
+build:
+	@make --no-print-directory docker/build
+
+## Push docker image to registry
+push:
+	docker push $(DOCKER_IMAGE)
+
+## Install wrapper script from geodesic container
+install:
+	@docker run --rm $(DOCKER_IMAGE_NAME) | sudo bash -s $(DOCKER_TAG)
+
+## Start the geodesic shell by calling wrapper script
+run:
+	$(CLUSTER)
diff --git a/README.md b/README.md
index f16a0a8..7c3e17f 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,144 @@
-# dev.cloudposse.co
-Example Terraform Reference Architecture for Geodesic Module Development Sandbox Organization in AWS.
+<!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+
+[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
+
+# dev.cloudposse.co [![Codefresh Build Status](https://g.codefresh.io/api/badges/build?repoOwner=cloudposse&repoName=dev.cloudposse.co&branch=master&pipelineName=dev.cloudposse.co&accountName=cloudposse&type=cf-1)](https://g.codefresh.io/pipelines/dev.cloudposse.co/builds) [![Latest Release](https://img.shields.io/github/release/cloudposse/dev.cloudposse.co.svg)](https://github.com/cloudposse/dev.cloudposse.co/releases) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
+
+
+Terraform/Kubernetes Reference Infrastructure for Cloud Posse Development Sandbox Organization in AWS.
+
+This account is intended for developers to provision and test their own AWS infrastructure.
+
+__NOTE:__ Before creating the Development infrastructure, you need to provision the [Parent ("Root") Organization](https://github.com/cloudposse/root.cloudposse.co) in AWS (because it creates resources needed for all other accounts). Follow the steps in [README](https://github.com/cloudposse/root.cloudposse.co) first. You need to do it only once.
+
+
+---
+
+This project is part of our comprehensive ["SweetOps"](https://docs.cloudposse.com) approach towards DevOps. 
+
+
+It's 100% Open Source and licensed under the [APACHE2](LICENSE).
+
+
+
+
+
+
+
+
+
+## Introduction
+
+We use [geodesic](https://github.com/cloudposse/geodesic) to define and build world-class cloud infrastructures backed by AWS and powered by Kubernetes.
+
+`geodesic` exposes many tools that can be used to define and provision AWS and Kubernetes resources.
+
+Here is the list of tools we use to provision the `dev.cloudposse.co` infrastructure:
+
+* [aws-vault](https://github.com/99designs/aws-vault)
+* [chamber](https://github.com/segmentio/chamber)
+* [terraform](https://www.terraform.io/)
+
+
+## Quick Start
+
+
+### Setup AWS Role
+
+__NOTE:__ You need to do it only once.
+
+Configure AWS profile in `~/.aws/config`. Make sure to change username (username@cloudposse.com) to your own.
+
+```bash
+[profile cpco-dev-admin]
+region=us-west-2
+role_arn=arn:aws:iam::590638247571:role/OrganizationAccountAccessRole
+mfa_serial=arn:aws:iam::681280261279:mfa/username@cloudposse.com
+source_profile=cpco
+```
+
+### Install and setup aws-vault
+
+__NOTE:__ You need to do it only once.
+
+We use [aws-vault](https://docs.cloudposse.com/tools/aws-vault/) to store IAM credentials in your operating system's secure keystore and then generates temporary credentials from those to expose to your shell and applications.
+
+Install [aws-vault](https://docs.cloudposse.com/tools/aws-vault/) on your local computer first.
+
+On MacOS, you may use `homebrew cask`
+
+```bash
+brew cask install aws-vault
+```
+
+Then setup your secret credentials for AWS in `aws-vault`
+```bash
+aws-vault add --backend file cpco
+```
+
+__NOTE:__ You should set `AWS_VAULT_BACKEND=file` in your shell rc config (e.g. `~/.bashrc`) so it persists.
+
+For more info, see [aws-vault](https://docs.cloudposse.com/tools/aws-vault/)
+
+
+## Examples
+
+### Build Docker Image
+
+```
+# Initialize the project's build-harness
+make init
+
+# Build docker image
+make docker/build
+```
+
+### Install the wrapper shell
+```bash
+make install
+```
+
+### Run the shell
+```bash
+dev.cloudposse.co
+```
+
+### Login to AWS with your MFA device
+```bash
+assume-role
+```
+
+__NOTE:__ Before provisioning AWS resources with Terraform, you need to create `tfstate-backend` first (S3 bucket to store Terraform state and DynamoDB table for state locking).
+
+Follow the steps in this [README](https://github.com/cloudposse/terraform-root-modules/blob/master/aws/tfstate-backend/). You need to do it only once.
+
+After `tfstate-backend` has been provisioned, follow the rest of the instructions in the order shown below.
+
+
+### Provision `dns` with Terraform
+
+Change directory to `dns` folder
+```bash
+cd /conf/dns
+```
+
+Run Terraform
+```bash
+init-terraform
+terraform plan
+terraform apply
+```
+
+For more info, see [geodesic-with-terraform](https://docs.cloudposse.com/geodesic/module/with-terraform/)
+
+### Provision `cloudtrail` with Terraform
+
+```bash
+cd /conf/cloudtrail
+init-terraform
+terraform plan
+terraform apply
+```
+
+
+
diff --git a/README.yaml b/README.yaml
new file mode 100644
index 0000000..c31b280
--- /dev/null
+++ b/README.yaml
@@ -0,0 +1,177 @@
+name: "dev.cloudposse.co"
+
+# Canonical GitHub repo
+github_repo: "cloudposse/dev.cloudposse.co"
+
+# License of this project
+license: "APACHE2"
+
+# Badges to display
+badges:
+  - name: "Codefresh Build Status"
+    image: "https://g.codefresh.io/api/badges/build?repoOwner=cloudposse&repoName=dev.cloudposse.co&branch=master&pipelineName=dev.cloudposse.co&accountName=cloudposse&type=cf-1"
+    url: "https://g.codefresh.io/pipelines/dev.cloudposse.co/builds"
+  - name: "Latest Release"
+    image: "https://img.shields.io/github/release/cloudposse/dev.cloudposse.co.svg"
+    url: "https://github.com/cloudposse/dev.cloudposse.co/releases"
+  - name: "Slack Community"
+    image: "https://slack.cloudposse.com/badge.svg"
+    url: "https://slack.cloudposse.com"
+
+description: |-
+  Terraform/Kubernetes Reference Infrastructure for Cloud Posse Development Sandbox Organization in AWS.
+
+  This account is intended for developers to provision and test their own AWS infrastructure.
+
+  __NOTE:__ Before creating the Development infrastructure, you need to provision the [Parent ("Root") Organization](https://github.com/cloudposse/root.cloudposse.co) in AWS (because it creates resources needed for all other accounts). Follow the steps in [README](https://github.com/cloudposse/root.cloudposse.co) first. You need to do it only once.
+
+introduction: |-
+  We use [geodesic](https://github.com/cloudposse/geodesic) to define and build world-class cloud infrastructures backed by AWS and powered by Kubernetes.
+
+  `geodesic` exposes many tools that can be used to define and provision AWS and Kubernetes resources.
+
+  Here is the list of tools we use to provision the `dev.cloudposse.co` infrastructure:
+
+  * [aws-vault](https://github.com/99designs/aws-vault)
+  * [chamber](https://github.com/segmentio/chamber)
+  * [terraform](https://www.terraform.io/)
+
+include:
+  - "docs/terraform.md"
+  - "docs/targets.md"
+
+quickstart: |-
+
+  ### Setup AWS Role
+
+  __NOTE:__ You need to do it only once.
+
+  Configure AWS profile in `~/.aws/config`. Make sure to change username (username@cloudposse.com) to your own.
+
+  ```bash
+  [profile cpco-dev-admin]
+  region=us-west-2
+  role_arn=arn:aws:iam::590638247571:role/OrganizationAccountAccessRole
+  mfa_serial=arn:aws:iam::681280261279:mfa/username@cloudposse.com
+  source_profile=cpco
+  ```
+
+  ### Install and setup aws-vault
+
+  __NOTE:__ You need to do it only once.
+
+  We use [aws-vault](https://docs.cloudposse.com/tools/aws-vault/) to store IAM credentials in your operating system's secure keystore and then generates temporary credentials from those to expose to your shell and applications.
+
+  Install [aws-vault](https://docs.cloudposse.com/tools/aws-vault/) on your local computer first.
+
+  On MacOS, you may use `homebrew cask`
+
+  ```bash
+  brew cask install aws-vault
+  ```
+
+  Then setup your secret credentials for AWS in `aws-vault`
+  ```bash
+  aws-vault add --backend file cpco
+  ```
+
+  __NOTE:__ You should set `AWS_VAULT_BACKEND=file` in your shell rc config (e.g. `~/.bashrc`) so it persists.
+
+  For more info, see [aws-vault](https://docs.cloudposse.com/tools/aws-vault/)
+
+
+examples: |-
+  ### Build Docker Image
+  
+  ```
+  # Initialize the project's build-harness
+  make init
+
+  # Build docker image
+  make docker/build
+  ```
+
+  ### Install the wrapper shell
+  ```bash
+  make install
+  ```
+
+  ### Run the shell
+  ```bash
+  dev.cloudposse.co
+  ```
+
+  ### Login to AWS with your MFA device
+  ```bash
+  assume-role
+  ```
+
+  __NOTE:__ Before provisioning AWS resources with Terraform, you need to create `tfstate-backend` first (S3 bucket to store Terraform state and DynamoDB table for state locking).
+
+  Follow the steps in this [README](https://github.com/cloudposse/terraform-root-modules/blob/master/aws/tfstate-backend/). You need to do it only once.
+
+  After `tfstate-backend` has been provisioned, follow the rest of the instructions in the order shown below.
+
+
+  ### Provision `dns` with Terraform
+
+  Change directory to `dns` folder
+  ```bash
+  cd /conf/dns
+  ```
+
+  Run Terraform
+  ```bash
+  init-terraform
+  terraform plan
+  terraform apply
+  ```
+
+  For more info, see [geodesic-with-terraform](https://docs.cloudposse.com/geodesic/module/with-terraform/)
+
+  ### Provision `cloudtrail` with Terraform
+
+  ```bash
+  cd /conf/cloudtrail
+  init-terraform
+  terraform plan
+  terraform apply
+  ```
+
+related:
+  - name: "Packages"
+    description: "Cloud Posse installer and distribution of native apps"
+    url: "https://github.com/cloudposse/packages"
+
+  - name: "Build Harness"
+    description: "Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more"
+    url: "https://github.com/cloudposse/dev"
+
+  - name: "terraform-root-modules"
+    description: "Collection of Terraform \"root module\" invocations for provisioning reference architectures"
+    url: "https://github.com/cloudposse/terraform-root-modules"
+
+  - name: "root.cloudposse.co"
+    description: "Example Terraform Reference Architecture of a Geodesic Module for a Parent (\"Root\") Organization in AWS."
+    url: "https://github.com/cloudposse/root.cloudposse.co"
+
+  - name: "audit.cloudposse.co"
+    description: "Example Terraform Reference Architecture of a Geodesic Module for an Audit Logs Organization in AWS."
+    url: "https://github.com/cloudposse/audit.cloudposse.co"
+
+  - name: "prod.cloudposse.co"
+    description: "Example Terraform Reference Architecture of a Geodesic Module for a Production Organization in AWS."
+    url: "https://github.com/cloudposse/prod.cloudposse.co"
+
+  - name: "staging.cloudposse.co"
+    description: "Example Terraform Reference Architecture of a Geodesic Module for a Staging Organization in AWS."
+    url: "https://github.com/cloudposse/staging.cloudposse.co"
+
+  - name: "testing.cloudposse.co"
+    description: "Example Terraform Reference Architecture of a Geodesic Module for a Testing Organization in AWS."
+    url: "https://github.com/cloudposse/testing.cloudposse.co"
+
+references:
+  - name: "Cloud Posse Documentation"
+    description: "Complete documentation for the Cloud Posse solution"
+    url: "https://docs.cloudposse.com"
diff --git a/codefresh.yml b/codefresh.yml
new file mode 100644
index 0000000..5171da7
--- /dev/null
+++ b/codefresh.yml
@@ -0,0 +1,67 @@
+# Build a service with environment variables
+version: '1.0'
+
+steps:
+  init_variables:
+    title: Init variables
+    image: alpine
+    commands:
+      - cf_export BUILD_HARNESS_VERSION=0.6.12
+      - cf_export GIT_BRANCH=${{CF_BRANCH}}
+
+  build_image:
+    title: Build image
+    type: build
+    description: Build geodesic module
+    image-name: dev.cloudposse.co
+    dockerfile: Dockerfile
+
+  semver:
+    title: Export semantic version
+    image: cloudposse/build-harness:${{BUILD_HARNESS_VERSION}}
+    working_directory: ${{build_image}}
+    commands:
+      - make git/show
+      - make semver/show
+      - make semver/export >> ${{CF_VOLUME_PATH}}/env_vars_to_export
+
+  push_image_commit:
+    title: Push image with commit based semver tags
+    type: push
+    candidate: ${{build_image}}
+    tags:
+      - "${{SEMVERSION_COMMIT_SHORT}}"
+      - "${{SEMVERSION_COMMIT}}"
+
+  push_image_branch:
+    title: Push image with branch based semver tags
+    type: push
+    candidate: ${{build_image}}
+    tags:
+      - "${{SEMVERSION_BRANCH}}"
+      - "${{SEMVERSION_BRANCH_COMMIT_SHORT}}"
+      - "${{SEMVERSION_BRANCH_COMMIT}}"
+    when:
+      condition:
+        all:
+          executeForBranch: "'${{SEMVERSION_BRANCH}}' != ''"
+
+  push_image_tag:
+    title: Push image with tag based semver tags
+    type: push
+    candidate: ${{build_image}}
+    tag: "${{SEMVERSION_TAG}}"
+    when:
+      condition:
+        all:
+          executeForTag: "'${{SEMVERSION_TAG}}' != ''"
+
+  push_image_latest:
+    title: Push image with latest tag
+    type: push
+    candidate: ${{build_image}}
+    tag: latest
+    when:
+      condition:
+        all:
+          executeForMasterBranch: "'${{CF_BRANCH}}' == 'master'"
diff --git a/conf/.gitignore b/conf/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/docs/targets.md b/docs/targets.md
new file mode 100644
index 0000000..bb19f44
--- /dev/null
+++ b/docs/targets.md
@@ -0,0 +1,14 @@
+## Makefile Targets
+```
+Available targets:
+
+  all                                 Initialize build-harness, install deps, build docker container, install wrapper script and run shell
+  build                               Build docker image
+  deps                                Install dependencies (if any)
+  help                                This help screen
+  help/all                            Display help for all targets
+  install                             Install wrapper script from geodesic container
+  push                                Push docker image to registry
+  run                                 Start the geodesic shell by calling wrapper script
+
+```
diff --git a/docs/terraform.md b/docs/terraform.md
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/docs/terraform.md
@@ -0,0 +1 @@
+