Add projects config. Add CLI config. Add vendir config

.dockerignore

@@ -15,3 +15,5 @@
 
 **/.build-harness
 **/build-harness
+
+*.lock.*

.gitignore

@@ -9,3 +9,4 @@ build-harness
 *.tfstate.backup
 .idea
 *.iml
+*.lock.*

Dockerfile

@@ -1,4 +1,31 @@
-FROM cloudposse/geodesic:0.132.1
+ARG CLI_NAME=atmos
+
+FROM cloudposse/geodesic:0.137.0 as cli
+
+RUN apk add -u go variant2@cloudposse
+
+# Configure Go
+ENV GOROOT /usr/lib/go
+ENV GOPATH /go
+ENV PATH /go/bin:$PATH
+
+# Build a minimal variant binary in order to download all the required libraries and save them in a Docker layer cache
+COPY cli/build-cache /tmp
+WORKDIR /tmp/build-cache
+RUN variant2 export binary $PWD variant-echo
+
+# Build the CLI
+WORKDIR /usr/cli
+COPY cli/ .
+ARG CGO_ENABLED=1
+ARG CLI_NAME
+RUN variant2 export binary $PWD $CLI_NAME
+
+# Verify the CLI
+RUN ./"$CLI_NAME" help
+
+
+FROM cloudposse/geodesic:0.137.0
 
 # Geodesic message of the Day
 ENV MOTD_URL="https://geodesic.sh/motd"
@@ -11,39 +38,47 @@ ENV DIRENV_ENABLED=false
 
 ENV DOCKER_IMAGE="cloudposse/reference-architectures"
 ENV DOCKER_TAG="latest"
-ENV NAMESPACE="eg"
 
 # Geodesic banner message
 ENV BANNER="sweet ops"
 
-# Pin kubectl to version 1.15
-RUN apk add kubectl-1.15@cloudposse
+# Enable advanced AWS assume role chaining for tools using AWS SDK
+# https://docs.aws.amazon.com/sdk-for-go/api/aws/session/
+ENV AWS_SDK_LOAD_CONFIG=1
+ENV AWS_DEFAULT_REGION=us-east-2
 
-# Install terraform
-RUN apk add terraform@cloudposse
+# Pin kubectl to version 1.17 (must be within 1 minor version of cluster version)
+RUN apk add kubectl-1.17@cloudposse
 
-# Install helmfile
-RUN apk add helmfile@cloudposse
+# Install terraform
+# Install the latest 0.12 and 0.13 versions of terraform
+RUN apk add -u terraform-0.12@cloudposse terraform-0.13@cloudposse~=0.13.3
+# Set Terraform 0.12.x as the default `terraform`. You can still use
+# `terraform-0.12` or `terraform-0.13` to be explicit when needed.
+RUN update-alternatives --set terraform /usr/share/terraform/0.12/bin/terraform
 
-# Install saml2aws
 # https://github.com/Versent/saml2aws#linux
 RUN apk add saml2aws@cloudposse
 
 # Install assume-role
 RUN apk add assume-role@cloudposse
 
-# Install variant2 overwriting variant
-RUN apk add variant2@cloudposse
-
 # Install the "docker" command to interact with the host's Docker daemon
 RUN apk add -u docker-cli
 
-# Limit Makefile searches set up by Geodesic
-# Allow a single Makefile to serve all child directories
-ENV MAKE_INCLUDES="Makefile.settings ../Makefile.parent Makefile"
+# Install vendir
+RUN apk add vendir@cloudposse
 
-COPY rootfs/ /
+# Install variant2
+RUN apk add variant2@cloudposse
+RUN update-alternatives --set variant /usr/share/variant/2/bin/variant
 
-COPY projects/ /projects/
+# Install CLI
+ARG CLI_NAME
+COPY --from=cli /usr/cli/$CLI_NAME /usr/local/bin
+
+COPY rootfs/ /
+COPY config/ /config/
+COPY vendir.yml /vendir.yml
 
-WORKDIR /projects/
+WORKDIR /

cli/build-cache/build-cache.variant

@@ -0,0 +1,19 @@
+#!/usr/bin/env variant
+# vim: filetype=hcl
+
+# Minimal variant project for creating a build cache to speed up Docker build
+
+job "echo" {
+  description = "Echoes message to the console"
+  private     = true
+
+  parameter "message" {
+    description = "A message to output"
+    type        = string
+  }
+
+  exec {
+    command = "echo"
+    args    = [param.message]
+  }
+}

cli/main.variant

@@ -0,0 +1,60 @@
+#!/usr/bin/env variant
+# vim: filetype=hcl
+
+option "region" {
+  default     = "us-east-2"
+  description = "AWS region"
+  type        = string
+}
+
+option "dry-run" {
+  default     = false
+  description = "Disable execution of any commands and echo the commands instead"
+  type        = bool
+}
+
+option "kubeconfig-path" {
+  default     = "/dev/shm"
+  description = "folder to save kubeconfig"
+  type        = string
+}
+
+option "kubeconfig-profile-pattern" {
+  default     = "$$namespace-$$environment-$$stage-helm"
+  description = "AWS profile pattern for kubeconfig"
+  type        = string
+}
+
+option "cluster-name-pattern" {
+  default     = "$$namespace-$$environment-$$stage-eks-cluster"
+  description = "Cluster name pattern"
+  type        = string
+}
+
+option "project-dir" {
+  default     = "./components/terraform"
+  description = "Terraform components directory"
+  type        = string
+}
+
+option "helmfile-dir" {
+  default     = "./components/helmfiles"
+  description = "Helmfile components directory"
+  type        = string
+}
+
+option "config-dir" {
+  default     = "./config"
+  description = "Config directory"
+  type        = string
+}
+
+imports = [
+  "git::https://git@github.com/cloudposse/atmos@modules/shell?ref=tags/0.2.1",
+  "git::https://git@github.com/cloudposse/atmos@modules/kubeconfig?ref=tags/0.2.1",
+  "git::https://git@github.com/cloudposse/atmos@modules/terraform?ref=tags/0.2.1",
+  "git::https://git@github.com/cloudposse/atmos@modules/helmfile?ref=tags/0.2.1",
+  "git::https://git@github.com/cloudposse/atmos@modules/helm?ref=tags/0.2.1",
+  "git::https://git@github.com/cloudposse/atmos@modules/workflow?ref=tags/0.2.1",
+  "git::https://git@github.com/cloudposse/atmos@modules/istio?ref=tags/0.2.1"
+]

config/ue2-dev.yaml

@@ -0,0 +1,28 @@
+projects:
+  globals:
+    stage: dev
+
+  terraform:
+    vpc:
+      vars:
+        cidr_block: "10.100.0.0/18"
+        # ...
+
+    eks:
+      command: "/usr/bin/terraform-0.13"
+      vars:
+        cluster_kubernetes_version: "1.17"
+        # ...
+
+  helmfile:
+    ingress-nginx:
+      vars:
+        installed: true
+
+workflows:
+  deploy-all:
+    description: Deploy 'eks' terraform project and helmfiles
+    steps:
+      - job: terraform deploy vpc
+      - job: terraform deploy eks
+      - job: helmfile deploy ingress-nginx

config/ue2-globals.yaml

@@ -0,0 +1,3 @@
+namespace: eg
+region: us-east-2
+environment: ue2

config/ue2-prod.yaml

@@ -0,0 +1,20 @@
+projects:
+  globals:
+    stage: prod
+
+  terraform:
+    vpc:
+      vars:
+        cidr_block: "10.102.0.0/18"
+        # ...
+
+    eks:
+      command: "/usr/bin/terraform-0.13"
+      vars:
+        cluster_kubernetes_version: "1.17"
+        # ...
+
+  helmfile:
+    ingress-nginx:
+      vars:
+        installed: true

config/ue2-staging.yaml

@@ -0,0 +1,20 @@
+projects:
+  globals:
+    stage: staging
+
+  terraform:
+    vpc:
+      vars:
+        cidr_block: "10.104.0.0/18"
+        # ...
+
+    eks:
+      command: "/usr/bin/terraform-0.13"
+      vars:
+        cluster_kubernetes_version: "1.17"
+        # ...
+
+  helmfile:
+    ingress-nginx:
+      vars:
+        installed: true

config/uw2-dev.yaml

@@ -0,0 +1,28 @@
+projects:
+  globals:
+    stage: dev
+
+  terraform:
+    vpc:
+      vars:
+        cidr_block: "10.100.0.0/18"
+        # ...
+
+    eks:
+      command: "/usr/bin/terraform-0.13"
+      vars:
+        cluster_kubernetes_version: "1.17"
+        # ...
+
+  helmfile:
+    ingress-nginx:
+      vars:
+        installed: true
+
+workflows:
+  deploy-all:
+    description: Deploy 'eks' terraform project and helmfiles
+    steps:
+      - job: terraform deploy vpc
+      - job: terraform deploy eks
+      - job: helmfile deploy ingress-nginx

config/uw2-globals.yaml

@@ -0,0 +1,3 @@
+namespace: eg
+region: us-west-2
+environment: uw2

config/uw2-prod.yaml

@@ -0,0 +1,20 @@
+projects:
+  globals:
+    stage: prod
+
+  terraform:
+    vpc:
+      vars:
+        cidr_block: "10.102.0.0/18"
+        # ...
+
+    eks:
+      command: "/usr/bin/terraform-0.13"
+      vars:
+        cluster_kubernetes_version: "1.17"
+        # ...
+
+  helmfile:
+    ingress-nginx:
+      vars:
+        installed: true

config/uw2-staging.yaml

@@ -0,0 +1,20 @@
+projects:
+  globals:
+    stage: staging
+
+  terraform:
+    vpc:
+      vars:
+        cidr_block: "10.104.0.0/18"
+        # ...
+
+    eks:
+      command: "/usr/bin/terraform-0.13"
+      vars:
+        cluster_kubernetes_version: "1.17"
+        # ...
+
+  helmfile:
+    ingress-nginx:
+      vars:
+        installed: true

config/workflows-ue2.yaml

@@ -0,0 +1,38 @@
+workflows:
+  deploy-all:
+    description: Deploy terraform project and helmfiles to specified environment and stage (provided as command-line arguments)
+    steps:
+      - job: terraform deploy vpc
+      - job: terraform deploy eks
+      - job: helmfile deploy ingress-nginx
+
+  plan-all:
+    description: Run 'terraform plan' and 'helmfile diff' on all projects for all environments/stages
+    steps:
+      - job: terraform plan vpc
+        environment: ue2
+        stage: dev
+      - job: terraform plan eks
+        environment: ue2
+        stage: dev
+      - job: helmfile diff ingress-nginx
+        environment: ue2
+        stage: dev
+      - job: terraform plan vpc
+        environment: ue2
+        stage: staging
+      - job: terraform plan eks
+        environment: ue2
+        stage: staging
+      - job: helmfile diff ingress-nginx
+        environment: ue2
+        stage: staging
+      - job: terraform plan vpc
+        environment: ue2
+        stage: prod
+      - job: terraform plan eks
+        environment: ue2
+        stage: prod
+      - job: helmfile diff ingress-nginx
+        environment: ue2
+        stage: prod