From 27215e554920905f0bb283bc1607c0e522669e20 Mon Sep 17 00:00:00 2001 From: Tega McKinney Date: Fri, 10 May 2019 16:18:33 -0400 Subject: [PATCH 1/3] Update gitignore to protect some root keys --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 4c250ab..15a2939 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ build-harness *.tfstate.backup .idea *.iml +.access-keys.txt \ No newline at end of file From 8e480935ccb99836a25d4571163522749cd9da70 Mon Sep 17 00:00:00 2001 From: Tega McKinney Date: Mon, 10 Jun 2019 14:24:22 -0400 Subject: [PATCH 2/3] Configs for building initial FD environment --- configs/corp.tfvars | 27 +++++++++++++++------------ configs/root.tfvars | 34 ++++++++++++++++++---------------- 2 files changed, 33 insertions(+), 28 deletions(-) diff --git a/configs/corp.tfvars b/configs/corp.tfvars index 3ccb187..f69f9a9 100644 --- a/configs/corp.tfvars +++ b/configs/corp.tfvars @@ -29,24 +29,27 @@ templates = [ "conf/cloudtrail/.envrc", "conf/cloudtrail/Makefile.tasks", "conf/cloudtrail/terraform.envrc", - "conf/kops/.envrc", - "conf/kops/Makefile.tasks", - "conf/kops/kops.envrc", - "conf/kops/terraform.envrc", - "conf/kops/terraform.tfvars", - "docs/kops.md", - "conf/kops-aws-platform/.envrc", - "conf/kops-aws-platform/Makefile.tasks", - "conf/kops-aws-platform/terraform.envrc", - "conf/kops-aws-platform/terraform.tfvars", ] +# "conf/kops/.envrc", +# "conf/kops/Makefile.tasks", +# "conf/kops/kops.envrc", +# "conf/kops/terraform.envrc", +# "conf/kops/terraform.tfvars", +# "docs/kops.md", +# "conf/kops-aws-platform/.envrc", +# "conf/kops-aws-platform/Makefile.tasks", +# "conf/kops-aws-platform/terraform.envrc", +# "conf/kops-aws-platform/terraform.tfvars", + # List of terraform root modules to enable terraform_root_modules = [ "aws/tfstate-backend", "aws/account-dns", "aws/chamber", - "aws/kops", - "aws/kops-aws-platform", "aws/cloudtrail", ] + +# "aws/kops", +# "aws/kops-aws-platform", + diff --git a/configs/root.tfvars b/configs/root.tfvars index b7a7019..3ca8c36 100644 --- a/configs/root.tfvars +++ b/configs/root.tfvars @@ -1,27 +1,28 @@ # This is a terraform configuration file # The "apex" service discovery domain for *all* infrastructure -domain = "test.co" +domain = "flexdriveplatforms.com" # The global namespace that should be shared by all accounts -namespace = "test" +namespace = "fdpfm" # The default region for this account -aws_region = "us-west-2" +aws_region = "us-east-1" # Network CIDR of Organization -org_network_cidr = "10.0.0.0/8" -org_network_offset = 100 -org_network_newbits = 8 # /8 + /8 = /16 +org_network_cidr = "10.0.0.0/8" + +org_network_offset = 100 + +org_network_newbits = 8 # /8 + /8 = /16 # Pod IP address space (must not overlap with org_network_cidr) # 100.64.0.0/10 is the default used by kops, even though it is technically reserved for carrier-grade NAT # See https://github.com/cloudposse/docs/issues/455 kops_non_masquerade_cidr = "100.64.0.0/10" - # The docker registry that will be used for the images built (nothing will get pushed) -docker_registry = "cloudposse" +docker_registry = "flexdrive" # The templates to use for this account templates = [ @@ -68,26 +69,27 @@ templates = [ "conf/users/.envrc", "conf/users/Makefile.tasks", "conf/users/terraform.envrc", - "conf/users/terraform.tfvars" + "conf/users/terraform.tfvars", ] # Account email address format (e.g. `ops+%s@example.co`). This is not easily changed later. -account_email = "ops+%s@test.co" +account_email = "awsadmins+%s@flexdrive.com" # List of accounts to enable accounts_enabled = [ - "dev", - "staging", - "prod", - "testing", - "data", "corp", "audit", ] +# "dev", +# "staging", +# "prod", +# "testing", +# "data", + # Administrator IAM usernames mapped to their keybase usernames for password encryption users = { -# "erik@cloudposse.com" = "osterman" + "tega.mckinney@flexdrive.com" = "tegamckinney" } # Geodesic Base Image (don't change this unless you know what you're doing) From c8a5ff367e7d433c5c08f531e8c25d72ad51d80a Mon Sep 17 00:00:00 2001 From: Tega McKinney Date: Tue, 29 Oct 2019 16:03:13 -0400 Subject: [PATCH 3/3] Update kops topology template for F1 resources --- .../kops/kops-private-topology.yaml.gotmpl | 92 ++++++++++++++++++- 1 file changed, 90 insertions(+), 2 deletions(-) diff --git a/templates/kops/kops-private-topology.yaml.gotmpl b/templates/kops/kops-private-topology.yaml.gotmpl index e1b2c7e..4d0667b 100644 --- a/templates/kops/kops-private-topology.yaml.gotmpl +++ b/templates/kops/kops-private-topology.yaml.gotmpl @@ -340,7 +340,95 @@ spec: - {{ . }} {{- end }} -{{- if getenv "NODE_MAX_SIZE_PER_AZ" }} +--- +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + labels: + kops.k8s.io/cluster: {{ getenv "KOPS_CLUSTER_NAME" }} + name: staging +spec: + detailedInstanceMonitoring: {{ getenv "KOPS_CLOUDWATCH_DETAILED_MONITORING" "false" }} + associatePublicIp: false + {{- if bool (getenv "KOPS_CLUSTER_AUTOSCALER_ENABLED" "false") }} + cloudLabels: + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/{{ getenv "KOPS_CLUSTER_NAME" }}: "owned" + {{- end }} + nodeLabels: + instanceGroup: staging + image: {{ getenv "KOPS_BASE_IMAGE" }} + machineType: {{ getenv "NODE_MACHINE_TYPE" }} + maxSize: {{ getenv "NODE_MAX_SIZE" }} + minSize: {{ getenv "NODE_MIN_SIZE" }} + role: Node + subnets: + {{- range (getenv "KOPS_NODES_AVAILABILITY_ZONES" ( getenv "KOPS_AVAILABILITY_ZONES" ) | strings.Split ",") }} + - {{ . }} + {{- end }} + +--- +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + labels: + kops.k8s.io/cluster: {{ getenv "KOPS_CLUSTER_NAME" }} + name: prod +spec: + detailedInstanceMonitoring: {{ getenv "KOPS_CLOUDWATCH_DETAILED_MONITORING" "false" }} + associatePublicIp: false + {{- if bool (getenv "KOPS_CLUSTER_AUTOSCALER_ENABLED" "false") }} + cloudLabels: + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/{{ getenv "KOPS_CLUSTER_NAME" }}: "owned" + {{- end }} + nodeLabels: + instanceGroup: prod + node-role.flexdrive.io/prod: "" + taints: + - node-role.flexdrive.io=prod:NoSchedule + image: {{ getenv "KOPS_BASE_IMAGE" }} + machineType: {{ getenv "NODE_MACHINE_TYPE" }} + maxSize: {{ getenv "NODE_MAX_SIZE" }} + minSize: {{ getenv "NODE_MIN_SIZE" }} + role: Node + subnets: + {{- range (getenv "KOPS_NODES_AVAILABILITY_ZONES" ( getenv "KOPS_AVAILABILITY_ZONES" ) | strings.Split ",") }} + - {{ . }} + {{- end }} + +--- +apiVersion: kops/v1alpha2 +kind: InstanceGroup +metadata: + labels: + kops.k8s.io/cluster: {{ getenv "KOPS_CLUSTER_NAME" }} + name: ops +spec: + detailedInstanceMonitoring: {{ getenv "KOPS_CLOUDWATCH_DETAILED_MONITORING" "false" }} + associatePublicIp: false + {{- if bool (getenv "KOPS_CLUSTER_AUTOSCALER_ENABLED" "false") }} + cloudLabels: + k8s.io/cluster-autoscaler/enabled: "true" + k8s.io/cluster-autoscaler/{{ getenv "KOPS_CLUSTER_NAME" }}: "owned" + {{- end }} + nodeLabels: + instanceGroup: ops + node-role.flexdrive.io/ops: "" + taints: + - node-role.flexdrive.io=ops:NoSchedule + image: {{ getenv "KOPS_BASE_IMAGE" }} + machineType: {{ getenv "NODE_MACHINE_TYPE" }} + maxSize: {{ getenv "NODE_MAX_SIZE" }} + minSize: {{ getenv "NODE_MIN_SIZE" }} + role: Node + subnets: + {{- range (getenv "KOPS_NODES_AVAILABILITY_ZONES" ( getenv "KOPS_AVAILABILITY_ZONES" ) | strings.Split ",") }} + - {{ . }} + {{- end }} + + +{{/* {{- if getenv "NODE_MAX_SIZE_PER_AZ" }} {{ range (getenv "KOPS_NODES_AVAILABILITY_ZONES" ( getenv "KOPS_AVAILABILITY_ZONES" ) | strings.Split ",") }} --- apiVersion: kops/v1alpha2 @@ -395,7 +483,7 @@ spec: {{- range (getenv "KOPS_NODES_AVAILABILITY_ZONES" ( getenv "KOPS_AVAILABILITY_ZONES" ) | strings.Split ",") }} - {{ . }} {{- end }} -{{- end }} +{{- end }} */}} {{/* Allow the manifest to be extended via a datasource */}} {{- if (datasourceExists "extensions") -}}