Giter VIP home page Giter VIP logo

cicdenv

Terraformed, multi-acct AWS, kubernetes, CI/CD, infrastructure sample w/tooling. (3rd Generation)

Getting Started

cicdctl is the entrypoint for the tooling layer.

The tooling layer automatically manages its own container on launch.

cicdctl prereqs:

Add cicdctl to your current shell search path:

cicdenv$ . bin/activate

Explicit Setup and test

cicdenv$ make docker-build  # or attempt to use the 
cicdenv$ make
📦 $USER:~/cicdenv$ cicdctl
📦 $USER:~/cicdenv$ cicdctl test

Confirm tool versions:

cicdenv$ make versions
[Tool]                     [Version]
-----------------------------------------
bash                   ->  5.0.17(1)
python                 ->  3.8.5
make                   ->  4.3
aws (cli)              ->  1.19.12
terraform              ->  v0.13.6
packer                 ->  v1.7.0
kops                   ->  1.20.0-alpha.2
kubectl                ->  v1.20.2
aws-iam-authenticator  ->  0.5.2
cfssl                  ->  Version: 1.4.1

AWS Access

cicdctl CLI automatically refreshes the 12-hour session tokens with aws-mfa as needed (main / org accounts).

An IAM User must exist in the main account.

A users MFA totp secret is stored gpg encrypted and their gpg key must be imported into their keybase client.

~/.aws/credentials required setup (values from - AWS IAM/users console):

  • https://console.aws.amazon.com/iam/home#/users/${IAM_USER}?section=security_credentials:
[default-long-term]
aws_secret_access_key = ...
aws_access_key_id     = ...
aws_mfa_device        = ...

Usage

Basics

Sample terraform only session in the dev account

# Turn on main account transit gateways
$ cicdctl terraform apply network/routing -auto-approve

# Turn on sub-account transit gateway attachments
$ cicdctl terraform apply network/routing/attachments:dev -auto-approve

# Bring up services
$ cicdctl terraform <apply|create|...> <component>:<account>

# Turn down services
$ cicdctl terraform <destroy> <component>:<account>

# Turn off sub-account transit gateway attachements
$ cicdctl terraform destroy network/routing/attachments:dev -force

# Turn off main account transit gateways
$ cicdctl terraform destroy network/routing -force
Kubernetes Clusters (kOps)

Example: kOps v1.20.0-alpha.2 cluster in the dev account with default settings

# Create a new v1.20.0-aplpha1 kops kubernetes cluster
$ cicdctl cluster create 1-20a2:dev -auto-approve
$ cicdctl cluster validate 1-20a2:dev --wait 10m --count 10
$ cicdctl kubectl 1-20a2:dev ...

# Dispose of the new kops kubernetes cluster 
$ cicdctl cluster destroy 1-20a2:dev -force

Example: Large cluster - 18 node, 1000GB+ mem, 144 vCPUs, 90TB storage

# Create the kubernetes cluster
$ cicdctl cluster create 1-20a2-large:dev -auto-approve  \
    master_instance_type=c5d.xlarge                      \
    node_instance_type=i3en.2xlarge                      \
    nodes_per_az=6
$ cicdctl cluster validate 1-20a2-large:dev --wait 10m --count 20
...

INSTANCE GROUPS
NAME      ROLE  MACHINETYPE MIN MAX SUBNETS
master-us-west-2a Master  c5d.xlarge  1  1  private-us-west-2a
master-us-west-2b Master  c5d.xlarge  1  1  private-us-west-2b
master-us-west-2c Master  c5d.xlarge  1  1  private-us-west-2c
nodes-us-west-2a  Node  i3en.2xlarge  6 30  private-us-west-2a
nodes-us-west-2b  Node  i3en.2xlarge  6 30  private-us-west-2b
nodes-us-west-2c  Node  i3en.2xlarge  6 30  private-us-west-2c

NODE STATUS
NAME            ROLE  READY
ip-... node    True
ip-... node    True
ip-... node    True
ip-... master  True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... master  True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... master  True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... node    True
ip-... node    True

Your cluster 1-20a2-large-kops.dev.cicdenv.com is ready

$ cicdctl kubectl 1-20a2-large:dev ...

# Dispose
$ cicdctl cluster destroy 1-20a2-large:dev -force

# Turn off private subnet NAT gateways
$ cicdctl terraform destroy network/routing:dev -force
Clustered Redis 6

Example: cache cluster in dev account

# Bring up 'm5dn.4xlarge' mutli-zone cluster
$ cicdctl redis create cache:dev -auto-approve instance_type=m5dn.4xlarge

# Turn off cluster
$ cicdctl redis destroy cache:dev -force

# Turn off private subnet NAT gateways
$ cicdctl terraform destroy network/routing:dev -force
NGINX Plus Clusters

Example: web cluster in dev account

# Bring up 'm5dn.2xlarge' mutli-zone cluster
$ cicdctl nginx create web:dev -auto-approve instance_type=m5dn.2xlarge

# Turn off cluster
$ cicdctl nginx destroy web:dev -force

# Turn off private subnet NAT gateways
$ cicdctl terraform destroy network/routing:dev -force
Dedicated Jenkins instances

Example: dev account, dist, test Jenkins instances:

# Create Jenkins instances
$ cicdctl jenkins create dist:dev --type distributed -auto-approve
$ cicdctl jenkins create test:dev --type colocated   -auto-approve

# Cleanup
$ cicdctl jenkins destroy dist:dev --type distributed -force
$ cicdctl jenkins destroy test:dev --type colocated   -force

# Turn off jenkins ingresses
$ cicdctl terraform destroy jenkins/routing:dev -force

# Turn off private subnet NAT gateways
$ cicdctl terraform destroy network/routing:dev -force
Bastion Services 
# Bring up bastion routing
$ cicdctl terraform apply network/bastion/routing:main -auto-approve

# Bring up bastion cluster
$ cicdctl terraform apply network/bastion:main -auto-approve

# Turn off bastion cluster
$ cicdctl terraform destroy network/bastion:main -force

Host Access

Example: debug ec2 instance in the dev account

# Hop thru the bastion service to get ssh access to the target instance
$ cicdctl bastion ssh --ip <target host private-ip>

Interactive Sessions

Needed in some cases where tooling support is incomplete.

cicdenv$ make        # or `cicdctl console`
📦 $USER:~/cicdenv$  # run some shell script or make commands ...

Base AMI

There is a single main account base AMI for all EC2 instances in all accounts.

See packer/ for details on how to build / test / publish.

Maintenance

Slow tool start ?

cicdenv$ cicdctl console
📦 $USER:~/cicdenv$ docker system prune

# Optional
cicdenv$ make clean

# Extreme
docker system prune --all --volumes

Check .gitnored files:

cicdenv$ git clean -xnd
cicdenv$ # git clean -xdf

ci/cd environment's Projects

cicdenv icon cicdenv

Multi-acct AWS, terraformed, kubernetes, ci/cd, infrastructure sample w/tooling

cloudlift icon cloudlift

Cloudlift makes it easier to launch dockerized services in AWS ECS

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.