Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deprecate aws-vault, aws-okta, warn about M1 chip (#727)
- Loading branch information
Showing
25 changed files
with
294 additions
and
176 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# | ||
# This is an example of a Dockerfile that customizes Geodesic | ||
# for a customer using the Cloud Posse Reference Architecture. | ||
# Use it as a basis for your own customizations. | ||
# | ||
# Note that the version numbers in this file are not maintained, | ||
# you will want to update them to current versions when you start | ||
# and then have a plan for regularly updating them as you go along. | ||
# | ||
|
||
# We always recommend pinning versions where changes are likely to break things. | ||
# We put the versions up top here so they are easy to find and update. | ||
ARG VERSION=0.147.0 | ||
# Changing base OS for Geodesic is possible by changing this arg, but | ||
# unfortunately, the package managers are different, so it is not that simple. | ||
ARG OS=debian | ||
|
||
FROM cloudposse/geodesic:$VERSION-$OS | ||
|
||
ENV DOCKER_IMAGE="examplecorp/infrastructure" | ||
ENV DOCKER_TAG="latest" | ||
|
||
# Geodesic banner message | ||
ENV BANNER="Example Corp" | ||
# The project "Namespace" used in AWS identifiers and elsewhere | ||
# to ensure globally unique names are generated. | ||
ENV NAMESPACE="xamp" | ||
|
||
# Default AWS_PROFILE | ||
ENV AWS_PROFILE="xamp-gbl-identity-admin" | ||
ENV ASSUME_ROLE_INTERACTIVE_QUERY="xamp-gbl-" | ||
# Enable advanced AWS assume role chaining for tools using AWS SDK | ||
# https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ | ||
ENV AWS_SDK_LOAD_CONFIG=1 | ||
# Region abbreviation types are "fixed" (always 3 chars), "short" (4-5 chars), or "long" (the full AWS string) | ||
# See https://github.com/cloudposse/terraform-aws-utils#introduction | ||
ENV AWS_REGION_ABBREVIATION_TYPE=fixed | ||
ENV AWS_DEFAULT_REGION=us-west-2 | ||
ENV AWS_DEFAULT_SHORT_REGION=uw2 | ||
|
||
# Install specific versions of Terraform. | ||
# We patch specific patch versions because Terraform will not operate | ||
# on Terraform "states" that have been touched by later versions. | ||
ARG TF_014_VERSION=0.14.10 | ||
ARG TF_015_VERSION=0.15.4 | ||
ARG TF_1_VERSION=1.0.4 | ||
RUN apt-get update && apt-get install -y -u \ | ||
terraform-0.14="${TF_014_VERSION}-*" terraform-0.15="${TF_015_VERSION}-*" \ | ||
terraform-1="${TF_1_VERSION}-*" | ||
# Set Terraform 0.14.x as the default `terraform`. You can still use | ||
# version 0.15.x by calling `terraform-0.15` or version 1.x as terraform-1 | ||
RUN update-alternatives --set terraform /usr/share/terraform/0.14/bin/terraform | ||
|
||
# Pin kubectl minor version (must be within 1 minor version of cluster version) | ||
# Note, however, that due to Docker layer caching and the structure of this | ||
# particular Dockerfile, the patch version will not automatically update | ||
# until you change the minor version or change the base Geodesic version. | ||
# If you want, you can pin the patch level so you can update it when desired. | ||
ARG KUBECTL_VERSION=1.20 | ||
RUN apt-get update && apt-get install kubectl-${KUBECTL_VERSION} | ||
|
||
# Install Atmos CLI (https://github.com/cloudposse/atmos) | ||
RUN apt-get install atmos | ||
|
||
COPY rootfs/ / | ||
|
||
WORKDIR / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# If you want to customize Geodesic (and we fully support that), | ||
# use this file as the basis for your own Makefile. | ||
# Modify the variable settings to create your own version of Geodesic | ||
# with your own Docker image name and app name. | ||
# | ||
# The `make` variables build up to $(DOCKER_IMAGE):$(DOCKER_TAG) being | ||
# what you would use for `docker run` and `docker push`. | ||
# You probably want to use either `latest` or `dev` for DOCKER_TAG | ||
# unless you have a build system that can keep track of version numbers. | ||
# | ||
# `make install` will install a script to launch your customized Geodesic | ||
# with lots of nice things set up for you. APP_NAME is what to call | ||
# the script. We recommend NOT calling it "geodesic" so you do not | ||
# get it confused with the standard Geodesic image published by Cloud Posse. | ||
# | ||
# After your first `make install`, you can run your customized Geodesic | ||
# by just the app name you set, and you can update it by just running | ||
# `make build`. | ||
|
||
|
||
export APP_NAME = what-you-want-to-type-to-run-your-image | ||
export DOCKER_ORG ?= your-dockerhub-org-name | ||
export DOCKER_IMAGE ?= $(DOCKER_ORG)/your-desired-docker-image-name | ||
export DOCKER_TAG ?= latest | ||
export DOCKER_IMAGE_NAME ?= $(DOCKER_IMAGE):$(DOCKER_TAG) | ||
GEODESIC_INSTALL_PATH ?= /usr/local/bin | ||
export INSTALL_PATH ?= $(GEODESIC_INSTALL_PATH) | ||
export SCRIPT = $(INSTALL_PATH)/$(APP_NAME) | ||
|
||
-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness) | ||
|
||
## Initialize build-harness, install deps, build docker container, install wrapper script and run shell | ||
all: init deps build install run | ||
@exit 0 | ||
|
||
## Install dependencies (if any) | ||
deps: | ||
@exit 0 | ||
|
||
## Build docker image | ||
build: | ||
@make --no-print-directory docker/build | ||
|
||
## Push docker image to registry | ||
push: | ||
docker push $(DOCKER_IMAGE) | ||
|
||
## Install wrapper script from geodesic container | ||
install: | ||
@docker run --rm $(DOCKER_IMAGE_NAME) | bash -s $(DOCKER_TAG) || (echo "Try: sudo make install"; exit 1) | ||
|
||
## Start the geodesic shell by calling wrapper script | ||
run: | ||
$(SCRIPT) | ||
|
||
## Rebuild README for all Terraform components | ||
rebuild-docs: packages/install/terraform-docs | ||
@pre-commit run --all-files terraform_docs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
# Essential alpine-only packages | ||
busybox-extras | ||
diffutils | ||
drill | ||
fzf-bash-completion | ||
iputils | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,10 @@ | ||
|
||
IMPORTANT: | ||
* Your $HOME directory has been mounted to `/localhost` | ||
* Use `aws-vault` to manage your sessions | ||
* Run `assume-role` to start a session | ||
* Your host $HOME directory has been mounted to `/localhost`. | ||
* Your host AWS configuration and credentials should be available. | ||
* Use Leapp on your host computer to manage your credentials. | ||
* Leapp is free, open source, and available from https://leapp.cloud | ||
* Use AWS_PROFILE environment variable to manage your AWS IAM role. | ||
* You can interactively select AWS profiles via the `assume-role` command. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.