v24.4.0 (#36)

* feat(aws): add db subnets

* feat: up/down/get-bastion commands

* feat: improve up/down commands

* feat(aws): repositories

* feat(do): registry

* feat(aws): domains + cerificates

* feat(aws): rebase

* feat(aws): bump versions

* feat: set version to 24.1.0

* feat(aws): provider,group,network,managed layers + docker registry, dns zones

* feat(aws): run on macos

* feat(aws): provider layer

* feat(aws): group layer

* feat(aws): managed layer

* feat(aws): one domain name per group

* feat(aws): app layer postrges dbs

* feat(aws): v24.4.0-rc.1

* Update README.md

* Update README.md

* feat(aws): v24.4.0-rc.2

Author: VladyslavKurmaz

.env.template

@@ -1,9 +1,3 @@
-TF_VAR_org_id=
-TF_VAR_project_id=
-TF_VAR_group_id=
-TF_VAR_env_id=
-TF_VAR_tenant_id=
-
 #TF_TOKEN_app_terraform_io=
 
 #TF_VAR_backend_pg_conn_str=
@@ -13,3 +7,18 @@ TF_VAR_tenant_id=
 #TF_VAR_backend_s3_region=
 #TF_VAR_backend_s3_bucket=
 #TF_VAR_backend_s3_dynamodb_table=
+
+TF_VAR_org_id=
+TF_VAR_project_id=
+TF_VAR_group_id=
+TF_VAR_env_id=
+TF_VAR_tenant_id=
+
+#TF_VAR_registry=
+#TF_VAR_repositories=
+
+TF_VAR_domain_name=myproject.dev
+TF_VAR_dns_records=myproject.dev,api,admin
+
+TF_VAR_rds_pg_db_size=db.t3.micro
+TF_VAR_databases={ "user" = { owner = "admin", password = "admin" }, "auth" = { owner = "admin", password = "admin" } }

.gitignore

@@ -24,4 +24,5 @@
 **/backend.tf
 
 # ignore .pem
-*.pem
+*.pem
+*.addr

.tln.conf

@@ -109,30 +109,42 @@ const getScript = (env, reverse) => {
   });
 }
 
+const getTerraformOpts = (env) => {
+  const i = env.TLN_CLOUDS_INIT?' --init':'';
+  const p = env.TLN_CLOUDS_PLAN?' --plan':'';
+  const a = env.TLN_CLOUDS_APPLY?' --apply':'';
+  const aa = env.TLN_CLOUDS_AUTO_APPROVE?' -auto-approve':'';
+  return `${i}${p}${a}${aa}`;
+}
+
 module.exports = {
   options: async (tln, args) => {
     args
       .prefix('TLN_CLOUDS')
       .option('backend',      { describe: 'Defines which backend provider should be used (cloud, pg)', default: null, type: 'string' })
       .option('tenant',       { describe: 'Tenant Id', default: null, type: 'string' })
-      .option('state',        { describe: 'Defines how store name will be built: project,provider,group,env,layer,tenant,<custom_string>', default: 'project,provider,group,env,layer', type: 'string' })
+      .option('state',        { describe: 'Defines how store name will be built: project,provider,group,env,layer,tenant,<custom_string>', default: null, type: 'string' })
       .option('init',         { describe: 'Run Terraform init', default: false, type: 'boolean' })
       .option('upgrade',      { describe: 'Run Terraform upgrade mode for init', default: false, type: 'boolean' })
       .option('plan',         { describe: 'Run Terraform plan', default: false, type: 'boolean' })
       .option('apply',        { describe: 'Run Terraform apply', default: false, type: 'boolean' })
       .option('auto-approve', { describe: 'Tun on auto approve for apply & destroy', default: false, type: 'boolean' })
-      .option('layers',       { describe: 'Select which layers will be included', default: "network,managed", type: 'string' })
+      .option('layers',       { describe: 'Select which layers will be included', default: null, type: 'string' })
       .option('bastion',      { describe: 'Bastion address in form user@ip', default: null, type: 'string' })
-      .option('bridge-port',  { describe: 'Local port for bridge to bastion ', default: '8888', type: 'string' })
       .option('deamon',       { describe: 'Deamon mode for SSH connection', default: false, type: 'boolean' })
+      .option('ci',           { describe: 'CI mode', default: false, type: 'boolean' })
+/*
+DEPRIECATED      
+      .option('bridge-port',  { describe: 'Local port for bridge to bastion ', default: '8888', type: 'string' })
+*/
     ;
   },
   env: async (tln, env) => {
     if (env.TLN_CLOUDS_TENANT) {
       env.TF_VAR_tenant_id = env.TLN_CLOUDS_TENANT;
     }
   },
-  dotenvs: async (tln) => ['.env'],
+  dotenvs: async (tln) => { if (fs.existsSync('.env')) return ['.env']; else return [] },
   inherits: async (tln) => [],
   depends: async (tln) => [],
   steps: async (tln) => [
@@ -145,16 +157,15 @@ module.exports = {
       }
     },
     { id: 'get-bastion', builder: async (tln, script) => {
-      script.set([
-        `tln exec -c 'cd network && terraform output bastion_remote_address'`,
-      ]);
+      script.set([`cat './network/${script.env.TF_VAR_env_id}-bastion.addr'`]);
     }},
-    { id: 'bridge', builder: async (tln, script) => {
-        const port = script.env.TLN_CLOUDS_BRIDGE_PORT;
+    { id: 'sshuttle', builder: async (tln, script) => {
+        const daemon = script.env.TLN_CLOUDS_DEAMON ? ' --daemon' : '';
+        const ci =  script.env.TLN_CLOUDS_CI ? ' -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' : '';
         switch (script.env.TLN_COMPONENT_ID) {
           case 'aws':
             script.set([`
-ssh -i ./network/${script.env.TF_VAR_env_id}-bastion-ssh-key.pem -L${port}:127.0.0.1:${port} ${script.env.TLN_CLOUDS_BASTION}
+sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh${ci} -i ./network/${script.env.TF_VAR_env_id}-bastion-ssh-key.pem'
             `]);
             break;
           case 'azure':
@@ -165,27 +176,68 @@ ssh -i ./network/${script.env.TF_VAR_env_id}-bastion-ssh-key.pem -L${port}:127.0
       }
     },
     { id: 'connect', builder: async (tln, script) => {
+        script.set([                                        
+          `tln sshuttle -- --bastion $(tln get-bastion)`
+        ]);                                                                                                              
+      }                                                     
+    }, 
+    { id: 'up', builder: async (tln, script) => {
+        const opts = getTerraformOpts(script.env);
+        script.set([`
+tln construct -- --backend cloud${opts} --layers provider --state project,provider
+tln construct -- --backend cloud${opts} --layers group --state project,provider,group
+tln construct -- --backend cloud${opts} --layers network,managed --state project,provider,group,env,layer
+${script.env.TLN_CLOUDS_CI ? 'tln sshuttle -- --bastion \$(tln get-bastion) --deamon' : ''}
+tln construct -- --backend cloud${opts} --layers app --state project,provider,group,env,layer
+        `].concat(
+          (script.env.TF_VAR_tenant_id) ? [
+            `tln construct -- --backend cloud${opts} --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}`
+          ]:[]
+        ));
+      }
+    },
+    { id: 'down', builder: async (tln, script) => {
+        const opts = getTerraformOpts(script.env);
+        script.set([
+          `${script.env.TLN_CLOUDS_CI ? 'tln sshuttle -- --bastion \$(tln get-bastion) --deamon' : ''}`,
+        ].concat((
+          (script.env.TF_VAR_tenant_id) ? [
+            `tln deconstruct -- --backend cloud${opts} --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}`,
+          ]:[]
+        )).concat([`
+tln deconstruct -- --backend cloud${opts} --layers network,managed,app --state project,provider,group,env,layer
+tln deconstruct -- --backend cloud${opts} --layers group --state project,provider,group
+tln deconstruct -- --backend cloud${opts} --layers provider --state project,provider
+        `]
+        ));
+      }
+    },
+/*
+DEPRIECATED
+    { id: 'bridge', builder: async (tln, script) => {
         const port = script.env.TLN_CLOUDS_BRIDGE_PORT;
         switch (script.env.TLN_COMPONENT_ID) {
           case 'aws':
             script.set([`
-export HTTPS_PROXY=127.0.0.1:${port}
-tln shell
+ssh -i ./network/${script.env.TF_VAR_env_id}-bastion-ssh-key.pem -L${port}:127.0.0.1:${port} ${script.env.TLN_CLOUDS_BASTION}
             `]);
             break;
           case 'azure':
             break;
           case 'gcp':
             break;
+          case 'do':
+            break;
         }
       }
     },
-    { id: 'sshuttle', builder: async (tln, script) => {
-        const daemon = script.env.TLN_CLOUDS_DEAMON ? ' --daemon' : '';
+    { id: 'connect', builder: async (tln, script) => {
+        const port = script.env.TLN_CLOUDS_BRIDGE_PORT;
         switch (script.env.TLN_COMPONENT_ID) {
           case 'aws':
             script.set([`
-sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh -i ./network/${script.env.TF_VAR_env_id}-bastion-ssh-key.pem'
+export HTTPS_PROXY=127.0.0.1:${port}
+tln shell
             `]);
             break;
           case 'azure':
@@ -195,30 +247,7 @@ sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh
         }
       }
     },
-    { id: 'up', builder: async (tln, script) => {
-        const tenant = (script.env.TF_VAR_tenant_id) ? `tln construct -- --backend cloud --init --apply --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}` : '';
-        script.set([`
-tln construct -- --backend cloud --init --apply --layers provider --state project,provider
-tln construct -- --backend cloud --init --apply --layers group --state project,provider,group
-tln construct -- --backend cloud --init --apply --layers network
-#tln sshuttle -- --bastion user@ip --deamon
-tln construct -- --backend cloud --init --apply --layers managed,app
-${tenant}
-        `]);
-      }
-    },
-    { id: 'down', builder: async (tln, script) => {
-      const tenant = (script.env.TF_VAR_tenant_id) ? `tln deconstruct -- --backend cloud --init --apply --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}` : ''
-        script.set([`
-#tln sshuttle -- --bastion user@ip --deamon
-${tenant}
-tln deconstruct -- --backend cloud --init --apply --layers network,managed,app
-tln deconstruct -- --backend cloud --init --apply --layers group --state project,provider,group
-tln deconstruct -- --backend cloud --init --apply --layers provider --state project,provider
-        `]);
-      }
-    },
-    
+*/
   ],
   components: async (tln) => []
 }

README.md

@@ -6,7 +6,7 @@
 * supports AWS, DO (Azure, GCP - in progress)
 * provides Multi-tenancy feature via layers architecture (provider, group, network, managed, app, tenant)
 * implements easy-to-construct multiple environment approach, controls by single environment variable - **TF_VAR_env_id**
-* IaC via Terraform
+* IaC via Terraform and Helm
 * supports multiple backend providers - Local, Cloud, PG (S3 - in progress)
 
 ## Infrastructure Instance layers
@@ -16,33 +16,40 @@
 * Install [tln](https://www.npmjs.com/package/tln-cli)
 * Goto **projects** folder from tln-cli installation above and clone repository
   ```
-  git clone --depth 1 --branch v23.11.1 git@github.com:project-talan/tln-clouds.git && cd tln-clouds
+  git clone --depth 1 --branch v24.4.0 git@github.com:project-talan/tln-clouds.git && cd tln-clouds
   ```
 > Important<br>
-> Commands below assume that Terraform Cloud is used as a storage for states<br/>
-> By skipping **--backend cloud** local backend will be used
+> * Commands below assume that Terraform Cloud is used as a storage for states<br/>
+> * By skipping **--backend cloud** local backend will be used<br/>
+> * You will need **domain name** to configure all layers (myproject.io as an example below)
 * Use **.env.template** file as an examples and fill it with actual values
   * root .env
     ```
+    TF_TOKEN_app_terraform_io=<your_terraform_cloud_token>
+
     TF_VAR_org_id=<your_terraform_cloud_org>
-    TF_VAR_project_id=tln-clouds
+    TF_VAR_project_id=myproject
     TF_VAR_group_id=dev
     TF_VAR_env_id=dev01
-    TF_VAR_tenant_id=
+    TF_VAR_tenant_id=balenciaga
+    
+    TF_VAR_repositories=io.myproject.services.api,io.myproject.web.landing
 
-    TF_TOKEN_app_terraform_io=<your_terraform_cloud_token>
+    TF_VAR_domain_name=myproject.io
+    TF_VAR_dns_records=myproject.io,api
+
+    TF_VAR_rds_pg_db_size=db.t3.micro
+    TF_VAR_databases={ "user" = { owner = "admin", password = "admin" }, "auth" = { owner = "admin", password = "admin" } }
     ```
 
 ### AWS
   * Create **aws/.env** file using **aws/.env.template** as an example
     ```
     AWS_ACCESS_KEY_ID=<your_aws_id>
     AWS_SECRET_ACCESS_KEY=<your_aws_key>
-    AWS_SESSION_TOKEN=
-
     AWS_DEFAULT_REGION=eu-central-1
 
-    TF_VAR_aws_k8s_version=1.28
+    TF_VAR_aws_k8s_version=1.29
     TF_VAR_aws_k8s_nodes_min=1
     TF_VAR_aws_k8s_nodes_desired=2
     TF_VAR_aws_k8s_nodes_max=3
@@ -53,40 +60,75 @@
   ```
   tln install aws --depends
   ```
-* Construct AWS Dev infrastructure instance
+* Construct four AWS Dev infrastructure instance layers
+
+  (1) Provider layer - ERC
   ```
-  tln construct aws -- --backend cloud --init --plan --apply
+  tln construct aws -- --backend cloud --init --apply --layers provider --state project,provider
   ```
-* Verify access to the k8s cluster and install/uninstall ingress
-  * Open separate terminal and establish connection with bastion, use **user@ip** from previous command output (bastion_remote_address)
-    ```
-    tln bridge aws -- --bastion user@ip
-    ```
-  * Switch back to the original terminal and initiate session for kubectl
-    ```
-    tln connect aws
-    ```
-    ```
-    tln nginx-ingress-install@k8s -- --ver 4.8.3
-    ```
-    ```
-    kubectl get pods --all-namespaces
-    ```
-    ```
-    tln nginx-ingress-status@k8s
-    ```
-    * Use DNS address name from command output above to check access to the cluster using browser/curl
-    * Uninstall Ingress
-    ```
-    tln nginx-ingress-uninstall@k8s
-    ```
-    * Close both terminals
-    ```
-    ^d
-    ```
-* Deconstruct AWS Dev infrastructure instance
+  (2) Groupr layer - domain name, certificate & validation. You will need to modify DNS nameservers at your registrar side
+  ```
+  tln construct aws -- --backend cloud --init --apply --layers group --state project,provider,group
+  ```
+  (3,4) Network and Managed layers - VPC, Bastion, K8s
+  ```
+  tln construct aws -- --backend cloud --init --apply --layers network,managed --state project,provider,group,env,layer
+  ```
+* At this point you have ready to use cloud infrastructure with K8s and secure access via bastion
+  
+  (1) Initiate sshuttle connection to the cluster via bastion (first terminal)
+  ```
+  tln connect aws
+  ```
+  (2) Open shell with necessary environment variables (second terminal)
+  ```
+  tln shell aws
+  ```
+  (3) Check cluster (second terminal)
+  ```
+  kubectl get pods -A
+  ```
+  (4) Close shell (second terminal)
+  ```
+  ^D
+  ```
+  (5) Close sshuttle connection (first terminal)
+  ```
+  ^C
+  ```
+* You can go extra mile and deploy your SaaS-specific resources
+
+  (1) Start secure sshuttle connection (first terminal)
+  ```
+  tln connect aws
+  ```
+  (2) Deploy App layer - Nginx ingress, Postgres DBs, DNS records (second terminal)
+  ```
+  tln construct aws -- --backend cloud --init --apply --layers app --state project,provider,group,env,layer
+  ```
+  (3) You can check endpoints availability in browser https://myprojecy.io & https://api.myproject.io
+
+* Now you can deconstruct all layers and free all Cloud resources
+
+  (1) Undeploy App layer (second terminal)
+  ```
+  tln deconstruct aws -- --backend cloud --init --apply --layers app --state project,provider,group,env,layer
+  ```
+  (2) Close sshuttle connection (first terminal)
+  ```
+  ^C
+  ```
+  (3,4) Delete Network and Managed layers
+  ```
+  tln deconstruct aws -- --backend cloud --init --apply --layers network,managed --state project,provider,group,env,layer
+  ```
+  (5) Delete Groupr layer
+  ```
+  tln deconstruct aws -- --backend cloud --init --apply --layers group --state project,provider,group
+  ```
+  (6) Delete Provider layer
   ```
-  tln deconstruct aws -- --backend cloud --plan --apply
+  tln deconstruct aws -- --backend cloud --init --apply --layers provider --state project,provider
   ```
 
 ### Digital Ocean

aws/.env.template

@@ -2,7 +2,7 @@ AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 AWS_DEFAULT_REGION=eu-central-1
 
-TF_VAR_aws_k8s_version=1.28
+TF_VAR_aws_k8s_version=1.29
 TF_VAR_aws_k8s_nodes_min=1
 TF_VAR_aws_k8s_nodes_desired=2
 TF_VAR_aws_k8s_nodes_max=3